Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Penetration Testing: How Pen Tests Discover Weaknesses in Your Attack Surface

Your Go-To Penetration Testing Knowledge Base

Penetration testing is a process that gives you insight into weaknesses within your attack surface that an attacker could exploit to get access to your data and systems. Unlike a vulnerability assessment program, which is an ongoing process, pen tests provide a picture into your cyber health at a specific point in time. They’re designed to help you define ways you can reduce your cyber risk and build stronger vulnerability assessment practices.

Here are few highlights of what you can explore in this penetration testing knowledge base:

Vulnerability Management for Everyone
Here are few highlights of what you can explore in this penetration testing knowledge base:
Popular Penetration Testing Methodologies

Commonly, penetration testers use software to perform vulnerability tests. Bug-bounty programs are less common, but are another way to uncover weaknesses in your attack surface.

Learn More
Pen Test Frequently Asked Questions

Do you have questions about penetration testing? Check out this FAQ for answers to some of our most commonly asked questions.

Learn More
Tenable Community for Pen Tests

Want to connect with other penetration testers? Tenable Community is a great place to get help, share ideas and ask questions.

Learn More
How Vulnerability Scanning and Penetration Testing Go Hand-in-Hand

Vulnerability scanning is a key component of your overall penetration testing processes. .

Learn More

Supplement Your Pen Tests with Nessus Pro

Nessus supports penetration testing processes by discovering weaknesses within your attack surface to pinpoint where to pen test and decrease your cyber risk.

Learn More

Understanding Differences Between Penetration Testing and Vulnerability Scanning

While penetration testing and vulnerability scanning are complementary processes, they are not one in the same.

Penetration tests help you discover weaknesses in your attack surface to determine if an attacker can successfully infiltrate your network or assets to gain unauthorized access into your systems.

Pen tests are generally conducted by an experienced and well-trained third-party, who may use a variety of techniques to uncover and exploit these weaknesses.

While a penetration test is a point-in-time assessment of how vulnerabilities may be exploited, vulnerability scanning is a process to seek out known vulnerabilities, weaknesses and misconfigurations within your attack surface so your team can plan remediation to reduce your cyber risk.

Regulatory and compliance agencies, for example the Payment Card Industry Data Security Standard (PCI DSS), may require regular pen testing and vulnerability scanning, but even so, some organizations remain unclear about the differences between the two.

In this guide, we’ll look at the differences between pen testing and vulnerability scanning to help you better understand how both are critical components of your overall cybersecurity program.

Tenable Community: Your Go-To Resource for OT

Are you a cybersecurity practitioner who specializes in penetration testing? Do you have questions about pen testing resources, tools or best practices? Tenable Community is a great place to connect with other professionals to discuss penetration testing and related topics.

Join the Tenable Community

Here are some sample conversations happening now:

What Are Some Recommendations to Create the Best Operational Technology Rule Set?

ICS networks often lack the kinds of security protocols used in IT networks for more than two decades. Moreover, the mantra of “set it and forget it” in OT networks results in obsolete and unsupported Windows versions and more, making it infinitely easier for attackers to exploit them.

Read More

What are the Advantages of Integrating Your OT Security With NGFWs?

Integrating NGFWs with dedicated industrial cybersecurity solutions can provide organizations with comprehensive and effective protection across both their IT and OT networks. Let's explore some of these advantages and see how such an integrated solution works.

Read More

How to Discover and Protect Your OT Assets?

For years now, CISOs have tried to come to grips with the convergence of two equal but distinct parts of the business — IT and Operational Technology (OT) — and what it means for the overall cybersecurity posture of industrial enterprises. The first question is: Where to start?

