1. Penetration Testing :
Penetration testing is done for finding vulnerabilities, malicious content, flaws and risks. It is done to build up the organizations security system to defend the IT infrastructure. It is an official procedure that can be deemed helpful and not a harmful attempts. It is part of an ethical hacking process where it specifically focuses only on penetrating the information system.
2. Vulnerability Assessments :
Vulnerability assessment is the technique of finding and measuring security vulnerabilities (scanning) in a given environment. It is an all-embracing assessment of the information security position (result analysis). It is used to identifies the potential weaknesses and provides the proper mitigation measures to either remove those weaknesses or reduce below the risk level.
Differences between Penetration Testing and Vulnerability Assessments :
|S.No.||Penetration Testing||Vulnerability Assessments|
|1.||This is meant for critical real-time systems.||This is meant for non-critical systems.|
|2.||This is ideal for physical environments and network architecture.||This is ideal for lab environments.|
|3.||It is non-intrusive, documentation and environmental review and analysis.||Comprehensive analysis and through review of the target system and its environment.|
|4.||It cleans up the system and gives final report.||It attempt to mitigate or eliminate the potential vulnerabilities of valuable resources.|
|5.||It gathers targeted information and/or inspect the system.||It allocates quantifiable value and significance to the available resources.|
|6.||It tests sensitive data collection.||It discovers the potential threats to each resource.|
|7.||It determines the scope of an attack.||It makes a directory of assets and resources in a given system.|
|8.||The main focus is to discovers unknown and exploitable weaknesses in normal business processes.||The main focus is to lists known software vulnerabilities that could be exploited.|