A penetration test (“PenTest” for short) is a simulated attempted attack on defined corporate units.
Typically, this refers above all to general PenTests from outside the organization via the internet targeting its IT in order to identify vulnerabilities or targeted attacks on defined critical systems. But there are also further scenarios that can be useful (home office scenario, lateral movement, …). PenTests can be combined with social engineering, in which the contracted provider uses extended approaches (USB stick in the car park, physical access to offices, …) to test access.
Nowadays, PenTests are often performed as white-box or gray-box tests. In these, attackers are already familiar with (parts of) the IT system that is to be tested, which enables them to search for vulnerabilities in a targeted manner. However, the previous standard of black box testing is still effective in defined environments.