Read More

Penetration Testing Frequently Asked Questions

What is penetration testing?
Penetration testing is a process that gives you insight into how attackers might attempt to breach your networks. Pen tests help you detect weaknesses in your attack surface through attempts to penetrate your network. As part of your vulnerability management program, you should conduct continuous vulnerability assessments to discover these weaknesses so you can prioritize and remediate them before an attacker makes a successful breach into your network. Pen tests go hand-in-hand with your vulnerability assessment program. This stand-alone activity, often conducted by a third party, is an effective way to uncover weaknesses that put your organization at risk. Like running a vulnerability scan, a pen test only gives a point-in-time snapshot of your risks. To build a comprehensive vulnerability assessment program, vulnerability assessment scans should be done continuously, with pen testing conducted periodically (for example, at least quarterly).
How does a pen test work?
Penetration tests are more than a vulnerability assessment. During a pen test, the tester conducts intentional exploits on a target or a group of targets to prove a vulnerability exists. Generally, a penetration test begins with a planning phase that outlines your test goals and expectations. During your initial scoping phase, you should determine if you want your pen tester to target your entire network or focus on a specific subset. After conducting the test, which can be accomplished using a variety of testing methods and tools, your tester will report back findings for review. A pen test will verify where you have security issues so you can plan for remediation and make improvements to your overall cybersecurity processes.
What are the goals for a pen test?
While you are in the planning phase for your pen tests, you should set goals and objectives. These goals should be specific to your organization and align with your business goals and cybersecurity objectives. Overall, however, a pen test’s goal is to prove a vulnerability (or multiple vulnerabilities) exist within your attack surface so you can plan to remediate those that cause the greatest risk for your organization.
How often should you conduct pen tests?
You should conduct pen tests regularly, for example, at least once per quarter. Pen tests give you a point-in-time snapshot of your security posture. Since your attack surface is constantly changing and expanding, routine pen tests help you improve your cybersecurity program and decrease your cyber risk.
Why is pen testing important?
Pen testing is important for several reasons. First, a pen test can help you determine if you have vulnerabilities an attacker could exploit to gain unauthorized access to your data and assets. Pen tests can also help ensure you’re meeting compliance standards. For example, PCI DSS has regulations for pen testing. Pen tests are also important because they can help you determine if you’re using appropriate security controls as part of your vulnerability management program and those controls work as expected.
What’s the difference between vulnerability assessment and penetration testing?
While there are differences between vulnerability assessment and penetration testing, the two are complementary. Vulnerability assessment is an ongoing practice that gives you insight into all the vulnerabilities across your attack surface so you can make plans to prioritize and remediate them. Conversely, pen testing is a stand-alone activity. It gives you a picture of your cyber exposures at a single point in time. Pen tests help you define areas where you can make improvements that will strengthen your overall vulnerability assessment processes.
How is penetration testing different than vulnerability management?
Penetration testing is different from vulnerability management, but it’s a complementary part of your overall vulnerability management processes. Conducting pen tests can help you determine if your existing vulnerability management processes are working and can help identify areas where you may need to make improvements. While a pen test is a stand-alone activity that gives you a snapshot of your cyber health at a specific time, vulnerability management and vulnerability assessment processes should be ongoing.
What are the phases for penetration testing?
In general, there are five stages for penetration testing. A pen test begins with an initial engagement where you outline who will do your testing with goals and expectations. From there, set the scope of your test, for example, will you target your entire network or target a specific subset? Next, conduct the test, then review the findings report before doing a follow-up review on your remediation processes. Don't forget to retest when needed.
Are there different approaches to penetration testing?
Yes. There are different approaches to pen testing. There are primarily two approaches: whitebox testing and blackbox testing. In most instances, in whitebox testing, the third-party tester already knows information about the target. However, in blackbox testing, you don't share additional target information with your tester. Also, in blackbox testing, your tester conducts network sweeps without using credentials, but whitebox testing usually takes place within a credentialed environment. Grey box testing is another approach where your organization might provide the tester with partial details about targets. Nessus Professional is a great complementary tool for these approaches to penetration testing.
What are some pen testing best practices?

Some best practices for pen testing include:

  • Conduct routine pen tests at least quarterly and as required to meet compliance standards
  • Set goals, objectives and scope before conducting each pen test
  • Review results to plan for remediation
  • Follow up with additional tests as needed
  • Retain evidence uncovered by your pen tests, taking into account related laws and compliance standards for evidence retention
How is vulnerability scanning used in penetration testing?
Vulnerability scanning is a key component of penetration testing. You can use vulnerability scanning to discover vulnerabilities and weaknesses within your attack surface. From there, you can select which vulnerabilities to target during a penetration test.

How Vulnerability Scanning and Penetration Testing Go Hand-in-Hand

Penetration testing is a process that helps you discover weaknesses within your attack surface before an attacker exploits them. But where do you begin?

Vulnerability scanning is a great place to start. It’s a key component of your overall penetration testing processes. Vulnerability scanning can help you find all of the weaknesses across your attack surface so you can fix them before an attacker uses them to access your data and systems.

