Security Assessments, Vulnerabilty Assessments vs Penetration Testing
Many people in the information security field use the phrases “security assessment” and “vulnerability assessments” to identify the work done by penetration testers. But, there is a simple difference between the ideas of a penetration test and a security assessment.
A penetration test is aimed on getting in or stealing data, information or records. The emphasis is on the penetration of the target environment by exploiting found vulnerabilities.
Securities assessments and vulnerabilities, assessments are aimed on finding vulnerabilities, often without regard to actually exploiting them and getting in. Thus, penetration testing usually goes deeper, with its goal of taking over systems and stealing data, while security and vulnerability assessments are broader, involving the process of looking for security flaws. These assessments likewise involve policy and procedure review, which are usually not included in penetration testing.