A
penetration test is an authorized simulation of attacks against systems — actively exploiting vulnerabilities to demonstrate real-world impact, unlike a vulnerability scan which only identifies issues.
Pen test ≠ vulnerability scan. Scanning finds issues; pen testing proves they're exploitable and demonstrates impact. Always requires written authorization (scope, rules of engagement). Types: black box, white box, gray box. Deliverable: detailed report with evidence and remediation guidance.