Computer Forensics Lab
Computer Forensics Lab
Digital forensics · Since 2007
← Blog·Cyber·12/01/2026

Penetration testing: what it is, what it is not, and when to commission it.

Penetration testing lab with terminals.

A penetration test is an authorised, time boxed attempt to find and exploit weaknesses in a system, and to report on them so they can be fixed. It answers a narrow question: what could a competent attacker achieve within the scope and time agreed.

What it is not

  • It is not a compliance certificate.
  • It is not a guarantee of security after the test date.
  • It is not the same as a vulnerability scan, which is automated and unfocused.
  • It is not a substitute for logging, patching and staff training.

When to commission one

Before a significant release, after a merger or acquisition, in response to a regulatory expectation, or after a suspected incident to confirm remediation. In each case the value depends on a tight scope, an experienced tester, and a client who is prepared to act on the findings.