Professional Documents
Culture Documents
1.1 Vulnerability Assessment vs. Penetration Testing
1.1 Vulnerability Assessment vs. Penetration Testing
Penetration Testing
Corporations and individuals need to understand how the damage is being done so they
understand how to stop it.
Corporations also need to understand the extent of the threat that a vulnerability
represents.
The vast amount of functionality that is provided by an organization’s networking,
database, and desktop software can be used against them.
Within each and every organization, there is the all-too-familiar battle of functionality vs.
security.
This is the reason that, in most environments, the security officer is not the most well-
liked individual in the company.
o Security officers are in charge of ensuring the overall security of the environment,
which usually means reducing or shutting off many functionalities that users love.
o They are responsible for the balance between functionality and security within the
company, and it is a hard job.
The ethical hacker’s job is to find these things running on systems and networks, and he
needs to have the skill set to know how an enemy would use these things against the
organization.
This work is referred to as a penetration test, which is different from a vulnerability
assessment.