Penetration testing

​Penetration testing is a testing of infrastructure and applications to expose weaknesses before an actual attacker can exploit these.

Penetration testing results in a report of which weaknesses need to be fixed. Often such a report includes severity of issues that had been found.

High severity issues need to be fixed, since they provide greater risks. I am not saying that lower severity issues need not to be addressed, they need to be addressed, but they represent lower risk than high risk issues.