What is the difference between VA(Vulnerability Assessment) and PT(Penet

Post Reply
saloniraletta
Posts: 1958
Joined: Tue Jul 30, 2019 2:22 pm

Wed Aug 14, 2019 2:18 pm

is the process of finding flaws on the target. Here, the organization knows that their system/network has flaws or weaknesses and want to find these flaws and prioritize the flaws for fixing.

Penetration Testing is the process of finding vulnerabilities on the target. In this case, the
manoharparakh
Posts: 178
Joined: Wed Jan 29, 2020 2:36 pm

Thu Feb 13, 2020 11:48 am

Vulnerability Assessment is all about running the right tool at right place. It is more inclined towards finding the vulnerability in application/network and reporting them. In VA you come to know what the vulnerability is and what it can do but you don't explore how it can do . That “how” question is explored when you do Penetration Testing.

Penetration Testing is about exploiting the vulnerability either through tool or writing your own exploit code. In PT you explore how you can exploit the vulnerability found during the VA.

https://esds.co.in/security/vtmscan
manoharparakh
Posts: 178
Joined: Wed Jan 29, 2020 2:36 pm

Mon Jun 01, 2020 10:52 pm

Vulnerability Assessment is all about running the right tool at right place. It is more inclined towards finding the vulnerability in application/network and reporting them. In VA you come to know what the vulnerability is and what it can do but you don't explore how it can do . That “how” question is explored when you do Penetration Testing.

Penetration Testing is about exploiting the vulnerability either through tool or writing your own exploit code. In PT you explore how you can exploit the vulnerability found during the VA.

E.g. In VA you found that the application is vulnerable to Cross Site Scripting. Using the vulnerability how you can steal user cookie and do account takeover will be a part of PT.

https://esds.co.in/security/vtmscan
https://esds.co.in/security/vtmscan
https://www.esds.co.in/soc-as-a-service
https://www.esds.co.in/security-insight-services
Post Reply