Penetration Testing Fundamentals

Penetration testing is the practice of intentionally attacking an application, network, or system to find security weaknesses that a real attacker could exploit. The work is performed by a pentester (a human, an AI agent, or both working together), the findings are documented with reproduction steps and evidence, and the customer uses the report to prioritize and implement fixes.

A pentest is different from a vulnerability assessment. A vulnerability assessment lists every potential weakness identified by scanners or manual review. A penetration test goes further to actually attempt to exploit the weaknesses to prove they are real and to show what an attacker could achieve. The output of a pentest is usually a much smaller list than a vulnerability assessment, but each item ships with a proof and a remediation path.

Penetration testing is one of the most powerful security practices available and one of the most rationed. Most enterprises pentest their most critical apps once or twice a year because manual pentests are expensive and skilled pentesters are scarce. The shift the industry is making in 2026 is to use AI pentest agents to gain broader application coverage at a lower cost per test, while reserving human pentesters for the engagements where their judgment compounds the most value.

Penetration testing services are professional services engagements in which a firm (or an internal team) performs pentests on behalf of a customer. The category covers everything from a $10,000 single app web pentest to multi month red team engagements that cost six figures. Services typically include scoping, the test itself, the report, and a retest after the customer fixes the high severity findings.

The category has historically been delivered by specialist firms — consultancies, MSSPs with offensive practices, boutique pentest shops, mostly using human pentesters and a fixed toolchain. Two shifts are changing the category in 2026. First, PTaaS (Pentest as a Service) wraps the engagement in a software platform that handles scoping, scheduling, reporting, and retesting through a portal. Second, AI penetration testing is being used more widely, with many established pentest firms now running an AI agent under the hood and reserving the human pentester for the work that genuinely needs them. The continuous pentest service model of AI for the volume, human for the validation is becoming the default for midmarket and enterprise programs.

Buyers shopping for pentest services in 2026 typically ask three questions: who is actually doing the work (humans, agents, or both); how long will it take to deliver first findings; and is the retest included or billable.

Web application penetration testing is the practice of pentesting a usually browser facing application served over HTTPS for security weaknesses that an external attacker could exploit. Scope typically covers the OWASP Top 10 categories (injection, broken authentication, broken access control, security misconfiguration, etc.) plus business logic abuse and any custom workflows the app exposes.

Web app pentesting is the largest single category inside the broader pentest market. Most enterprise pentest programs spend the majority of their budget here because web apps are the primary public attack surface and the rate of code change is the fastest. The work is also where AI penetration testing has matured fastest as the web is well structured enough for an agent to reason about (HTTP requests, responses, authenticated sessions, endpoint patterns), and the OWASP Top 10 provides a clean coverage baseline.

A modern web app pentest goes beyond the OWASP Top 10. It tests authentication and session handling under realistic conditions (cookies, JWT, OAuth), authorization across multiple user roles (BOLA, BFLA, privilege escalation), business logic abuse (price tampering, workflow bypass, state machine confusion), and any third party integrations the app depends on (webhooks, federated identity, payment processors). The reproduction steps and evidence per finding are the differentiator between a useful report and a glorified scan output.

Network penetration testing is the practice of attacking an organization's network (internal, external, or both) to find weaknesses an attacker could exploit to gain a foothold, move laterally, escalate privileges, or exfiltrate data. The work covers external facing services (perimeter routers, VPN concentrators, exposed management interfaces), internal segmentation, and the identity layer that connects them.

External network pentesting probes the perimeter from the public internet – what an unauthenticated attacker can see and reach. Internal network pentesting starts from inside the network (an authenticated user, a compromised host, a guest VLAN) and tries to move laterally, escalate privileges, and reach high value assets. Active Directory testing is usually rolled into internal network pentesting because AD misconfiguration is the most common privilege escalation path inside enterprise networks.

AI penetration testing for networks is more mature on the internal side than the external side, because internal pentest tools (Simbian, Horizon3 NodeZero, Pentera, etc.) have had more time to model AD attack paths, credential abuse, and lateral movement chains. External network pentest is increasingly handled by EASM (External Attack Surface Management) plus targeted exploitation, often by the same agent that does the web app pentest. The shift in 2026 is toward continuous network pentesting as part of a CTEM program rather than annual snapshots.

