Abstract
This paper describes a penetration testing process in terms of risk assessment, vulnerability scanning, and analysis of pen testing techniques applied via tools. Starting the attack by issuing Nmap command to discover insecure running services and their related ports, to start finding vulnerabilities and do pen testing by exploiting them then analyze the results. The whole process is performed on virtual environment to show the effectiveness of pen testing in protecting organizations against vulnerabilities’ exploitation in order to reduce the risk to a minimal acceptable level.