Penetration testing is the control and reporting of security vulnerabilities in the information technology infrastructure of organizations. It is tried to penetrate into the information systems determined by the institution by trying all ways.

A penetration testing guides not only to find vulnerabilities, but also to actively exploit these vulnerabilities to prove the effectiveness of known attack vectors against the organization’s information assets, data, people and/or physical security.

Three different methods called black box, gray box and white box are used in penetration tests. Along with these methods, social engineering and phishing attacks are also made against personnel, and personnel vulnerabilities are also tested apart from systemic vulnerabilities.

Penetration test is one of the requirements of both KVKK and ISO 27001.