Authorised offensive simulation of an attacker to identify exploitable vulnerabilities.
A penetration test is an authorised, scope-bound offensive engagement simulating a realistic attacker to identify exploitable vulnerabilities. Common variants: external network, internal network, web/application, cloud, API, social engineering, and red team.
Run a free ComplianceIQ audit against SOC 2 and we'll surface every gap on this — and the other controls auditors flag — with the exact clause references to fix.