- BackTrack 4: Assuring Security by Penetration Testing
- Shakeel Ali Tedi Heriyanto
- 446字
- 2021-04-09 21:20:59
Vulnerability assessment versus penetration testing
Since the exponential growth of an IT security industry, there are always an intensive number of diversities found in understanding and practicing the correct terminology for security assessment. This involves commercial grade companies and non-commercial organizations who always misinterpret the term while contracting for the specific type of security assessment. For this obvious reason, we decided to include a brief description on vulnerability assessment and differentiate its core features with penetration testing.
Vulnerability assessment is a process for assessing the internal and external security controls by identifying the threats that pose serious exposure to the organizations assets. This technical infrastructure evaluation not only points the risks in the existing defenses but also recommends and prioritizes the remediation strategies. The internal vulnerability assessment provides an assurance for securing the internal systems, while the external vulnerability assessment demonstrates the security of the perimeter defenses. In both testing criteria, each asset on the network is rigorously tested against multiple attack vectors to identify unattended threats and quantify the reactive measures. Depending on the type of assessment being carried out, a unique set of testing process, tools, and techniques are followed to detect and identify vulnerabilities in the information assets in an automated fashion. This can be achieved by using an integrated vulnerability management platform that manages an up-to-date vulnerabilities database and is capable of testing different types of network devices while maintaining the integrity of configuration and change management.
A key difference between vulnerability assessment and penetration testing is that penetration testing goes beyond the level of identifying vulnerabilities and hooks into the process of exploitation, privilege escalation, and maintaining access to the target system. On the other hand, vulnerability assessment provides a broad view of any existing flaws in the system without measuring the impact of these flaws to the system under consideration. Another major difference between both of these terms is that the penetration testing is considerably more intrusive than vulnerability assessment and aggressively applies all the technical methods to exploit the live production environment. However, the vulnerability assessment process carefully identifies and quantifies all the vulnerabilities in a non-invasive manner.
This perception of an industry, while dealing with both of these assessment types, may confuse and overlap the terms interchangeably, which is absolutely wrong. A qualified consultant always makes an exception to workout the best type of assessment based on the client's business requirement rather than misleading them from one over the other. It is also a duty of the contracting party to look into the core details of the selected security assessment program before taking any final decision.
Note
Penetration testing is an expensive service when compared to vulnerability assessment.
- 中文版3ds Max 2013-VRay效果圖制作從新手到高手
- 性能測試從零開始
- Photoshop CC超級學習手冊
- 中文版Photoshop CS6平面設計實用教程(第2版)
- 攝影照片修飾完全自學手冊
- ADOBE FLASH PROFESSIONAL CS6 標準培訓教材
- 音樂日記:Logic Pro X場景x風格編曲實用教程
- Python Testing: Beginner's Guide
- Photoshop 2024從入門到精通
- Photoshop手繪從新手到高手
- Building SOA/Based Composite Applications Using NetBeans IDE 6
- 老郵差 Photoshop數碼照片處理技法 圖層篇(修訂版)
- Apache Solr High Performance
- UG NX 10.0模具設計教程
- Photoshop CS5平面設計教程