Penetration Testing versus Vulnerability Assessment
Author: admin | Category: Featured, Penetration Testing, Vulnerability Assessment | Leave a Comment
What are the differences between penetration testing and vulnerability assessment? Good question, quite difficult to conclude. Okay, there is often some confusion between penetration testing and vulnerability assessment in the IT industry. Many people in the security field incorrectly use these terms interchangeably. However there are striking distinctions between these two. So it is worth spending few moments discussing the difference between these two terms.
Vulnerability assessment assesses network and systems for exposure to potential security weaknesses i.e. identifying areas that are vulnerable to a computer attack. A penetration test mainly consists of a vulnerability assessment, but it goes one step further. The information obtained from vulnerability assessment is used to penetrate the target or to exploit the target to gain the access. The emphasis is on gaining as much access of the target as possible by simulating the actions of a malicious hacker. In short vulnerability assessor will not compromise the system, where as the penetration tester does as far as they are within the scope.
The vulnerability assessment process is passive in nature. In a vulnerability assessment, software tools are used for identifying and quantifying all the vulnerabilities. On the other hand, a penetration testing is active and ethical hackers are employed to simulate the attack or aggressively apply all the technical methods to exploit the live production environment as part of testing the network and systems’ resistance.
The vulnerability assessment can be performed even by little experienced person, where as effective penetration testing can be conducted by experienced professions only.
The vulnerability assessment answers the question: “What are the vulnerabilities present and how to fix them?” Penetration testing answers the question: “Can any external or internal intruder gain access to the system, if yes, what they can attain?”
We can conclude vulnerability assessment is first stepping stone of a successful Penetration testing.