Penetration testing, or pen testing, is the practice of running controlled attacks on a computer system, network, software, or other application in an attempt to find unpatched vulnerabilities or flaws. By performing pen tests, an organization can find ways to harden their systems against possible future real attacks, and thus make them less exploitable.