What is penetration testing all about?

Suggy
Giga Sage

‎05-21-2025 06:12 AM - edited ‎05-23-2025 10:22 PM

Hi all,

I wanted to know what is Penetration testing all about?

I am completely new to this topic.

 

1. Few posts say its free, few say the cost should be borne by customer. 

 

2. Few posts say pen test is for entire instance, few say it can be done per application/product.

 

3. Few posts say ServiceNow can do it, few say it can be done only through 3rd party vendors but just need prior approval from ServiceNow.

 

4. Few posts say that we need 'Vulnerability Response ' application for doing pen test.

 

So many posts, with different answers.. totally confused.

 

Anyone having knowledge about pen test and has got details on above points, please do shed some light.

 

Thanks a lot in advance!!!

 

PS - Dont give me answers from GPT's please!!!

Labels:
0 Helpfuls
  • 905 Views
7 REPLIES 7

Suggy
Giga Sage
In response to santhosh-FC

‎05-25-2025 12:05 AM

Hi @santhosh-FC  Thanks for letting me know what pen test all about in simple words.

Do you have any details about the 4 points that I have asked?

0 Helpfuls

Sohail Khilji
Kilo Patron
Kilo Patron

‎05-25-2025 12:40 AM

Hi @Suggy ,

 

Answers:

 

I wanted to know what is Penetration testing all about?

In simple terms its used to identify vulnerabilities in systems, networks, and applications to avoid getting the system hacked in future. its also called Ethical Hacking.... (safe guarding your infra and applications).

 

1. Few posts say its free, few say the cost should be borne by customer.

(Pentest takes time and material so its not free. Some companies have their internal team who can do pen test when requested so it may sound free but actually its not. if there are no internal team who does pen test then they get it done by external service provider  )

 

2. Few posts say pen test is for entire instance, few say it can be done per application/product. (Depends on how the enterprise is set, for greenfield implementation they do it completely and sometime they do only for particular instance/application when they are provisioned)

 

3. Few posts say ServiceNow can do it, few say it can be done only through 3rd party vendors but just need prior approval from ServiceNow. (ServiceNow does pen test based on its standard, but once the application is on your environment then the equation changes, mostly done by 3rd party vendors. )

 

4. Few posts say that we need 'Vulnerability Response ' application for doing pen test. ( if you have VR then you can manage the Vulnerability if its reported, else they vendor fixes the Vulnerability and sends a completion report and fixes)

 

I hope this helps....


☑️ Please mark responses as HELPFUL or ACCEPT SOLUTION to assist future users in finding the right solution....

LinkedIn - Lets Connect

Suggy
Giga Sage
In response to Sohail Khilji

‎05-25-2025 04:21 AM

 

Hi @Sohail Khilji Thanks for those insights.

Regarding point 2, when you say "they do only for particular instance/application"

can you clarify what exactly per application mean? Example of Applications for which can we do pen test?

0 Helpfuls