A systematic review process, executed from a network address outside of the target network, that uses software tools designed to search for and map systems for weaknesses in an application, computer, or network. The intent is to determine if there are points of weakness in the security control system that can be exploited from outside the network. For assessments, this term may refer directly to scoped target data or systems.