Penetration testing is the process of simulating a cyberattack to test the security of an information system. NIS2 requires ESPs to conduct penetration testing on a regular basis.
A guide to ISO 27001 penetration testing
Web application penetration testing: The beginner's guide
Internal vs. external penetration testing: How do they differ?