Penetration testing

nouncandidate·updated May 9, 2026

GlossaryL1 — what DictionaryL2 — how used ThesaurusL3 — relations Universaleverything

Security testing in which evaluators mimic real-world attacks in an attempt to identify ways to circumvent the security features of an application, system, or network. Penetration testing often involves issuing real attacks on real systems and data, using the same tools and techniques used by actual attackers. Most penetration tests involve looking for combinations of vulnerabilities on a single system or multiple systems that can be used to gain more access than could be achieved through a single vulnerability.

Framework senses

11 senses across 9 frameworks

SANS Glossary of Security Terms1 senseview framework →

§1: Penetration testing is used to test the external perimeter security of a network or facility.

National Initiative for Cybersecurity Careers and Studies (NICCS) Cybersecurity Lexicon1 senseview framework →

§1: An evaluation methodology whereby assessors search for vulnerabilities and attempt to circumvent the security features of a network and/or information system.

ISACA Cybersecurity Glossary1 senseview framework →

§1: A live test of the effectiveness of security defenses through mimicking the actions of real-life attackers

NY DFS Part 500 (NYCRR Title 23, Chapter 1, Part 500)1 senseview framework →

§1: The purpose of this task is to determine the effectiveness of security defenses by mimicking the actions of real-life attackers.

NISTIR 7298: Glossary of Key Information Security Terms, Revision 23 sensesview framework →

§1: A test methodology in which assessors, using all available documentation (e.g., system design, source code, manuals) and working under specific constraints, attempt to circumvent the security features of an information system.
§2 · sense_2_pending_review: A test methodology in which assessors, typically working under specific constraints, attempt to circumvent or defeat the security features of an information system.
§3 · sense_3_pending_review: Security testing in which evaluators mimic real-world attacks in an attempt to identify ways to circumvent the security features of an application, system, or network. Penetration testing often involves issuing real attacks on real systems and data, using the same tools and techniques used by actual attackers. Most penetration tests involve looking for combinations of vulnerabilities on a single system or multiple systems that can be used to gain more access than could be achieved through a single vulnerability.

CNSSI-4009 (Glossary of Information Assurance Terms)1 senseview framework →

§1: A test methodology in which assessors, typically working under specific constraints, attempt to circumvent or defeat the security features of an information system.

NIST SP 800-531 senseview framework →

§1: A test methodology in which assessors, typically working under specific constraints, attempt to circumvent or defeat the security features of an information system.

NIST SP 800-53A1 senseview framework →

§1: A test methodology in which assessors, using all available documentation (e.g., system design, source code, manuals) and working under specific constraints, attempt to circumvent the security features of an information system.

NIST SP 800-1151 senseview framework →

§1: Security testing in which evaluators mimic real-world attacks in an attempt to identify ways to circumvent the security features of an application, system, or network. Penetration testing often involves issuing real attacks on real systems and data, using the same tools and techniques used by actual attackers. Most penetration tests involve looking for combinations of vulnerabilities on a single system or multiple systems that can be used to gain more access than could be achieved through a single vulnerability.