API penetration testing is the practice of pentesting application programming interfaces (APIs), usually REST or GraphQL, for security weaknesses. Modern enterprise applications are mostly API-based where the browser app is a thin client, the mobile app is a thin client, and the partner integrations are direct API calls. API pentesting is what actually tests the application logic.

The OWASP API Security Top 10 is the standard reference for the bug classes that matter here. The top entries are Broken Object Level Authorization (BOLA / IDOR), Broken Authentication, Broken Object Property Level Authorization (BOPLA), Unrestricted Resource Consumption, and Broken Function Level Authorization (BFLA).

AI penetration testing has a structural advantage on APIs because the agent can spawn parallel attackers as different authenticated roles, for example as a guest, a regular user, an admin, a developer, and crosscheck whether one role can access data or actions that should be scoped to another. This is the test design the OWASP API Top 10 implicitly requires and that single user scanners structurally cannot run. AI pentest agents that take a recorded API specification (OpenAPI, GraphQL schema) plus multiple role credentials cover the BOLA/BFLA class natively, where scanners miss it.

Cloud penetration testing is the practice of pentesting an organization's cloud environment (AWS, Azure, GCP, Kubernetes) for security weaknesses in the configuration, identity, and workloads. The work has some overlap with network pentesting, but the attack surface and the tooling are different enough that it is treated as a distinct category.

The most common findings in cloud pentests sit in three categories. First, overly permissive IAM roles and policies that grant more than the workload needs, including AssumeRole chains that an attacker could pivot through. Second, exposed storage such as S3 buckets, Azure blobs, GCS buckets accessible without authentication or with weak ACLs. Third, workload escape where container or function exploits could let an attacker break out of the workload and into the underlying cloud account. Misconfigured Kubernetes RBAC and service account abuse are common in the workload escape category.

Cloud pentesting is harder to automate than web app pentesting because the attack surface is broader and running a test safely requires more restraint, since an exploit attempt in the cloud can accidentally delete resources, trigger billing events, or break production workloads that the agent didn't realize were live. The mature pattern in 2026 is to combine a CSPM (Cloud Security Posture Management) tool for configuration coverage with an AI pentest agent that can reason about the real exploit paths between misconfigurations, plus a human cloud pentester for the bespoke architectural review.

Mobile application penetration testing covers iOS and Android apps and the backend APIs they talk to. The pentest typically has two halves: the client side analysis (reverse engineering the app binary, inspecting local storage, hooking into runtime behavior) and the server side analysis (the API the mobile app calls, which is usually the bigger attack surface).

Common findings on the client side are insecure local storage of credentials or sensitive data, certificate pinning bypass, insufficient root/jailbreak detection, and exposed debugging interfaces in production builds. Common findings on the server side are the same as any API pentest, including authorization bugs (BOLA, BFLA), broken authentication, server side request forgery, and business logic flaws. The mobile app is often a thin shell over an API, and the high impact vulnerabilities are almost always on the API side.

Mobile app pentest is less mature than web app pentest in the AI pentest category. The client-side reverse engineering work requires tools and reasoning specific to iOS and Android (Frida, Objection, MobSF), and the agent harnesses for that are still catching up. Most enterprise programs in 2026 are running AI pentest agents against the mobile app's API (which is where the high impact bugs live) and using human pentesters for the clientside work that requires platform specific tooling.

Penetration testing is usually categorized along three dimensions: attack surface (what is being tested), attacker knowledge (what the pentester knows going in), and engagement style (how broad and adversarial the test is).

By attack surface, the standard categories are web application pentesting, API pentesting, network pentesting (external and internal), cloud pentesting, mobile application pentesting, wireless pentesting, and physical pentesting. Most enterprise programs cover web, API, and network at a minimum; cloud and mobile depend on the application stack; wireless and physical are usually annual or as needed engagements.

By attacker knowledge, the standard categories are blackbox (the pentester knows nothing more than what an external attacker would), whitebox (the pentester has source code, architecture documents, and credentials), and greybox (somewhere in between, usually with credentials but no source). Whitebox runs are usually faster and find more bugs per hour because the pentester has more signal; blackbox runs are more realistic to the externalattacker scenario.

