Penetration testing is a security-oriented strategic probing of the system from internal or external with little or no prior knowledge of the system itself, to seek out vulnerabilities that an attacker could exploit. When we talk about penetration testing, it is not restricted to a standalone machine; it can be any combination of web or network application, host or networks, and on cloud or in premises. In other words, penetration testing is the activity of assessing all the components of IT infrastructure, including but not limited to operating systems, network communication protocols, applications, network devices, IoT connected devices, physical security, and human psychology, using the exact same target approach and method as that of an attacker but performed by authorized and experienced security professionals well within the scope approved by the Board or managers of the organization.

"A penetration test, informally a pen test, is an attack on a computer system that looks for security weaknesses, potentially gaining access to the computer's features and data" is the definition provided by Wikipedia. There are variations of pen tests in simulating internal penetration or external penetration, and varying the amount of target information provided. Each one of them has its own benefits, but it actually depends on what gets you maximum assurance and also, what the need of the moment is.