You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
This lesson covers penetration testing as required by OCR J277 Section 1.4. Penetration testing is a proactive approach to network security that helps organisations identify vulnerabilities before attackers can exploit them.
Penetration testing (often called pen testing) is the practice of deliberately testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit.
A penetration test simulates a real-world attack in a controlled and authorised manner. The testers (known as penetration testers or ethical hackers) use the same tools and techniques as malicious hackers, but they have permission from the system owner and report their findings rather than exploiting them.
OCR Exam Tip: The key word is "authorised." Penetration testing is legal because the tester has explicit permission from the organisation. Without permission, the same actions would be illegal under the Computer Misuse Act 1990.
| Reason | Explanation |
|---|---|
| Identify vulnerabilities | Discover weaknesses before attackers do |
| Test security controls | Verify that firewalls, encryption, and authentication work as expected |
| Compliance | Meet legal and regulatory requirements (e.g. GDPR, PCI DSS) |
| Assess impact | Understand the potential damage if a real attack occurred |
| Improve security | Use findings to fix weaknesses and improve defences |
| Staff awareness | Test whether employees follow security policies (e.g. social engineering tests) |
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.