By engagement style, the standard categories are penetration testing (find and exploit weaknesses in a defined scope), red teaming (broader, more adversarial, often including social engineering and physical access, evaluating detection and response in addition to vulnerabilities), and purple teaming (red and blue working together, designed to improve detection).

A penetration testing methodology is the documented process a pentester follows for an engagement. This includes the stages, the techniques to consider at each stage, and the documentation expected at the end. A clear methodology is what separates a pentest from "someone clicking around."

The most cited methodologies are PTES (Penetration Testing Execution Standard), OSSTMM (Open Source Security Testing Methodology Manual), NIST SP 800115 (Technical Guide to Information Security Testing and Assessment), and the OWASP Web Security Testing Guide. PCI DSS Requirement 11.4 explicitly references "industry accepted" methodologies, which in practice means one of these. Most enterprise pentest programs adopt PTES or OWASP for the application layer and NIST SP 800115 for the broader network layer.

A methodology typically lays out seven stages: pre engagement (scoping, rules of engagement), intelligence gathering (recon), threat modelling, vulnerability analysis, exploitation, post exploitation (lateral movement, persistence, data access proof), and reporting. AI pentest agents follow the same sequence of steps. The methodology framing matters most at audit time, when the QSA or SOC 2 auditor asks "what did you actually do" and the answer needs to map to an industry accepted standard.

The three categories describe how much the pentester knows about the target before the engagement starts.

• In a black box pentest the pentester is given nothing except the target URL, an IP range, the name of an application. The engagement is meant to simulate what an external attacker without any internal information would see and could do. Black box is the most realistic for external attacker scenarios and the slowest to find bugs, because the pentester or agent has to spend a lot of time on recon.
• In a white box pentest the pentester is given full insider information about the application, including source code, architecture documents, credentials for all user roles, network diagrams. The engagement simulates an insider threat or a maximally prepared attacker. White box runs are faster per finding and tend to catch a broader set of bugs because the pentester has full signal. AI pentest agents in whitebox mode use the source code as a hint to drive more precise runtime exploitation, which allows the agent to verify the bug in the runtime context and in the source.
• In a grey box pentest the pentester is given partial information, usually credentials for one or more user roles, but no source code. Grey box is the most common engagement type in practice because it strikes the right balance between realism and speed for most apps.

A vulnerability assessment is a list of potential weaknesses. A penetration test is a proof of which of those potential weaknesses are exploitable.

A vulnerability assessment typically uses scanners like Nessus, Qualys, Rapid7 InsightVM, or OpenVAS to identify known weaknesses based on signatures, missing patches, and configuration checks. The output is a long list of CVEs and findings, usually filtered by CVSS. Many of the items on a vulnerability assessment turn out not to be exploitable in the customer's actual environment because the vulnerable software is reachable only from an internal segment that the attacker cannot reach, the patch has been applied via a workaround the scanner can't detect, the misconfiguration is compensated for by another control.

A penetration test takes the same target and tries to actually exploit the weaknesses to determine which ones are real. The output is shorter than a vulnerability assessment and identified vulnerability includes supporting evidence and reproduction steps. The pentester's job is to find the exploit chain the way an attacker would by actually using the bug, not just listing the bug as "present."

Mature security programs run both. Vulnerability assessment provides breadth, run continuously and fed into patch management. Penetration testing provides depth, run on the apps and systems that matter most, and produces findings that are proven exploitable. AI penetration testing collapses some of the gap between the two by making it possible to run pentests at a scanner-like cadence.

The OWASP Top 10 is a community maintained list of the most critical security risks to web applications. The list has been published periodically since 2003 by the Open Web Application Security Project (OWASP) and is the most widely referenced security standard for application security teams. The 2021 edition is the most recent published at time of writing; the 2025 edition has been in public draft.

The 2021 list, in order, is A01 Broken Access Control, A02 Cryptographic Failures, A03 Injection, A04 Insecure Design, A05 Security Misconfiguration, A06 Vulnerable and Outdated Components, A07 Identification and Authentication Failures, A08 Software and Data Integrity Failures, A09 Security Logging and Monitoring Failures, and A10 ServerSide Request Forgery. Broken Access Control moved to A01 in the 2021 edition because the data showed it as the most tested against and most found category across the industry.

