Short for “penetration testing,” this practice is a means of evaluating security using hacker tools and techniques with the aim of discovering vulnerabilities and evaluating security flaws.
This is really the a rubber stamp now a days to ensure the "front door" is closed. you provide a URL or IP to a 3rd party firm and they try to break in. This is more of a "legal risk wavier" if you will more than anything. It does not mean your systems are secure. it just means someone using the Main way people get in can't get in with out a username/password. That is it.
Lots of people believe they are secure if they pass a pen test. That is as far from the truth as you could possibility get.
Read more at Woods LLP