What is penetration testing? and Why penetration testing?

[What is penetration testing?]
Penetration testing is a method of evaluating security levels of a particular system or network. This helps you determine the flaws related to hardware and software. The early identification helps protect the network. If the vulnerabilities aren't identified early, then they become an easy source for the attacker for the intrusion.

During penetration testing, a pen tester analyzes all the security measures employed by the organization for design weaknesses, technical flaws, and vulnerabilities. There are two types of testing.

There are black box testing and white box testing.
Black box testing simulates an attack from someone who is unfamiliar with the system, and white box testing simulates an attacker that has knowledge about the system.
Once all the tests are conducted, the pen tester prepares a report and includes all the test results and the tests conducted along with the vulnerabilities found and the respective countermeasures that can be applied.
Finally, the pen tester delivers the report to executive, management, and technical audiences.

[Why penetration testing?]
Penetration testing is required because it helps you to:

• identify the threats facing an organization's information assets.
• Reduce an organization's IT security costs and provide a better Return on Security.
• Investment(ROSI) by identifying and resolving vulnerabilities and weaknesses.
• Provide an organization with assurance: a thorough and comprehensive assessment of organizational security covering policy, procedure, design, and implementation.
• Gain and maintain certification to an industry regulation(BS7799, HIPAA, etc).
• Adopt best practices by conforming to legal and industry regulations.
• Test and validate the efficiency of security protections and controls.
• Change or upgrade existing infrastructure of software, hardware, or network design.
• Focus on high-severity vulnerabilities and emphasize application-level security issues to development teams and management.
• Provide a comprehensive approach of preparation steps that can be taken to prevent upcoming exploitation.
• Evaluate the efficiency of network security devices such as firewalls, routers and web servers.