In the IT Security industry, technicians are prone to throwing around the phrases; Vulnerability Scans and Penetration Testing or Pen Test, and not realizing we might be confusing the public.
In the IT Security industry, technicians are prone to throwing around the phrases; Vulnerability Scans and Penetration Testing or Pen Test, and not realizing we might be confusing the public. So much so, we’ve made it far easier for any CEO or business owner to misunderstand or get confused about;
To remove any doubt or confusion and give you clear and specific guidelines, we will:
What Is A Vulnerability Scan?
A vulnerability scan is looking for weak points or poorly built sections, along with weaknesses in the computer systems, networks, and applications. The vulnerability scanner action is accomplished using a computer program, created to look for those weaknesses and report the findings.
There are two categories of vulnerability scans; Authenticated and Unauthenticated scans.
Vulnerability scans for both Authenticated and Unauthenticated are designed to find known and unknown weak points or poorly built systems, software and hardware configurations. What the new scanning results find are reported back to the organization for their review, and then they can now move forward addressing each weakness.
Who Uses Vulnerability Scanning Tools?
There are two users groups using vulnerability scans:
What is a Vulnerability Scanning Tool?
A computer software program, which can be purchased off the shelf or from a reseller, and labeled as vulnerability scanning tools. Popular scanning tools are:
A note about any scanning software program: Each software program listed or not listed above has their pros and cons. Along with your research, speaking with a Vulnerability Scanning Specialist, like the staff at Centerpoint IT, are always available to answer any vulnerability scanning questions you may have.
What Is A Penetration Test or Pen Test?
A penetration test also referred to throughout the IT industry as a “pen test” is an authorized simulated attack on a computer network, server or website. The pen test action is accomplished using scanning and attacking tools, created to look for those weaknesses and then exploit them. It’s commonly referred to as “ethical hacking techniques” and “white hat hacking.”
Note: penetration testing is not the same as vulnerability testing. Vulnerability testing intends to identify the potential problems, whereas pen-testing is going to find and then attack those problems.
There are two categories of penetration testing, Internal and External penetration tests.
Ethical hacking for both Internal and External Penetration Testing are designed to mimic an actual attack. Each test thoroughly examines internal and external IT systems for any weakness. What the tester finds and reports back to the organization, they can now move forward addressing each failing.
Who Uses Penetration Testing Tools?
Penetration Testing firms are hired to hack into a website, a network or a server. They are known as:
What is a Penetration Testing Tool?
It is a scanner and attacker software and tools, for scanning and attacking weak spots. Commercial pen test tools are:
A note about any pen-test tools: Each tool listed or not listed above has their pros and cons. Along with your research, speaking with a Penetration Testing Specialist, like the ones at Centerpoint IT, are always available to answer any penetration testing questions you may have.
Be On The Lookout For This
When researching penetration testing and vulnerability scanning services and testers, please perform your due diligence and be on the lookout. There are some companies, which will offer and charge you for penetration testing. However, they are only providing vulnerability scanning. They will bundle the scanning, the results, and then sell it as penetration testing.
As you’ve read above, you now know there is a distinct difference between penetration testing and vulnerability scanning, their different functions, software and tools used, who performs scans and testing, what to be on the lookout for, but if you are still not sure, then call us. We are here to help you.
Interested in more security articles like this one? Check out these three: Educating Employees On Cyber Security, Ransomware a Growing and Destructive Threat, Security The Biggest Challenge For Companies or visit our blog.