Vulnerability Assessment vs. Penetration Test
It is all about Vulnerabilities. So, what is the Vulnerability? It is a Weakness in an Information System or System Security Procedures or Internal Controls or System D esign or System Implementation or Configuration/Setup that will raise risk and expose it to be exploited or triggered by a threat actor. As Window Snyder - Chief Security Officer at Square, Inc. said: "One single vulnerability is all an attacker needs.". To find this vulnerability we need to search for it and to search for it we need to test the system from a security perspective to find it. So, Security Testing is to identify the threats in or on the system and measure its potential vulnerabilities "Weaknesses" so these threats and vulnerabilities must be remediated to reduce the risk. In other words, Security Tests are to identify all possible loopholes and weaknesses of the system which might result in a loss of information, revenue, repute at the hands of the employees or outsi