Assessment Vs. PenTesting
There are two very different ways to test your systems for vulnerabilities.
Penetration testing and vulnerability scanning are often confused for the same service. The problem is, business owners purchase one when they need the other. A vulnerability scan is an automated, high-level test that looks for and reports potential vulnerabilities.
A Penetration test is a detailed hands-on examination performed after the vulnerability scan. The engineer will use the scanned findings of vulnerabilities to create scripts or find scripts online that can be used to inject malicious codes into the vulnerabilities to gain access to the system.
Cyber Security Consulting Ops will always offer our customers’ vulnerability scanning instead of a Penetration Test because it doubles the work and may cause outages. If a customer wants us to do PenTesting. They should understand there is a higher risk for an outage so, they must accept the risk of possible outage because of code/scripts injections into their systems.
What Is A Vulnerability Assessment Scan?
A vulnerability assessment is a process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system. The overall objective of a Vulnerability Assessment is to scan, investigate, analyze and report on the level of risk associated with any security vulnerabilities discovered on the public, internet-facing devices and to provide your organization with appropriate mitigation strategies to address those discovered vulnerabilities. The Risk-Based Security Vulnerability Assessment methodology has been designed to comprehensively identify, classify and analyze known vulnerabilities in order to recommend the right mitigation actions to resolve the security vulnerabilities discovered.