Understanding the Difference Between Vulnerability Assessment & Penetration Test
What is the difference between Vulnerability Assessment & Penetration Test? This may sound like a fundamental question but will allow you to gauge if your penetration tester is taking the right approach. It's important to know that the prospective vendor can explain the differences in a penetration test. Beware of vendors who try to convince you that 'penetration' and 'scans' are the same or use those words interchangeably. If the vendor states that their penetration testing process is fully automated, then you don't want to hand over your systems to them.
Objective of Vulnerability Assessment
Vulnerability assessment is a process of identifying, quantifying and prioritizing system weaknesses in order to apply a patch or fix to prevent a compromise. The vulnerability assessments need to be carried out at least once a month to ensure that all necessary applications are properly patched and there are no misconfigured systems. AKATI Consulting offers both Manual and Automated Vulnerability Assessment.
Vulnerability Assessment Targets
2. Network Devices
3. Wireless Network
4. Applications (including mobile applications: Android App & iOS App and web applications)
5. Workstations & other devices
Let us know the vulnerability assessment targets and quantity as follows, and we will provide you with a comprehensive quotation:
1. Servers – number of nodes
2. Network Devices – number of IPs
3. Wireless Network – number of SSIDs
4. Applications (including mobile applications: Android App & iOS App and web applications) – number of applications
5. Workstations & other devices – number of workstations & other devices
Return to Operational Security