Vulnerability quiz: Question No. 2
When is it better to perform a vulnerability assessment versus a penetration test?
B. When you seek a larger overview of the environment, versus a smaller more focused view.
A vulnerability assessment shows all vulnerabilities on all systems, where a penetration test only shows one or more vulnerabilities that can be penetrated. Vulnerability and penetration can both negatively affect devices, requiring them to be rebooted. In reality, security professionals usually enjoy conducting a penetration test, because it poses a challenge and requires skill. Penetration tests are considered ethical hacking and allow professionals to "play" with the tools that they love. On the business side of things, many security professionals do not like to carry out penetration testing, because it can take a significant amount of time that the customer may not be willing to pay for. Experienced security professionals know the level of risk that a company is under after carrying out a vulnerability assessment. Unfortunately, it is sometimes necessary to prove to the customer that their environment can actually be penetrated, which is why penetration tests are carried out. In a regular course of business, vulnerability assessments should be continually carried out and identified risks mitigated. Penetration testing is not as critical.