In plain English
A penetration test hires ethical hackers to attack your systems the same way real criminals would — but safely and with your permission. The goal is to find and fix vulnerabilities before they're exploited. The output is a detailed, risk-rated report that tells you exactly what was found, how it was exploited, and what needs to be fixed.
Full definition
Penetration tests can be scoped to external infrastructure (systems visible from the internet), internal networks (simulating an insider or post-breach attacker), web applications, cloud environments, Active Directory, or wireless networks. The scope and methodology should be agreed in a rules of engagement document before testing begins.
Testing approaches range from black-box (tester has no prior knowledge, simulating an external attacker) to white-box (full documentation and credentials provided, maximising coverage) to grey-box (partial information, balancing realism with efficiency).
A high-quality pen test report includes an executive summary suitable for board presentation, detailed technical findings with proof-of-concept evidence, risk ratings (critical, high, medium, low), and actionable remediation guidance. IronSights includes a free retest to verify findings are resolved.