What are the deferences between the penetration test and the vulnerability assessment ?
we have to know that there's a different types/categories of security assessments to assess the level of the security on any network resources in the organization, security assessment divided into three categories:
security audit, vulnerability assessments, penetration test.
1- Security audit: focus on the people and processes used to design, implement and manage security on a network.
2- Vulnerability assessment: is a basic type of security. It helps you in finding the weaknesses by scanning a network by using scanning tools, vulnerability scanners can test systems and network devices for exposure to common attacks.
3- Penetration Test: also called “ethical hacking”, it's a process of evaluating the security of the network by trying all possible attacks like the real attack (hacker) does. As a pen-tester you will be limited by resources such as time, skilled resources and access to equipment as outlined in the penetration test agreement.
Penetration Testing goes beyond the vulnerability scanning in the category of security assessment. With the vulnerability scanning, you can always examine the security of the individual computers, network devices or applications but penetration test allows you to assess the security model of the network as a whole. Penetration test help you to reveal potential consequences of a real attacher breaking into the network to network administrators, IT managers and executives. Penetration test also reveals the security weaknesses that a typical vulnerability scanning misses.
Penetration test not only point out vulnerabilities, it will also document how the weaknesses can be exploit and how several minor vulnerabilities can be escalated by n attacker to compromise a computer or network.
Most Vulnerability assessment are carried out sloly based on software and cannot assess security that is not related to technology.