Here are a few ways vulnerability scanning works hand-in-hand with pen tests:

During a penetration test, your tester may perform vulnerability scans across your complete attack surface or choose to specifically target a subset, for example your internal networks, external networks, your cloud environments, Internet of Things (IoT) devices, Industrial Internet of Things (IIoT) devices, operational technology (OT) devices, containers or web apps.

Nessus Professional is a vulnerability assessment tool that can help you scan for these vulnerabilities. It comes with pre-built templates to help you conduct credentialed and non-credentialed vulnerability scans. It can help you quickly—and easily—conduct both whitebox testing and blackbox testing.

Nessus templates support many compliance frameworks such as Center for Internet Security (CIS), Health Insurance Portability and Accountability Act (HIPAA), Defense Information Systems Agency (DISA), Security Technical Implementation Guides (STIG), and others.

You can also customize Nessus templates for your tests, including setting preferences to avoid false negatives or false positives.

Ready to learn more about how you can use Nessus for vulnerability scanning as part of your pen tests?

Read More

Nessus is the Gold Standard for Vulnerability Assessment

Vulnerabilities and assets across your modern attack surface are always changing. Trust Nessus Professional to help you stay a step ahead of attackers.

Try for Free

Penetration Testing Blog Bytes

Securing Cloud Infrastructure with Cyber Exposure

A Look at the Most Popular Penetration Testing Methodologies

Pen tests give you visibility into your vulnerabilities. It's a critical and often underused component of cybersecurity. Penetration testing can help you better understand the strengths and weaknesses of your existing configurations and where you may have holes an attacker can exploit. Often organizations plan pen tests as a one-off project. However, because of your growing and ever-evolving attack surface, penetration testing should be a routine part of your cybersecurity practice.

Read More

How to Secure Public Cloud and DevOps? Get Unified Visibility

Combining Penetration Testing with Active and Passive Vulnerability Scanning

Vulnerability assessment and penetration testing are similar, but they are not the same thing. They do, however, work well together. Both seek weakness in your attack surface. With vulnerability assessment, you're looking to identify and prioritize vulnerabilities that pose threats to your organization. With penetration testing, a tester seeks out a known weakness in an attempt to exploit it to see if your data and systems can be accessed.

Read More

New Capabilities to Automatically Discover and Assess Rogue Assets

Vulnerabilities in Cybersecurity: How to Reduce Your Risk

To combat vulnerabilities, you need a deep understanding of what is happening on your systems at any given time. This requires a holistic blend of network monitoring and vulnerability scanning to ensure you have constant visibility into your vulnerability landscape. One way you can keep up with threats is to run regular penetration and vulnerability tests. A penetration test analyzes your configuration, identifying exploitable weak points. Vulnerability assessments handle a similar function, focusing on weaknesses in applications and software.

Read More

Nessus Professional is the Industry Standard for Vulnerability Assessment

Built for security professionals, by security professions, Nessus is an effective way to discover vulnerabilities across your attack surface.

With pre-built policies and templates, Nessus helps penetration testers get the most out of their evaluations. By providing visibility into an organization's network, Nessus gives pen testers an upper hand by helping them quickly uncover weaknesses.

Nessus' coverage is unlike any other vulnerability assessment tool on the planet. It covers almost 50,000 unique IT assets such as operating systems (MacOS, Windows, Linux), mobile devices, applications and network devices.

The software has more than 140,000 plugins, which are automatically updated. That means pen testers get accurate, timely information about the latest vulnerabilities and malware.

Comprehensive Assessment

No. 1 In Accuracy

With six-sigma accuracy, Nessus has the lowest false positive rate in the industry, measured at .32 defects per 1 million scans.

Predictive Prioritization

No. 1 in Coverage

Nessus features more than 140,000 plugins for more than 50,000 common vulnerability exploits (CVEs). Each week, Tenable releases more than 100 new plugins and covers high-profile issues within 24 hours of vulnerability disclosure.

Dynamic Asset Tracking

No. 1 in Adoption

More than 30,000 organizations around the world trust Nessus. It has more than 2 million downloads and is used by half of the Fortune 500.

Try Nessus for Free

Use Nessus Pro to get more visibility into your attack surface, including all your assets and vulnerabilities, and improve your penetration testing processes.

Try for Free



Back to Top

Try for Free Buy Now
Tenable.io FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.