What is penetration testing all about?

Suggy
Giga Sage

‎05-21-2025 06:12 AM - edited ‎05-23-2025 10:22 PM

Hi all,

I wanted to know what is Penetration testing all about?

I am completely new to this topic.

 

1. Few posts say its free, few say the cost should be borne by customer. 

 

2. Few posts say pen test is for entire instance, few say it can be done per application/product.

 

3. Few posts say ServiceNow can do it, few say it can be done only through 3rd party vendors but just need prior approval from ServiceNow.

 

4. Few posts say that we need 'Vulnerability Response ' application for doing pen test.

 

So many posts, with different answers.. totally confused.

 

Anyone having knowledge about pen test and has got details on above points, please do shed some light.

 

Thanks a lot in advance!!!

 

PS - Dont give me answers from GPT's please!!!

Labels:
0 Helpfuls
  • 976 Views
7 REPLIES 7

Suggy
Giga Sage

‎05-23-2025 03:03 AM

No one?

0 Helpfuls

GlideFather
Tera Patron

‎05-23-2025 03:28 AM

Hi,

the penetration tests are always based on some specific requirement, I think there is no general answer on this - some might be performed on a specific product/application (you can perform it in the whole application and after that only on newly developed ones).

I would say that each client might have different needs and requirements. But there is a "golden rule", the expenses companies are willing to spend on security are always higher after some big security breach 😄

———
/* If my response wasn’t a total disaster ↙️ drop a Kudos or Accept as Solution ↘️ Cheers! */


Suggy
Giga Sage

‎05-23-2025 10:23 PM

Anyone else please?

0 Helpfuls

santhosh-FC
Giga Contributor
In response to Suggy

‎05-24-2025 12:13 AM

Imagine you live in a house. To make sure it’s safe, you ask a friend to try and break in—not to steal anything, but just to test if the locks and doors are strong enough. If your friend finds a way in, they tell you so you can fix it before a real thief tries.

That’s what penetration testing (or “pen testing”) is, but for computer systems. A company asks a “good hacker” to try and break into their website, app, or network. This helps the company find weak spots and fix them before a bad hacker finds them.

So, it’s like a safety check, but for computers instead of houses.