create account

Penetration test vs. Vulnerability scan by verhp11

View this thread on: hive.blogpeakd.comecency.com
blog · @verhp11 · (edited)
$8.15
Penetration test vs. Vulnerability scan
![x9wxuj8h9f.png](https://img.esteem.ws/x9wxuj8h9f.png)
[Source](https://www.pexels.com/photo/photo-of-turned-on-laptop-computer-943096/)

In the field of information security there are a lot of professionals at work, the business is booming and organizations want to be safe right?....
therefore a lot of organizations are contracting ethical hackers or security clubs to test their environment. What I see in the field is that there is some mix up between terminology and techniques, often caused by the security professionals themselves. 

For instance the Penetration test vs a vulnerability scan. These two are often mixed up by people causing the wrong expectations and therefor organizations paying (sometimes) to much for sham security. And I think that's a bad development because people have to be informed honestly. 

Well some background info:

<h1>Vulnerabilty scanning</h1>
A vulnerability scan is , like it says, a scan for (known) vulnerabilities. Often there are some tools used which check on already exploited breaches, missing patches and other (already known) issues.

A report which comes out of a vulnerabilty scan just is a print of the state of the machine, device, or environment compared to some best practices and security checks. It is a quick scan for the use of known software whithout further in depth research or next steps. You can see a vulnerability scan as step one to a Pentest. 

<h1>Pentesting</h1>
A pentetration test is to get insight information on the risks and vulnerabilities of a system of environment. Based on the vulnerabilities he/she is trying to get real use-able information out of systems to litteraly exploit the vulnerability. That way he can show the organization that there is a real risk. After that he/she will give advise on how to mitigate does risks mostly in a report with all the fact and figures..

Often Pentesters use a Kali-Linux distribution which is already equipped with a lot of 'hacking' tools which the pentester can use to test the environment. See it as a Operating System with all the right tools onboard, isn't that cool.

<h1>Conclusion</h1>
Don't mix up (or be advised) that Pentesting and Vulnerabilityscanning are the same procedures. The are certain complimentary to eachother but they are different.  The fact if a company wil perform a vulnerability assement/scan of a pentest is about the questioning if they:

- Have the funding (a pentest is way more expensive)
- and if their riskprofile demand it, in other words is the information risk that big that they do need in depth information about the state over their environment, then do a pentest.


Stay safe !!!

Peter


---


<center><h4><b>I am with QURATOR, are You?<b> </h4></center>


<center><a href="https://steemit.com/@qurator"><img src="https://cdn.steemitimages.com/DQmdbayK1c8wHTdwEyghnUs922mVTm2J69Tr7yT4TGUXGZn/image.png"></a></center>

---
<center><h4><b>I am using Esteem <b> </h4></center>
<center><a href="https://steemit.com/@esteem"><img src="https://steemitimages.com/640x0/https://img.esteem.ws/zsbwxrhug2.jpg"></a></center>


---
![Alt text](https://steemitimages.com/640x0/https://steemitimages.com/DQmdWG7QanG3ZEgJQ4SiLkyQ5BKtxGU7jrrnwDTqsz3r177/Logo_Side-by_side_1000.png)

<i><center>I fully support @s3rg3 and @exyle, who are witness with their developer group @blockbrothers for the Steem blockchain. If you want to support them, they would appreciate your vote [here](https://steemit.com/~witnesses).
<br>
They are the creators of Steemify, THE notification app for your Steemit account for IOS. </center></i>

___


<center>![steem-banner.jpg](https://steemitimages.com/DQmZ3UhNiAn3AkPEYVGRZ1afAzg7bEofMw6pQ7c6t9wMTTZ/steem-banner.jpg)</center>
👍  , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , and 12 others
properties (23)
authorverhp11
permlinkpenetration-test-vs-vulnerability-scan
categoryblog
json_metadata{"links":["https://www.pexels.com/photo/photo-of-turned-on-laptop-computer-943096/","https://steemit.com/@qurator","https://steemit.com/@esteem","https://steemit.com/~witnesses"],"image":["https://img.esteem.ws/x9wxuj8h9f.png","https://cdn.steemitimages.com/DQmdbayK1c8wHTdwEyghnUs922mVTm2J69Tr7yT4TGUXGZn/image.png","https://steemitimages.com/640x0/https://img.esteem.ws/zsbwxrhug2.jpg","https://steemitimages.com/640x0/https://steemitimages.com/DQmdWG7QanG3ZEgJQ4SiLkyQ5BKtxGU7jrrnwDTqsz3r177/Logo_Side-by_side_1000.png","https://steemitimages.com/DQmZ3UhNiAn3AkPEYVGRZ1afAzg7bEofMw6pQ7c6t9wMTTZ/steem-banner.jpg"],"users":["s3rg3","exyle","blockbrothers"],"tags":["blog","writing","security","ocdb","informationsecurity"],"app":"steemit/0.1","format":"markdown","community":"esteem.app"}
created2019-09-10 07:32:09
last_update2019-09-10 09:47:48
depth0
children8
last_payout2019-09-17 07:32:09
cashout_time1969-12-31 23:59:59
total_payout_value3.871 HBD
curator_payout_value4.276 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length3,715
author_reputation101,983,719,324,115
root_title"Penetration test vs. Vulnerability scan"
beneficiaries
0.
accountesteemapp
weight1,000
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id90,432,943
net_rshares22,590,207,321,274
author_curate_reward""
vote details (76)
@artturtle ·
message
### Thank you verhp11! You've just received an upvote of 26% by artturtle!

