Vulnerability Assessment versus Penetration Testing

There seems to be a certain amount of confusion in the industry between a Vulnerability Assessment and a Penetration Test, as these two terms are frequently interchanged.

 

A Vulnerability Assessment is the process of identifying, classifying and ranking found security vulnerabilities in a system against known and documented ones, whereas a Penetration Test is a goal-oriented exercise to actively exploit found security vulnerabilities in an attempt to determine whether unauthorised access or other malicious activity is possible. With the latter this can lead to the discovery of unclassified or new vulnerabilities in systems.

 

A Vulnerability Assessment provides an initial overview of a company’s security stance, whereas a Penetration Test provides a more thorough review of a company’s security posture.

 

 

Vulnerability Assessment (VA).

External and Internal Network Vulnerability Scanning is a crucial part of every security program.  However, budgets do not always allow for the cost of an extensive consultancy- based Penetration Test. Cost effective automated scanners go some way to resolving this issue, but the limitations of automated systems are well documented and understood.

 

Tek-nology Solutions addresses this problem through a unique Managed VA service that uses qualified senior consultants controlling special purpose scanners.  The result is the quality of a consultancy based external Penetration Test with the cost more comparable to an automated service.

 

 

Penetration Test

Our consultancy based Penetration Testing follows the best practice OSSTMM and NIST approaches, as well as OWASP for web application testing, ensuring the reports produced can provide the greatest level of assurance.

 

Tek-nology Solutions has extensive experience with web application security, ranging from architecture design through to code reviews and external postproduction assessment.

 

Our consultants have a background in academic programming and professional development as well as security.  We test Java, .NET, PHP, Coldfusion and many other technologies to the OWASP methodology, finding SQL injection, XSS, malicious code and logic errors that create vulnerabilities that can expose your applications or clients to exploitation.

Our assessments include, but are not limited to:

 

  • External Penetration Testing
  • Internal Penetration Testing
  • Web Application Testing
  • Wireless Security Assessments
  • Database Auditing
  • Code Reviews
  • Incident Response
 
Security