Friday, 4 January 2019

What is VAPT (Vulnerability Assessment, and Penetration Testing)?

Or, What is a Vulnerability Assessment?
Or, What is Penetration Testing?
Or, What is the difference between vulnerability assessment and penetration testing?

Vulnerability Assessment is a method to rapidly review the network devices, servers, and systems to identify key vulnerabilities and configuration issues that an attacker may be able to take advantage of. It’s generally conducted within the network on internal devices with help of some specialized software tools.


Penetration Testing is an in-depth expert-driven activity focused on identifying various possible routes an attacker could use to potential harm the network or applications. In addition to the vulnerabilities, it also helps in identifying the potential damage and further internal compromise an attacker could carry out.

Additional Note: Once you have the vulnerability assessment or penetration testing report, you start with analyzing the impact area and applicable vulnerabilities to your infra. After this stage is completed, you start fixing the vulnerabilities reported on respective devices.

Technically, its good to fix all reported vulnerabilities, but still you have the choice to decide whether you want to fix it or not. That's all depends upon your business need and the impact that you may see after applying the fixes.

Cheers, if you have any feedback or query, please write me back.

No comments:

Post a comment