A method of testing where testers target individual binary components or the application as a whole to determine whether intra or intercomponent vulnerabilities can be exploited to compromise the application, its data, or its environment resources.
See NIST SP 800-95 under Penetration Testing Department of Homeland Security: Security in the Software Lifecycle: Making Software Development Processes—and Software Produced by Them—More Secure Version 1.0, https://buildsecurityin.us-cert.gov for detailed information.
A test methodology in which assessors, typically working under specific constraints, attempt to circumvent or defeat the security features of a system.
See the following under Penetration Testing for detailed information:
NIST SP 800-12 Rev. 1 NIST SP 800-53.
NIST SP 800-53 Rev. 4.
NIST SP 800-137 NISTIR 7298.
NIST SP 800-53A Rev. 4.
Security testing in which evaluators mimic real-world attacks in an attempt to identify ways to circumvent the security features of an application, system, or network. Penetration testing often involves issuing real attacks on real systems and data, using the same tools and techniques used by actual attackers. Most penetration tests involve looking for combinations of vulnerabilities on a single system or multiple systems that can be used to gain more access than could be achieved through a single vulnerability.
See NIST SP 800-115 under Penetration Testing for detailed information.
Testing that verifies the extent to which a system, device or process resists active attempts to compromise its security.
See NIST SP 800-152 under Penetration testing for detailed information.