1-866-PLYNT-24 | 
Penetration Testing versus Vulnerability Scanning
Penetration Testing
Penetration Testing is usually referred to testing by an ethical hacker to break into a target network with limited information about the said network. It is also called a network (layer) penetration test or a black box test. It requires the bare minimum information about the targets, usually just the IP addresses of the systems to be tested. The testing is performed using a penetration testing tool kit which comprises of well over 25 custom, commercial and open source tools. The testing, though leverages tools, has a very high involvement of a well trained and experienced security tester. The results of a penetration test will usually be free of false positives and on request the tester will also conduct exploits and chained exploits on the target systems. Variations include conducting the penetration testing on internal networks; between inter connected LANS and VLANS, on wireless networks, and penetration through social engineering techniques. Penetration Testing plays an important role in securing enterprises by verifying the efficacy of existing security programs and mimicking real world network and application layer attacks to your systems.
Vulnerability Scanning
Vulnerability scanning is usually referred to running an automated vulnerability scanner against a block of IP addresses. The manual component is limited to the coordination and scheduling of the scanner and delivery of the automated report. The reports are very detailed and long, but are not free of false positives. The extent of false positives would depend on the accuracy of the selected vulnerability scanner. The scanning process is very quick and generally can be conducted at a pretty low cost. The scanners are sold as perpetual licenses and on subscription in a software-as-a-service model. Vulnerability Scanners play an important role in securing organizations as a key component of security vulnerability management programs.
| Penetration Testing | Vulnerability Scanning | |
| Goal | Use Penetration Testing to verify if networks are secure, what does a hacker see, discover unknown security flaws. Do quarterly or at least annually. | Implement Vulnerability Scanning as part of an overall vulnerability management program. Do monthly or at least quarterly. |
| Tool Types Used | Automated Scanners, Proprietary Tools, Exploit tools | Automated Vulnerability Scanner |
| Manual Component | Extensive | Negligible |
| False Positives | Removed | Present |
| Exploitation | Yes, on request | No |
| Chained Exploits | Yes, on request | No |
| Duration | Days to Weeks | Hours to Days |
| Cost | $1000-$2500 per day | $10-$30 per IP |
| Flexibility to Client Needs | High | Low |
| Recommended by Regulators | Yes | Yes |
Plynt provides penetration testing and code review services to clients worldwide. If you are interested, please contact us for a quote. We’ll get back to you within one working day.Add yours.closed for this post.
Monthly Archives
- July 2010
- June 2010
- May 2010
- April 2010
- November 2009
- October 2009
- June 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- May 2008
- April 2008
- March 2008
- January 2008
- December 2007
- November 2007
- April 2007
- March 2007
- February 2007
- January 2007
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- November 2005
- October 2005
- September 2005
- August 2005
- July 2005
- June 2005
- May 2005
Syndication
You can read full entries of Palisade Blog using an RSS reader. Use this link —
