NTRODUCTIONThis article provides a general introduction to the subject of penetrationtesting and provides the security professional with the background need-ed to understand this special area of security analysis. Penetration testingcan be a valuable tool for understanding and improving the security of acomputer or network. However, it can also be used to exploit systemweaknesses and attack systems and steal valuable information. By under-standing the need for penetration testing, and the issues and processessurrounding its use, a security professional will be better able to use pen-etration testing as a standard part of the analysis toolkit.This article presents penetration testing in terms of its use, application,and process. It is not intended as an in-depth guide to specific techniquesthat can be used to test penetration-specific systems. Penetration testingis an art that takes a great deal of skill and practice to do effectively. Ifnot done correctly and carefully, the penetration test can be deemed in-valid (at best) and, in the worst case, actually damage the target systems.If the security professional is unfamiliar with penetration testing tools andtechniques, it is best to hire or contract someone with a great deal of ex-perience in this area to advise and educate the security staff of an orga-nization.