In the field of cybersecurity, the terms "security audit" and "penetration test" (pentest) are often used interchangeably, but they refer to different approaches.
The Security Audit: Evaluating Compliance
The security audit is a methodical evaluation to verify if the system complies with a standard (e.g., ISO 27001). It is a theoretical approach based on checklists and automated vulnerability scanners.
The Penetration Test: Simulating a Cyberattack
The pentester plays the role of an attacker. They use complex manual exploitation techniques to compromise a system, extract sensitive data, and prove that a vulnerability is truly exploitable.