1. Security testing in which evaluators attempt to circumvent the security features of a system based on their understanding of the system design and implementation. [INFOSEC-99]2.Tests performed by an evaluator on the Target of Evaluation in order to confirm whether or not known vulnerabilities are actually exploitable in practice[ITSEC].3.The portion of security testing in which the penetrators attempt to circumvent the security features of a system. The penetrators may be assumed to use all system design and implementation documentation, which may include listings of system source code, manuals, and circuit diagrams. The penetrators work under no constraints other than those that would be applied to ordinary users [TCSEC].