Penetration testing is an authorized security test on an application or an Infrastructure to identify vulnerabilities that may be present and could be exploited. Testing can be conducted via the Internet (if the application is externally facing) to identify any external-facing vulnerabilities, or from inside the company for an internal application or if the application is not open to the Internet.
Vulnerabilities within applications could expose sensitive data to unauthorized users, or be used to further compromise systems within the organization.
An application penetration test gives assurance of the security of the application. It tests the application manually for weaknesses in access controls, user permissions, and separation, input injection, file upload/download functionality, authorization, and authentication. It can identify weaknesses that may allow an unauthorized user to use the application in a non-intended manner and provide access to information they are not authorized to view.
The vulnerabilities identified are reported back to the system owner along with mitigation recommendations.