What is the difference between penetration testing vs a vulnerability scan?The main difference between penetration testing and a vulnerability scan or assessment, is that the vulnerability scan is an automated test that looks for potential vulnerabilities where a penetration test combines automated and is a hands-on examination by the tester. Penetration testing actually acts as or simulates a hacker. With ethical hacking, a penetration test searches for vulnerabilities and proves that the vulnerability can be exploited. Penetration testing uses cracking passwords, buffer overflow, and SQL injections to try to compromise and extract data in software applications and networks. A vulnerability scan is a tool-based approach.