Introduction

A penetration test (also known as Pen test, pentest) is an authorized simulated attack conducted on Computer systems to evaluate the system's security. The purpose behind this simulated attack is to identify any weak spots in a system (known as bugs), which can be used by attackers. In this digital era, organizations need to keep their systems and data safe and protect it from external as well as internal threats. A single security issue can affect an organization to a great extent. Cyber threats cause an organization to face financial loss or reputational damage, and it could even affect the intellectual property of the organization.

A number of cyber attacks and data breach happens every day. According to the Internet Society survey report (https://www.internetsociety.org/breach2019/), Cyber Attacks Cost $45 Billion in 2018, which is quite a large amount, and it is increasing year by year.

Penetration testing is classified into three types: 1)White Box testing in which tester has given full details of the system, 2)Black Box testing in which tester has no or minimal details of the system, and 3)Gary Box testing which is a combination of white box and Black box and minimum details of the system is given to tester.

Penetration testing is not one time task. In the system, everything is dynamic, so it needs continuous pen-testing. Consider the following scenarios, at which pen-testing should be conducted:

• Before deployment of system or application.
• When the system is no longer in a state of constant change.
• During Periodic Audit.

Pen-testing a large system with multiple applications is a tedious task. It needs more security experts. Automation is pen-testing can helps an organization to save money and time. Repeated and simple tasks can be automated so that security experts can look into more complex issues. But there are some limitations with automated pen-testing.