December 2011
Beginner
552 pages
13h 30m
English
Vulnerability identification, detection, and prioritization are all assessment functions. You can classify a product as penetration testing only if it actually exploits a given vulnerability. Vulnerability assessment and penetration testing complement each other. They do different things, so they must be two separate categories. This confusion is often encountered during the sales process. The penetration testing product picks up where the vulnerability scans leave off.
Vulnerability assessment does an adequate job of providing the tester with a snapshot of the current network configuration. Unfortunately, this snapshot does not address the implication of a successful intrusion to organizational ...