U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Glossary
A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

penetration testing

Definition(s):

  A method of testing where testers target individual binary components or the application as a whole to determine whether intra or intercomponent vulnerabilities can be exploited to compromise the application, its data, or its environment resources.
Source(s):
NIST SP 800-95 under Penetration Testing from DHS Security in the Software Lifecycle

  A test methodology in which assessors, typically working under specific constraints, attempt to circumvent or defeat the security features of a system.
Source(s):
NIST SP 800-12 Rev. 1 under Penetration Testing from NIST SP 800-53
NIST SP 800-53 Rev. 5
NIST SP 800-53A Rev. 5

  A test methodology in which assessors, using all available documentation (e.g., system design, source code, manuals) and working under specific constraints, attempt to circumvent the security features of an information system.
Source(s):
NIST SP 800-137 under Penetration Testing from NISTIR 7298
NIST SP 800-53A Rev. 4 [Superseded] under Penetration Testing

  Security testing in which evaluators mimic real-world attacks in an attempt to identify ways to circumvent the security features of an application, system, or network. Penetration testing often involves issuing real attacks on real systems and data, using the same tools and techniques used by actual attackers. Most penetration tests involve looking for combinations of vulnerabilities on a single system or multiple systems that can be used to gain more access than could be achieved through a single vulnerability.
Source(s):
NIST SP 800-115 under Penetration Testing

  Testing that verifies the extent to which a system, device or process resists active attempts to compromise its security.
Source(s):
NIST SP 800-152 under Penetration testing

  A test methodology intended to circumvent the security function of a system. Note: Penetration testing may leverage system documentation (e.g., system design, source code, manuals) and is conducted within specific constraints. Some penetration test methods use brute force techniques.
Source(s):
NIST SP 800-160 Vol. 1

  A test methodology intended to circumvent the security function of a system. Note: Penetration testing may leverage system documentation (e.g., system design, source code, manuals) and is conducted within specific constraints. Some penetration test methods use brute force techniques.
Source(s):
NIST SP 800-160 Vol. 1

  A test methodology in which assessors, typically working under specific constraints, attempt to circumvent or defeat the security features of an information system.
Source(s):
CNSSI 4009-2015 [Superseded] from NIST SP 800-53 Rev. 4
NIST SP 800-53 Rev. 4 [Superseded] under Penetration Testing