Is a Penetration Test the same as a Vulnerability Assessment?
Some may use the terms "Penetration Test" and "Vulnerability Assessment" interchangeably when actually, they are different types of engagements that yield similar yet different results. A vulnerability assessment and a penetration test are not mutually exclusive. They both leverage similar tactics and techniques to achieve your organizational goals.
Penetration testing exploits vulnerabilities in your system architecture, while a vulnerability assessment checks for known vulnerabilities and generates an evaluative report on risk exposure.
A penetration test delivers a narrative of how an attacker might actively conduct an attempt to breach security measures in order to access a specific objective. It simulates a real-world attack on a particular target. For example, if an organization wants to determine if an outside entity could obtain a domain administrator’s login credentials, a penetration test would identify whether such an attack would be successful.
A vulnerability assessment is generally wider in scope than penetration testing and identifies all of the potential attack vectors and vulnerabilities that could negatively impact an organization. A vulnerability assessment also provides context with which to rank the level of impact associated with each vulnerability it finds so you can ascertain whether the threat risk is high or low. Unlike a vulnerability assessment which only identifies known vulnerabilities, penetration testing employs the human ingenuity of one of our security experts to seek out and identify unknown vulnerabilities and then exploit them in order to determine how much of a risk they pose to a network.
Wildcard utilizes the Open Source Security Testing Methodology Manual (OSSTMM) and the Penetration Testing Execution Standard (PTES) as the foundation for security assessment methodology. Our methodology allows for our assessments to be efficient and repeatable processes that evaluates every vector for potential compromise. Our experienced penetration testers will assess your environment in a manner that maximizes the value provided to your organization. Upon completion of the assessment, Wildcard delivers a detailed report outlining our findings. Vulnerabilities and exploits will be explained in a manner that is easy to digest. Our assessors are able to contextualize our findings so that they are relevant and actionable.