Application Penetration Testing

An application penetration test is a focused engagement against a specific application. Its aim is to find application-level attacks and is not directly concerned with the underly infrastructure (though this is often included from an external point of view).


woman holding mobile phone while standing

Application penetration test vs vulnerability scanning

An application penetration test differs from vulnerability scanning in that is a human led operation, whilst automated tools will be used, this activity is much more in-depth than just this. This type of testing will be looking for logic, coding, and design errors within the application aiming to elevate privileges or gain access to information.


Application penetration test types

There are many different types of application penetration tests, including

  • web application

  • desktop

  • mobile

Each of these has its own attack surfaces and specialised testers.


If you like this blog post, find more content in our Glossary.