Exactly what are we testing? The most frequently occurring objects of a penetration test are the actual life systems and network. Given our broad definition of penetration test, as synonym to security assessment, the object can also be the network architecture, application design or source code. Such a security assessment is sometimes called a virtual penetration test or penetration test on paper. It is often combined with a verification of the findings on the actual life system. Two frequently occurring penetration tests on paper are a "Network Architecture Review" and an "Application Source Code Review".