The growth of information has increased the risks of a cyberattack; hackers have advanced their hacking techniques as technology advances. The system developers and IT security experts are developing a security system to mitigate cyber breaches.  Penetration testing is one of the methods that has been designed to reduce security breaches (Al Shebli, & Beheshti, 2018). In this study, the focus will be on analyzing penetration testing. The study's goal is to understand what penetration testing is and how it operates to secure it.

            Penetration testing is also known as “Pen Test,” or ethical hack. This security technique is a simulated attack on the computer system to assess and notify exploitable vulnerability in the system (Baloch, 2017). penetration testing is designed to fit various systems and applications within the system. For instance, penetration is conducted as a "web application firewall" (WAF) in web application security. Penetration testing helps determine whether the existing defensive measures employed in the computer system are sufficient to prevent the breach. the penetration report recommends the best countermeasures to put in place to secure the system

 Pentest also helps determine the type and number of attempted breaches in any application system with the computing system such as APIs and servers. Thus, this security system helps to uncover threats such as malware attacks, worms, viruses, and trojan horses, and vulnerabilities such as susceptible codes, unsensitized systems, and security gaps in the system (Denis, Zena& Hayajneh, 2016). The information provided by the penetration test allows the system security experts to understand the system's security status and fine-tune the WAF security system, as well as patch, detected vulnerabilities

The penetration testing is broken down into six major stages; different actions are taken in each stage. Thus, security experts are required to conduct these operations systems to ensure the operation is successful. These steps include:

Internal testing – this methodology requires the tester to analyze the applications in the system and firewalls that can help access the hacker to gain access to the system. Internal assessment includes monitoring rogue employees and gaps that can facilitate attacks such as phishing attacks. Target testing involves assessing the system in a predetermined condition; the tester conducts the assessment to look for specific risks or prove a certain condition. In this case, the tester works together with the security personnel to achieve the required results.