What is Penetration Testing?
What is Vulnerability Assessment?
Difference between Vulnerability Assessment & Penetration Testing
Penetration Testing (PT) | Vulnerability Assessment (VA) | |
Definition | Proof-of-concept approach to explore and exploit vulnerabilities | A systematic technical approach to finding the security loopholes in a network or software system |
Tasks | Exploit the vulnerabilities to probe the damage that could result from the VA | Search and check the underlying design to detect holes |
Frequency | Periodically | Continuous |
Process | Identifies unknown and exploitable vulnerabilities, and an independent outside service performs it. | Identifies known vulnerabilities that could be exploited, and it’s performed by in-house staff. |
What are the stages of Penetration Testing?

Pre-engagement Stage
Penetration testers will prepare and gather the required tools, OS, and software to begin the penetration test.
The necessary tools vary depending on the type and scope of engagement but will be defined by a quality penetration tester at the start of any penetration test.
Intelligence Gathering
The organization being tested will provide the penetration tester with general information about in-scope targets, and the tester will gather additional details from publicly accessible sources.
Threat Modeling
Threat modeling is a process for prioritizing where remediation strategies should be applied to keep a system secure.
Vulnerability Analysis
Penetration testers are expected to identify, validate, and evaluate the security risks posed by vulnerabilities.
This analysis of vulnerabilities aims to find flaws in an organization’s systems that a malicious individual could abuse.
Exploitation
This penetration test phase involves exploiting identified vulnerabilities in an attempt to breach an organization’s system and its security.
Post-Exploitation
After the testing is complete, the penetration tester must consider the value of the compromised machine and its usefulness in further compromising the network.
Reporting
An executive-level and technical-level report will be delivered covering what was tested, how it was tested, what vulnerabilities were found, and how the penetration tester found those weaknesses.
What are the methodologies we use in PT?

The approach of Penetration testing
