Commercial penetration testing is the process of controlled security assessment or audits performed in a manner that reveals weaknesses and vulnerabilities. These processes help reveal weaknesses in the infrastructure, allowing a company to implement fixes for these security vulnerabilities. Although this process simulates real-world attacks, it is not a random brute-force endeavor. In commercial penetration testing, there are standards and methodologies that provide a detailed roadmap of practical ideas and proven practices (Halfond, 2011). Enterprise-level penetration testing is an undertaking typically carried out by third-party consultants. Moving these tests from internal to external gives an even more accurate test result because internal stakeholders may have internal knowledge that an attacker will not have or the stakeholder will omit some of the necessary tests in due to overconfidence in the system or a desire to avoid finding weaknesses. in something they directly helped implement. This is not to say that there is no place for internal testing during implementations and maintenance. The important thing to note is that penetration testing is usually the last step in a security assessment plan, which is a very aggressive form of testing performed by highly qualified individuals. “Although there are different types of penetration testing, the two most general approaches that are most widely accepted by the industry are Black-Box and White-Box” (Ali, Heriyanto, 2011). Black-Box penetration testing is defined as external testing performed remotely by testers who have no in-depth knowledge of the infrastructure being tested. This test uses many of the tools that a real outside threat would use to compromise a business...... middle of paper ...... o. By regularly performing this type of testing, a business or organization can expose and fix vulnerabilities and weaknesses that an external or even internal threat would use to obtain information. Works cited Ali, S. , Heriyanto, T. (2011). BackTrack 4: Ensuring security with penetration testing. Publishing packages. Form retrieved: hereBradbury, D. (2007). Penetration testing measures business security. Weekly computer. Extract from: hereHalfond, W. el al. (2011). Improve penetration testing with static and dynamic analysis. Wiley Online Library. Extracted from: hereKlevinsky, TJ, Laliberte, S., Gupta, A. (2002). Hack IT: security through penetration testing. Addison-Wesley Professional. Extracted from: hereNorthcutt, S. et al. (2006). Penetration testing: Assess your overall security before attackers do. Basic impact WITHOUT. Retrieved from: here