Information is more vulnerable than ever; and every technological advance raises new security threat that requires new security solutions. Penetration testing is conducted to evaluate the security of an IT infrastructure by safely exposing its vulnerabilities. It also helps in assessing the efficiency of the defense mechanisms tools and policy in place. The Penetration testing is conducted regularly to identify risks and manage them to achieve higher security standards. In this paper we discuss the importance of penetration testing, factors and components considered while conducting a penetration test, we present a survey of tools and procedures followed, role of penetration test while implementing in the IT governance in an organisation and finally the professional ethics to be possessed by the team involved in penetration test.