Abstract. Penetration testing (or “pen testing”) is a proactive security technique used to evaluate the defenses of computer systems, networks, and applications by simulating attacks. This article provides a comprehensive overview of penetration testing, covering its phases, methodologies, tools, and ethical/legal considerations. We describe key steps such as planning, reconnaissance, exploitation, and reporting, and discuss different approaches (external, internal, blind, etc.). Common tools (e.g. Nmap, Metasploit, Burp Suite) are reviewed. Ethical issues such as obtaining authorization and complying with laws (e.g. avoiding unauthorized access) are highlighted. Practical examples and diagrams illustrate how penetration tests are conducted in real-world scenarios.