Penetration
testing and Vulnerability assessment what actually a difference, it is a
complicated topic to be discussed. People are often classified as the
same thing when in fact they are not. Penetration Testing does sound a
lot more exciting, but in our experience we have found that most
clients actually require a comprehensive Vulnerability Assessment or
V.A. and not a more intrusive Penetration Test.
Vulnerability Assessment
A
vulnerability assessment is the process of identifying, quantifying,
and prioritizing (or ranking) the vulnerabilities in a system. Examples
of systems for which vulnerability assessments are performed for
include, but are not limited to, nuclear power plants, information
technology systems, energy supply systems, water supply systems,
transportation systems, and communication systems.
-WikiPedia
Penetration Testing
Penetration
Testing is a process used to probe the security of a system or
application to determine if there are any security vulnerabilities
which could be exploited by an attacker or stumbled upon by a person not
authorized to access that system or application.
-www.queensu.ca
- Penetration Testing is focused on actually gaining unauthorized access, while vulnerability assessment used to identify the possible vulnerability on the network.
- Penetration Testing is focused on the impact of an attack, while vulnerability assessments give's the overview of the flaws on a network or web.
- A Penetration Testing simply answers the questions: “Can any External Attacker or Internal Intruder break-in and what can they attain?” While vulnerability assessment answers the question: “What are the present Vulnerabilities and how do we fix them?”
No comments:
Post a Comment
Left your LOG