Intrusion tests (abbreviated as pen tests) consist in testing an information system's protection methods by subjecting the system to a real situation.
Two methods are generally used:
The consent (preferably written) of the highest level of the hierarchy must be received before these tests are performed, the reason being that they could cause possible damage and because the methods used are considered illegal without the express authorization of the system owner.
An intrusion test is a good way to increase the awareness of those involved in the project when it reveals a flaw. On the other hand, it does not guarantee system security because the testers may miss detecting vulnerabilities. Security audits are a better method for ensuring a higher level of system security because they take organizational and human elements into account and the security is anaylsed internally.