Difference between a vulnerability assessment and a penetration testing!
What’s the difference between a vulnerability assessment and a penetration test? The answer to that question depends on who you choose to ask. For some people they are effectively one and the same thing; for others there are clear distinctions. So what’s the true position? Are vulnerability assessments and penetration test effectively two sides of the same coin, or are there clear differences between the two? The short answer is that whilst a penetration test may be a form of vulnerability assessment, a vulnerability assessment is definitely not a penetration test.
Vulnerability Assessments
A vulnerability assessment is the process of running automated tools against defined IP addresses or IP ranges to identify known vulnerabilities in the environment. Vulnerabilities typically include unpatched or mis-configured systems. The tools used to run vulnerability scans may be commercially available versions, or free open-source tools.
The commercial versions typically include a subscription to maintain up-to-date vulnerability signatures similar to software subscriptions. These tools provide a straight-forward method of performing vulnerability scanning. Organisations may also choose to use open-source versions of vulnerability scanning tools. The principle advantage of open-source tools is that they allow you to use the same tools of the trade as hackers: after all hackers are unlikely to pay an expensive subscription when they can download tools free. The advantage of using a commercially licensed vulnerability scanner is that there will be a low risk....>
Author
- Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
- LiveSeptember 5, 2024"40 Steps" Satellite Security - Registration for LIVE WORKSHOP IS NOW ON!
- LiveAugust 21, 2024"40 Steps" Game Hacking - Registration for LIVE WORKSHOP IS NOW ON!
- BlogDecember 13, 2022What are the Common Security Weaknesses of Cloud Based Networks?
- BlogOctober 12, 2022Vulnerability management with Wazuh open source XDR
Subscribe
0 Comments
Newest