Knowledge organisersIdentifying and preventing vulnerabilities

Common prevention methods: Penetration testing

Knowledge organiser

Identifying and preventing vulnerabilities

1.4.2a.i

What you need to know

Penetration testing involves deliberately attempting to break into a computer system to find security weaknesses before real attackers can exploit them. It helps organisations identify and fix vulnerabilities.

Key points

Definition:Penetration Testing: attempting to gain access to a system WITHOUT normal credentials (usernames/passwords) to test the effectiveness of security measures.
Identifies vulnerabilities and weaknesses BEFORE real attackers find them.
After testing, measures can be taken to fix any weaknesses discovered.
Helps protect against: SQL injection, brute-force attacks, data interception.
Exam Tip:Penetration testing is PROACTIVE — it finds weaknesses before they are exploited. It does not fix problems itself — it identifies them so they CAN be fixed.

Knowledge organisersIdentifying and preventing vulnerabilities

Common prevention methods: Penetration testing

All topics Practise exam questions

Knowledge organiser

Identifying and preventing vulnerabilities

1.4.2a.i

What you need to know

Key points

Definition:Penetration Testing: attempting to gain access to a system WITHOUT normal credentials (usernames/passwords) to test the effectiveness of security measures.
Identifies vulnerabilities and weaknesses BEFORE real attackers find them.
After testing, measures can be taken to fix any weaknesses discovered.
Helps protect against: SQL injection, brute-force attacks, data interception.
Exam Tip:Penetration testing is PROACTIVE — it finds weaknesses before they are exploited. It does not fix problems itself — it identifies them so they CAN be fixed.