Differences between vulnerability scanning and penetration testing often result from the inappropriate use of the terms. By confusing these two terms companies might miss a significant component of their overall network security profile. Vulnerability scans and vulnerability assessments serve the purpose to highlight the known vulnerabilities of a company’s environment. This action is performed by using tools that search for known vulnerabilities of operating systems, applications, wireless access points, firewalls and so forth. On the other hand, penetration testing is an active attempt to exploit the weaknesses of a company environment. While both are important functions – both have their place in measuring and understanding the risks that businesses face. A vulnerability scan, for example, can today be automated and run in the background. A penetration test requires significant expertise and patience to learn the environment and attempt various break-ins.
Vulnerability scanning is a regularly scheduled type of good business practice and might be an ongoing project or run monthly at smaller sites. Often the vulnerability scanner will be integrated within a larger environment. Penetration testing is much more likely to be done on an annual basis using very skilled analysts who are external to the company to avoid any conflict of interest. Common engineering practice is to perform a vulnerability scan when adding new equipment or software before the deployment is finalized to ensure the configuration is sound. Most companies perform vulnerability scans at least quarterly after the value of such action is proven. Vulnerability scans typically detect issues such as misconfigurations, the use of excessive or unneeded protocols, open ports that should be closed, outdated certificates and the use of services that expose company information.