Skip to main content
Glossary

Penetration Testing

A controlled, authorized attempt to exploit vulnerabilities in a system, network, or application. Penetration tests reveal what an attacker could actually achieve, not just what is theoretically possible.

Why it matters

Vulnerability scans tell you what might be wrong. Penetration tests prove what is exploitable. The distinction matters because resources are finite and not every vulnerability is a real threat in your specific environment. Pentest results provide the evidence auditors want to see: proof that you actively test your defenses rather than just documenting them. SOC 2, ISO 27001, and PCI DSS all expect regular penetration testing.

In practice

Penetration tests are typically performed annually or after significant changes, by internal teams or external specialists. They produce findings ranked by severity, with reproduction steps and remediation guidance. In vucavoid, pentest findings are tracked through the findings module with severity ratings, deadlines, and ownership. Evidence from penetration tests attaches directly to the controls they validate, creating a verifiable link between testing and control effectiveness.

Related terms

Remediation

Addressing and resolving identified security weaknesses, audit findings, or compliance gaps.

Evidence Management

Systematic collection and maintenance of documentation proving controls are implemented and effective.

Cookie Use on Our Site

To ensure the smooth functioning of our website, we use a limited number of cookies. These cookies are essential for providing you with the services available on our website and to use some of its features. Here is a brief overview:
  • vucavoid_session: This cookie is essential for user authentication. It ensures that your session is secure and recognizes you as you navigate through our site.
  • XSRF-TOKEN: This cookie is critical for website security. It helps protect against cross-site request forgery attacks.
  • latest_marketing_banner_visible_{MARKETING_BANNER_ID}: This cookie simply remembers if you have seen our latest site banner, enhancing your browsing experience without tracking your personal data.

These cookies are strictly necessary to deliver the website, and therefore, we do not require your consent to place these cookies. For more information, please visit our Privacy Policy.