Difference between a vulnerability assessment and a penetration testing by Arthur Soghomonyan

Oct 19, 2015

Difference between a vulnerability assessment and a penetration testing!

What’s the difference between a vulnerability assessment and a penetration test? The answer to that question depends on who you choose to ask. For some people they are effectively one and the same thing; for others there are clear distinctions. So what’s the true position? Are vulnerability assessments and penetration test effectively two sides of the same coin, or are there clear differences between the two? The short answer is that whilst a penetration test may be a form of vulnerability assessment, a vulnerability assessment is definitely not a penetration test.

Vulnerability Assessments

A vulnerability assessment is the process of running automated tools against defined IP addresses or IP ranges to identify known vulnerabilities in the environment. Vulnerabilities typically include unpatched or mis-configured systems. The tools used to run vulnerability scans may be commercially available versions, or free open-source tools.

The commercial versions typically include a subscription to maintain up-to-date vulnerability signatures similar to software subscriptions. These tools provide a straight-forward method of performing vulnerability scanning. Organisations may also choose to use open-source versions of vulnerability scanning tools. The principle advantage of open-source tools is that they allow you to use the same tools of the trade as hackers: after all hackers are unlikely to pay an expensive subscription when they can download tools free. The advantage of using a commercially licensed vulnerability scanner is that there will be a low risk....

Author

Hakin9 TEAM
Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023