Difference Between Vulnerability Assessment & Penetration Testing


Vulnerability assessment and penetration testing are two terms that are often used together and are also confused with each other. Both are ways to discover vulnerabilities in your website, application, network or system, but what are the differences?

Comparison

What is a Vulnerability Assessment?

With a Vulnerability Assessment, we test in such a way that as many vulnerabilities as possible are found without spending time trying to exploit them to see how far you can get. Finding more vulnerabilities is often more valuable because it allows to reduce risks more effectively: exploring wide, instead of (only) deep.


What is a Pentest?

Penetration Testing (or pentesting) means that tests are performed from the perspective of an attacker, and when a vulnerability is found, our ethical hackers exploit the weak spot to see how deep or far an attacker can get. During a penetration test, it is therefore only of secondary importance whether there are multiple vulnerabilities. The aim of a pentest is to illustrate as clearly as possible what the consequences of one issue with your IT security could be, and what that would mean to your organization.


The Strength of the Combination, VA/PT!

With our combined service Vulnerability Assessment and Pentest (VA/PT) you will receive a complete overview of the found vulnerabilities and will discover what the impact would be of leaving such vulnerabilities unpatched. Based on these test results, Secura can guide you and give advice on how to improve your cyber resilience.

Learn about VA/PT keyboard_arrow_right
Or contact us

Overview of Differences

Aspect
Vulnerability Assessment
Penetration Testing
Scope

Wide, exploratory by nature

Deep focus on specific vulnerability
GoalFind as many vulnerabilities as possible.Exploit discovered vulnerability to reach admin/root level

Duration

Quick to complete, automatedTime consuming, manual work
False Positives
Are produced, especially when automated
Are manually filtered out
Impact
Will not impact business processes
Might disrupt business processes
Test methods
Authenticated and unauthenticated
Black/White/Grey/Crystal-box
Frequency
Organizational Attack Surface
Critical assets (crown jewels)
Interaction
Full interaction with client team
None, or limited during testing
Report
Partial details on problem, no mitigation advice.
Full details of vulnerability exploitation and how to mitigate.
Costs
Cost-effective since it can be automated
Relatively costly because of duration and requires highly skilled knowledge
Results
Overview of all current vulnerabilities
Illustrate what consequences a vulnerability could have for your organization


Tell me more about VA/PT!

Fact sheets

Vulnerability Assessment & Penetration Testing

Explains the scope, targets and technologies of Vulnerability Assessments and Penetration Testing.

Download fact sheet file_download
Partners of Secura

Cybersecurity is more than technology alone. Secura collaborates with partners in compliance and risk management, integrated application security, privacy, IT- and internet law and certification.