Vulnerabilities Assessment vs Penetration Testing

In this post, I would like to share the difference between Vulnerabilities Assessment vs Penetration Testing during real-life security testing. However, some organizations might want to do Vulnerabilities Assessment and Penetration Testing depending on the project scope and budget.

There might be a possibility that organizations misunderstood and misguide about Vulnerabilities Assessment and Penetration Testing.

Vulnerabilities Assessment

Vulnerabilities Assessment is a procedure that well suited to the situations where they will normally scan using Wireshark, Nessus, Nmap, and Nikto Tools. A Security Consultant will use the Vulnerabilities Assessment as an ideal methodology for those organizations that have Medium to Critical Severity Level within the system that considered important to an organization and other people such as Financial System.

An organization is advised to maintain its system protection by doing continuous vulnerabilities assessment about once a month or once a year. Vulnerabilities Assessment approach will provide the organization with a list of known and vulnerability that need to be resolve to avoid the attacker to take advantage of it.

Penetration Testing

Aside from Vulnerabilities Assessment activity, Penetration Testing activity can also be used to verify the vulnerability and exploit the vulnerabilities. The activity also can be provide valid

Read More: