Penetration testing is a simulated attack designed to identify weakness in organization’s IT infrastructure that could leave a space open for a potential breach. It discovers internal and external security exploits and demonstrates how well a network, application and information asset is protected.
An internal network pen test is performed to help gauge what an attacker could achieve with initial access to a network. An internal network pen test can mirror insider threats, such as employees intentionally or unintentionally performing malicious actions.
An external network pen test is designed to test the effectiveness of perimeter security controls to prevent and detect attacks as well as identifying weaknesses in internet-facing assets such as web, mail and FTP servers.