Penetration Testing

A test methodology in which assessors, using all available documentation (e.g., system design, source code, manuals) and working under specific constraints, attempt to circumvent the security features of an information system.
SOURCE: SP 800-53A

A test methodology in which assessors, typically working under specific constraints, attempt to circumvent or defeat the security features of an information system.
SOURCE: SP 800-53; CNSSI-4009

Security testing in which evaluators mimic real-world attacks in an attempt to identify ways to circumvent the security features of an application, system, or network. Penetration testing often involves issuing real attacks on real systems and data, using the same tools and techniques used by actual attackers. Most penetration tests involve looking for combinations of vulnerabilities on a single system or multiple systems that can be used to gain more access than could be achieved through a single vulnerability.
SOURCE: SP 800-115