Penetration testing
Penetration testing, or pen-test or ethical hacking, is a form of more intrusive—and more detailed—testing. Both vulnerability testing and penetration testing have the same broad goal, which is to uncover weak points in the security controls of an organization. The key difference is that vulnerability scans are largely automated, and hence produce standard outputs, whereas a pen-test is carried out manually by an individual or group of individuals. The philosophy here is to wear the black hat and get into the mindset of an actual attacker. This team would typically study the IT environment and decide on the best tactic to break into an IT asset, or even the full environment.
Unlike a vulnerability scan, a pen-test would be more subtle. Here, the testers try to take all precautions to defeat the defenses of an organization and to try to breach a system. Hence, such tests will not cause as many alarms to go off at the SOC, as an automated scan. In...