The Top 10 is best understood as a coverage baseline rather than a checklist. A pentest that covers the Top 10 well is doing the minimum; it does not necessarily catch business logic abuse, chained exploits, or AIspecific bug classes. The OWASP API Security Top 10 and the OWASP Top 10 for LLMs are companion lists that cover their respective surfaces. Any AI pentest agent worth buying covers the Top 10 categories as table stakes; the differentiation is in what it does beyond.

Ethical hacking is the practice of using offensive security skills against systems with the owner's permission to find and report weaknesses before a malicious attacker can exploit them. It is the same set of skills and steps a cybercriminal uses – reconnaissance, exploitation, privilege escalation, persistence applied with consent, documentation, and remediation guidance.

Penetration testing is a specific kind of ethical hacking engagement. Bug bounty hunting, red teaming, security research, vulnerability research, and CTF (Capture the Flag) competitions are also forms of ethical hacking. What separates ethical from unauthorized hacking is consent, a written scope of work, rules of engagement, and a defined deliverable. Without consent, the same techniques are illegal under most jurisdictions (the US Computer Fraud and Abuse Act, the UK Computer Misuse Act, similar laws elsewhere).

The certification path most commonly associated with ethical hacking is the CEH (Certified Ethical Hacker) from ECCouncil, although it is widely regarded among practicing pentesters as more of a survey credential than a deep technical certification. OSCP (Offensive Security Certified Professional), PNPT, BTL1, and CREST CRT are more commonly held by working pentesters. AI is starting to reshape the field and a pentester who can direct an AI pentest agent effectively will be more valuable in five years than one who relies only on hand driven tools.

Ethical hacking is the umbrella. Penetration testing is one of the things you do inside it.

Ethical hacking covers any authorized offensive security work penetration testing, bug bounty, red teaming, vulnerability research, security CTF play, source code review with an offensive eye. The skill set is the same across these activities, but the engagement model is different. A pentest is scoped to a specific target, has rules of engagement, has a deliverable (the report), and has a defined start and end. Bug bounty is open-ended, paid per finding, scoped to a public program. Red teaming is broader than pentest, often includes social engineering and physical access, and evaluates the defender's ability to detect and respond, not just the existence of vulnerabilities.

In practice, the title "ethical hacker" is most often used in marketing and in certification names (CEH, etc). The titles "penetration tester," "offensive security engineer," "red teamer," and "security researcher" are the ones used by working professionals to describe what they do day today. AI is now adding "AI pentest supervisor" and "AI pentest skill builder" to that list.

External penetration testing starts from the public internet and tries to attack what is reachable from outside the organization's network websites, APIs, VPN concentrators, exposed services. The pentester (human or agent) has the same starting position as an external attacker who has no credentials and no foothold inside the network.

Internal penetration testing starts from inside the network. The starting position can be an authenticated user account, a compromised endpoint, an exposed guest VLAN, or simply a network drop in the office. The pentester then tries to move laterally, escalate privileges, abuse Active Directory or cloud IAM, and reach highvalue targets. Internal pentests almost always cover credential abuse, lateral movement, and AD attack paths because that is where the bulk of post foothold attack value lives in enterprise environments.

Most enterprises run both. External pentests are required for compliance frameworks like PCI DSS and SOC 2 and evaluate the public attack surface most exposed to opportunistic attackers. Internal pentests model the post breach scenario, which matters because the assumption that the network perimeter holds is structurally no longer valid in a cloudandremotework era.

Red teaming is a broader, more adversarial form of offensive security testing than a standard penetration test. The red team's job is to behave as a real attacker would across the entire kill chain to evaluate both whether the attacks succeed and whether the defenders (the blue team) detected and responded. This includes initial access (which can include phishing, social engineering, physical access), foothold, lateral movement, privilege escalation, data access proof and

AI is starting to reshape red teaming in two ways. First, on the offensive side AI pentest agents are increasingly used inside red team engagements to handle the time-consuming recon and exploitation work, freeing the human red teamers to focus on the social engineering, lateral movement decisions, and more sophisticate exploits. Second, on the defensive side "AI red teaming" is now used to mean red team style testing of LLM applications (prompt injection, agent abuse, model extraction), which is its own distinct discipline. Both approaches are an important part of effective red teaming.