Penetration testing is a process of probing and testing for vulnerabilities in your applications and IT networks. It is a controlled form of hacking in which the Penetration testers operate on your behalf to find the sorts of weaknesses that the criminal hackers would exploit.
The testing process involves evaluating your systems for any potential vulnerabilities that could result from poor or lazy system configuration, leaving defaults in place without customisation is one good example, known and unknown hardware or software flaws, and operational poor practice in process or technical countermeasures.
The penetration tester can use the same techniques used by criminals without any lasting damage to your systems. These tests are usually conducted at a time of your choosing but typically these would be outside business hours or when networks and applications are least used, our objective is to reduce to an absolute minimum the impact on day to day operations.