A controlled (and officially approved) attempt by someone playing the part of an attacker to see if they can break into a given computer system. It is not necessary that they actually break in: it can be more like ‘rattling all the door-knobs to see if any are unlocked’. Any successes that they have can then be used as guidance to improve the security systems in question.