Penetration Test (Pen Test)

An authorized simulated attack on a system to find vulnerabilities before real attackers do.

Pen tests are typically run by external firms once or twice per year, with separate scopes for application security, infrastructure, and social engineering. Findings are categorized (critical, high, medium, low, informational) and remediated within agreed timelines. Most enterprise procurement reviews ask for a recent pen test summary letter from the vendor, often paired with the SOC 2 Type II report.