Cybersecurity penetration testing is a method of checking for security weaknesses in software and systems by simulating real-world cyber-attacks. Also known colloquially as 'pen tests,' penetration tests probe beyond the scope of automated vulnerability scans. Pen tests find gaps in protection that can arise when unique combinations of applications, systems, and security defenses work together in live environments.

In many cases, penetration testing – a type of ethical hacking engagement designed to identify and address security vulnerabilities in networks, systems and applications – is required. Sometimes this requirement is specified directly, while in other cases it is implied by a need to build audit or assessment processes to mitigate cyber risk. This blog identifies some of the most common pen testing standards and regulations and provides guidance about the type of testing required.