Penetration tests = hacking?
Consider the example of hacking and the example of the work of hackers.
The boom of crypto-exchange in 2017 and in 2018. Tens and hundreds of millions of dollars were stolen because of the hacking system. Tens of thousands of users found that their money disappeared in an unknown direction, and the exchange itself was forced to close.
This is the brightest example of Black Hacking.
Look at the situation from the “white hacking”
A certain user finds vulnerabilities in the exchange and methods how to divert money from users.
He informs the administration of the exchange, shows how he found it and what he used. Helps to eliminate this vulnerability.
This is called “white hacking.”
Penetration tests are white hacking. Here are just those who are hacked and who are looking for vulnerabilities. They get a report and description of what and where their vulnerabilities are, how it was achieved.
For this purpose, a complex of methods is used: DDoS, social engineering tools, fraud and phishing tools.
In order to secure a product or system, sign a non-disclosure agreement and specify how seriously the product should be checked.
After receiving the results, it is highly recommended to take into account all the vulnerabilities and start their elimination.