Attack & Penetration Assessment

The Attack and Penetration Test (“Attack and Pen”) is a term coined at the outset of Internet defense assessment. The purpose of this method is to discover vulnerabilities, then exploit them in order to infiltrate IT assets. Slang naming variants include “Take the Flag”, which reflects a common metric for success; that is, to plant a foreign file onto a system, or to harvest an existing file, to be used as proof of the break and enter.

There are several characteristics of the Attack and Pen that have caused it disfavor:

It is time-intensive and involves iterative processes of discovery and exploit attempts. This time factor translates into high cost;

The method is intended, by definition, to break systems; it may crash or corrupt systems and stored data;

The Attack and Penetration offers little addition value over highly evolved vulnerability assessment methodologies, which pose little or no risk

The term “Attack and Penetration” has stuck, to the extent that it has become a misused name for the more conservative vulnerability assessment