Penetration Testing Guide


Vulnerability assessment and penetration testing have gained high importance especially in the last couple of years. Organizations often have a complex network of assets storing sensitive data. Such assets are exposed to potential threats from inside as well as from outside the organization. To
get an overview of the security posture of the organization, conducting a vulnerability assessment is essential.
It is important to understand the clear difference between vulnerability assessments and penetration testing. To understand this difference, let’s consider a real-world scenario. You notice that your neighbor’s door isn’t locked properly, and the neighbor is not at home. This is a vulnerability assessment. Now if you actually open the neighbor’s door and enter the house, then that is a penetration test. In an information security context, you may notice that the SSH service is running with weak credentials; this is part of a vulnerability assessment. If you actually use those credentials to gain access, then it is a penetration test. Vulnerability assessments are often safe to perform, while penetration tests, if not performed in a
controlled way, can cause serious damage on the target systems.
Thus, a vulnerability assessment is one of the essential prerequisites for conducting a penetration test. Unless you know what vulnerabilities exist on the target system, you won’t be able to exploit them.


Leave a Reply

Your email address will not be published. Required fields are marked *