An application penetration test is a focused engagement against a specific application. Its aim is to find application-level attacks and is not directly concerned with the underly infrastructure (though this is often included from an external point of view).
Application penetration test vs vulnerability scanning
An application penetration test differs from vulnerability scanning in that is a human led operation, whilst automated tools will be used, this activity is much more in-depth than just this. This type of testing will be looking for logic, coding, and design errors within the application aiming to elevate privileges or gain access to information.
Application penetration test types
There are many different types of application penetration tests, including
Each of these has its own attack surfaces and specialised testers.
If you like this blog post, find more content in our Glossary.