A penetration test (also known as a pentest) is a security assessment that simulates the activities of real-world attackers to identify security holes in your IT systems or applications.
The aim of the test is to understand what vulnerabilities you have, how they could be exploited, and what the impact would be if an attacker was successful.
Usually performed first, an external pentest (also known as external network penetration testing) is an assessment of your perimeter systems. Your perimeter is all the systems that are directly reachable from the internet. By definition, they are exposed and are, therefore the most easily and regularly attacked.
Testing for weaknesses
External pentests look for ways to compromise these external, accessible systems and services to access sensitive information and see how an attacker could target your clients, customers or users.
In a high-quality external pentest, the security professional(s) will copy the activities of real hackers, like executing exploits to attempt to gain control of your systems. They will also test the extent of any weaknesses they find to see how far a malicious attacker could burrow into your network, and what the business impact of a successful attack would be.
images from Hacker News