Penetration testing is a proactive and authorized method of evaluating the security of a IT infrastructure by safely attempting to exploit system vulnerabilities, including OS, service and application error, inappropriate configurations, and precarious end-user actions.
It is done by simulating an attack from malicious outsiders (unauthorized users) and malicious insiders (users who have certain level of authorized access).
The process is also useful in validating the effectiveness of your security mechanisms, and end-users adherence to security policies.