Penetration testing (pentest) is an authorised attack on a system to find vulnerabilities and report them. Important: WRITTEN PERMISSION IS MANDATORY. Pentest without permission is a crime. Pentest stages: Reconnaissance (information gathering), Scanning, Exploitation (testing vulnerabilities), Post-exploitation, Reporting.
Widely used tools: Nmap (port scanner), Burp Suite (web vulnerabilities), Metasploit (exploit framework), OWASP ZAP (free alternative). Bug bounty programs — companies pay real pentesters (HackerOne, Bugcrowd). CTF (Capture the Flag) competitions — a legal practice environment. Pentesting is not a one-time event; it should be done regularly (at least annually).
Our courses on this topic