It could be argued that the difference between a penetration test and vulnerability scanning is the act of exploitation. A vulnerability scanning (or analysis) service is engineered to identify vulnerabilities and determine a level of risk based on the potential of the vulnerability without regard for other environmental conditions on the network that may enhance or cancel out the vulnerability altogether. Without pushing the limits of the vulnerability, the actual risk associated with the vulnerability will remain conjecture. By exploiting the vulnerability, a company can determine the impact of not rectifying the problem as ...

Get The Ethical Hack now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.