Cyber Doc logo Cyber Doc
Cybersecurity Term

What is a proof of concept?

Safe evidence used to show that a security weakness is real and understandable.

Penetration Testing Last reviewed: 2026-05-20

← Back to Learn Centre

What is a proof of concept?

In security testing, a proof of concept is evidence that a weakness can be triggered or exploited in a controlled and authorised way.

Simple example

A tester demonstrates that a low-privilege user can access a record they should not be able to see.

Why it matters

A safe proof of concept helps the business understand impact without causing unnecessary harm.

Common warning signs

  • The activity is unexpected or unusual for the business context.
  • The request or system behaviour creates pressure to act quickly.
  • Normal approval, verification, or security processes are bypassed.
  • There are signs of unauthorised access, data exposure, or system change.
  • Staff are unsure whether the request, message, or system behaviour is legitimate.

Cyber Doc view

This term should be understood in business context, not only as a technical issue. Good protection usually combines clear processes, appropriate technical controls, staff awareness, and a calm response plan.

What to do

Proactive steps

  • Agree how much evidence is acceptable before testing.
  • Avoid destructive demonstrations unless explicitly authorised.
  • Use minimal evidence needed to prove the issue.
  • Protect sensitive data in reports.
  • Retest fixes safely.

Reactive steps

  • Stop if the proof of concept causes unexpected impact.
  • Preserve logs and evidence.
  • Notify the agreed contact person.
  • Assess whether data or systems were affected.
  • Use the evidence to guide remediation.

Related terms

  • Penetration testing
  • Evidence
  • Remediation