What is Penetration Testing?
What is Vulnerability Assessment?
Difference between Vulnerability Assessment & Penetration Testing
|Penetration Testing (PT)||Vulnerability Assessment (VA)|
|Definition||Proof-of-concept approach to explore and exploit vulnerabilities||A systematic technical approach to finding the security loopholes in a network or software system|
|Tasks||Exploit the vulnerabilities to probe the damage that could result from the VA||Search and check the underlying design to detect holes|
|Process||Identifies unknown and exploitable vulnerabilities, and an independent outside service performs it.||Identifies known vulnerabilities that could be exploited, and it’s performed by in-house staff.|
What are the stages of Penetration Testing?
Penetration testers will prepare and gather the required tools, OS, and software to begin the penetration test.
The necessary tools vary depending on the type and scope of engagement but will be defined by a quality penetration tester at the start of any penetration test.
The organization being tested will provide the penetration tester with general information about in-scope targets, and the tester will gather additional details from publicly accessible sources.
Threat modeling is a process for prioritizing where remediation strategies should be applied to keep a system secure.
Penetration testers are expected to identify, validate, and evaluate the security risks posed by vulnerabilities.
This analysis of vulnerabilities aims to find flaws in an organization’s systems that a malicious individual could abuse.
This penetration test phase involves exploiting identified vulnerabilities in an attempt to breach an organization’s system and its security.
After the testing is complete, the penetration tester must consider the value of the compromised machine and its usefulness in further compromising the network.
An executive-level and technical-level report will be delivered covering what was tested, how it was tested, what vulnerabilities were found, and how the penetration tester found those weaknesses.