Difference between vulnerability assessment and penetration testing

Penetration Testing Vulnerability Assessments
A penetration test takes the vulnerability assessment to a different level. Penetration test takes advantage of the vulnerabilities identified in vulnerability assessment by exploiting the system to escalate privileges to gain control of the network or to steal sensitive data from the system. A vulnerability assessment is the process of running automated tools against defined IP addresses or IP ranges to identify known vulnerabilities in the environment.
Cleans up the system and gives final report. Attempts to mitigate or eliminate the potential vulnerabilities of valuable resources.
It is non-intrusive, documentation and environmental review and analysis. Comprehensive analysis and through review of the target system and its environment.
It is ideal for physical environments and network architecture. It is ideal for lab environments.
It is meant for critical real-time systems. It is meant for non-critical systems.
The penetration test should be performed by a skilled and experienced penetration tester at least once a year and definitely after significant changes in the information systems environment to identify exploitable vulnerabilities in the environment that may give a hacker unauthorized access to the system.

The vulnerability assessment should be performed regularly to identify and fix known vulnerabilities on an on-going basis.

Share This: