Authorized simulated attack to identify vulnerabilities by chaining weaknesses to demonstrate real risk.

Penetration testing is an authorized simulated attack designed to actively exploit vulnerabilities to determine what an attacker could do and to illustrate the real risk. The idea of chaining weaknesses reflects how attackers move from one flaw to another to escalate access or impact, so testers demonstrate tangible consequences rather than just listing flaws. This approach differs from vulnerability assessment, which focuses on identifying weaknesses without exploiting them, and from security auditing, which reviews controls for compliance rather than performing hands-on exploitation. A red team exercise is broader and may pursue longer, stealthier campaigns and business-aligned objectives, whereas this scenario centers on controlled exploitation to reveal risk, which is the hallmark of a penetration test.