Skip to main content
Vulnerability Assessment vs. Penetration Testing

Vulnerability Assessment

Vulnerability scanning and penetration tests are fairly common among larger IT organizations and they are becoming more common in smaller shops as well. In some organizations these terms are used interchangeably to identify processes meant to root our weaknesses in applications and infrastructure, but is that right? What is the difference between a vulnerability scan and a penetration test, and how do these differences impact the goal of discovering exploitable weaknesses in an enterprise?

Vulnerability scans tend to use automated tools, with some manual support, to identify known weaknesses in a target enterprise. These scans can be a perfunctory as a port scan, or a scan for PCI compliance or the OWASP top ten vulnerabilities. The market is full of good tools that meet any need and a properly scoped vulnerability scan can reveal a lot about an environment, including unapplied patches, vulnerable software versions, common weaknesses in applications and gaps in network controls like firewalls. What a vulnerability scan cannot do, is exploit those weaknesses to prove their severity or determine the extent the control environment's potential for compromise. A vulnerability scan also cannot often identify when other controls in an environment might mitigate vulnerability and render it useless as an exploit.

Penetration Test

A penetration test can use a vulnerability scan, in fact, reconnaissance is part of any attack against an enterprise. Penetration tests usually involve manual effort, though a very basic penetration test can be performed by an assortment of tools that seek to exploit the very most basic vulnerabilities and deliver a payload. These are good for identifying issues in less secure or less mature environments that lack good detective controls or have a poor understanding of how their environment is constructed. More mature environments with the resources and technology to provide multiple layers of protection may be able to detect and mitigate these simpler penetration tests. A good, manual penetration test, with skilled practitioners, can reveal the less obvious holes in a controlled environment, the sort that results in major compromises in the real world.

When performing a penetration test, or engaging a third party to perform a penetration test, it is important to make sure not to scope the engagement incorrectly. Often, out of concern for availability or reliability of production systems a penetration test will be scoped to something more akin to a vulnerability scan. While there is some risk that a penetration test can cause availability issues with production systems, this is rare with skilled pen-testers. By limiting the scope of a penetration test to carve out the most important or vulnerable systems, or limiting vectors of attack, organizations do themselves a disservice.

Get a FREE security evaluation today and reduce your organization's security risk.
Schedule My Call Schedule My Call

Get a Customized Proposal

Use our Scoping Questionnaire to provide us with the necessary information to put together a proposal for you. Please be as thorough as possible with your responses, as it helps us ensure an accurate and complete proposal.
If you're interested in application penetration testing, you may find this article helpful when formulating your responses: Understanding Application Complexity For Penetration Testing.

If you have any questions, contact us at 612-234-7848 or schedule a meeting. We will follow up promptly once we receive your responses. We look forward to speaking with you soon.

Having trouble viewing the Scoping Questionnaire? Check to see if an ad-blocker is keeping the page from loading properly.

Dedicated Client Portal

Interact in real-time with your RedTeam security professionals on our user-friendly client portal and see firsthand as the team closes in on your company data.

Certified Security Experts

Our trusted security professionals hold certifications from the leading industry organizations, including OSCP, CASS, CPT, CISSP and more.

Research-Focused Approach

We hold industry-leading certifications and dedicate part of every day to research the latest exploit techniques to ensure our clients remain protected from evolving online attacks.

Free Remediation Testing

Once your team addresses remediation recommendations, RedTeam will schedule your retest at no additional charge.