Imagine a world in which products are released to the market that have flaws in them. Where the demands and pressures to get products to market are such that time is of the essence and resources are potentially limited. In that world, the ability to test, and to test fully and exhaustively, is limited. When there are a variety of tests that need to be undertaken (usability testing, user interface testing, functionality testing, capacity testing, load testing and on it goes), the concept of security testing is often pretty low down on the agenda.
So, a situation where a product with flaws is released into the marketplace is actually a fact of life. What is also a fact of life is that people have made a career and big business out of finding those flaws and then exploiting them for commercial gain. Unlike the casual, curious user, there are factories of organised groups with one aim, and one aim only in mind; to break a system. Once they break the system and access your data, the world is their literal oyster. From extortion, to stealing your identity, to stealing your actual money. All are within easy reach once a system is breached.
The line of defence against this to employ professional good guys, with the skills, knowledge and experience of the bad guys, and get them to try to break your system. Ideally before you go live with it. Then, based on those findings, they try to fix the breaks, close the windows, bolt the doors, and secure the system to the best of their ability to protect your users. This is called a penetration test. It is a specialism. It is in demand. It is also the right thing to do.
Penetration testers are highly qualified individuals. Often, they come with experience of walking on the wrong side of the tracks. This can sit uncomfortably with some, but there is no denying that employing someone who has walked-the-walk will reap the rewards, and lead to a more secure end product if the advice is heeded.
A penetration test in all of its many forms is a test that is designed to seek to break a system, gain unauthorised access and exploit those flaws for gain.
Thankfully there is a list of trusted pen testing suppliers that can help with pen testing.