Penetration testing is an opportunity to assess the level of protection of an information system from illegal penetration into it from public networks. The essence of the test is to identify the flaws in the security system by looking at it through the eyes of a cybercriminal who is interested in gaining unauthorized access to the information system. When conducting a penetration test, depending on the scenario, specialists may have a different amount of initial data about the studied information system. From the complete lack of information about the hardware and software solutions used to ensure information security, to the availability of all information about its structure and organization. The SecOps methodology has been investigated, which helps the information security auditor to solve security problems by automating processes in the organization and his temporary detection of vulnerabilities in it.