Pen testing can involve the attempted breaching of any number of application systems, (e.g, application protocol interfaces (APIs), frontend/backend servers) to uncover vulnerabilities, such as unsanitized inputs that are susceptible to code injection attacks.

The penetration testing process can be broken down into five stages: Planning and reconnaissance, Scanning, Gaining Access, Maintaining access, and Analysis.