A penetration test (pen test) is a simulated attack on a system that evaluates its security. For this test, we can use tools like Kali Linux (https://www.kali.org/), which is a Debian-based Linux distribution, with a penetration testing platform that has several tools available for verifying the OWASP Top 10, and more.

Kali has an extensive list of tools that can be used for several purposes such as wireless attacks, information gathering, exploiting and verifying web applications, and so on. If you'd like to see a detailed list of tools, go to the following link: https://tools.kali.org/tools-listing. Teams should provide a pen test before delivering an application to a production environment.

In the next section, we will create a Java application based on Spring Security. We will use Auth0 as the authentication and authorization as a service platform, which is a third-party authorization based on the OAuth2 standard and JWTs.