Penetration testing evaluates the security controls in place of an organization by conducting simulated real-world attack scenarios. The goal of a penetration test is to provide a point in time snapshot of the controls in pace to detect, mitigate and alert on such activities. The testing also uncovers the actual attack vectors that took place for a potential breach and recommendations on how to close the gap so an actual attack does not occur.
There are three main buckets of penetration testing:
Scenario-based penetration testing is the technique of testing from different locations, accounts, permissions and tools on a network. This technique allows an organization the flexibility to test different ways outside of general internal or external pentests. This can be especially beneficial for PCI compliance and testing access to the cardholder data environment (CDE).