<a href="https://steemit.com/art/@artopium/artturtle-will-upvote-each-and-every-one-of-your-art-music-posts">
<img src="https://www.rovingfestival.com/images/artturtlead.png"></a>

### [Learn how I will upvote each and every one of *your* posts](https://steemit.com/art/@artopium/artturtle-will-upvote-each-and-every-one-of-your-art-music-posts)
<br> 
Please come visit me to see my daily report detailing my current upvote power and how much I'm currently upvoting.
<br>
properties (22)
authorartturtle
permlinkre-penetration-test-vs-vulnerability-scan-20190910t140022
categoryblog
json_metadata""
created2019-09-10 14:00:24
last_update2019-09-10 14:00:24
depth1
children0
last_payout2019-09-17 14:00:24
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length549
author_reputation18,796,114,672,508
root_title"Penetration test vs. Vulnerability scan"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id90,442,554
net_rshares0
@bozz · 
Great information.  Back when I was in college there wasn't the differentiation between areas of the field like there is now.  It was basically programming and then everything else.  This is an area I would have like to gone into had there been the option.
properties (22)
authorbozz
permlinkpxm3y6
categoryblog
json_metadata{"tags":["blog"],"app":"steemit/0.1"}
created2019-09-10 11:01:24
last_update2019-09-10 11:01:24
depth1
children0
last_payout2019-09-17 11:01:24
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length256
author_reputation2,268,253,028,747,015
root_title"Penetration test vs. Vulnerability scan"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id90,437,529
net_rshares0
@ocdb ·
re-verhp11-penetration-test-vs-vulnerability-scan-20190913t052102218z
You got a 11.11% upvote from @ocdb courtesy of @verhp11!

@ocdb is a non-profit bidbot for whitelisted Steemians, current min bid is 2 SBD and max bid is 10 SBD and the equivalent amount in STEEM. Check our website https://thegoodwhales.io/ for the whitelist, queue and delegation info. Join our Discord channel for more information.

If you like what @ocd does, consider voting for ocd-witness through SteemConnect or on the Steemit Witnesses page. :)
properties (22)
authorocdb
permlinkre-verhp11-penetration-test-vs-vulnerability-scan-20190913t052102218z
categoryblog
json_metadata{"app":"ocdb/1.9.3"}
created2019-09-13 05:21:03
last_update2019-09-13 05:21:03
depth1
children0
last_payout2019-09-20 05:21:03
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length452
author_reputation757,090,120,964,012
root_title"Penetration test vs. Vulnerability scan"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id90,528,939
net_rshares0
@steem-plus ·
SteemPlus upvote
Hi, @verhp11!

You just got a **2.07%** upvote from SteemPlus!
To get higher upvotes, earn more SteemPlus Points (SPP). On your Steemit wallet, check your SPP balance and click on "How to earn SPP?" to find out all the ways to earn.
If you're not using SteemPlus yet, please check our last posts in [here](https://steemit.com/@steem-plus) to see the many ways in which SteemPlus can improve your Steem experience on Steemit and Busy.
properties (22)
authorsteem-plus
permlinkpenetration-test-vs-vulnerability-scan---vote-steemplus
categoryblog
json_metadata{}
created2019-09-10 16:31:24
last_update2019-09-10 16:31:24
depth1
children0
last_payout2019-09-17 16:31:24
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length434
author_reputation247,952,188,232,400
root_title"Penetration test vs. Vulnerability scan"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id90,446,867
net_rshares0
@steem-ua · 
#### Hi @verhp11!

Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your **UA** account score is currently 3.504 which ranks you at **#6938** across all Steem accounts.
Your rank has not changed in the last three days.

In our last Algorithmic Curation Round, consisting of 105 contributions, your post is ranked at **#14**.
##### Evaluation of your UA score:

* You're on the right track, try to gather more followers.
* The readers appreciate your great work!
* Try to work on user engagement: the more people that interact with you via the comments, the higher your UA score!


**Feel free to join our [@steem-ua Discord server](https://discord.gg/KpBNYGz)**
properties (22)
authorsteem-ua
permlinkre-penetration-test-vs-vulnerability-scan-20190911t051144z
categoryblog
json_metadata"{"app": "beem/0.21.0"}"
created2019-09-11 05:11:45
last_update2019-09-11 05:11:45
depth1
children0
last_payout2019-09-18 05:11:45
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length715
author_reputation23,214,230,978,060
root_title"Penetration test vs. Vulnerability scan"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id90,463,644
net_rshares0
@steevc · 
This is a fascinating field to work in. With so many online systems there is more risk of compromises. I listen to the Security Now podcast sometimes and it's quite scary as we rely on this stuff.

Have you tried using the #stem tag? This may be good for that tribe.
👍  
properties (23)
authorsteevc
permlinksteevc-re-verhp11-penetration-test-vs-vulnerability-scan-20190910t092049166z
categoryblog
json_metadata{"app":"partiko","client":"android"}
created2019-09-10 09:20:48
last_update2019-09-10 09:20:48
depth1
children1
last_payout2019-09-17 09:20:48
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length266
author_reputation1,384,874,625,644,143
root_title"Penetration test vs. Vulnerability scan"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id90,435,286
net_rshares16,961,937,353
author_curate_reward""
vote details (1)
@verhp11 ·
$0.02
It is indeed a fascinating field.. with a lot great expertises. There was this report last week that the Dutch Government isn't well prepared for cyberattacks, and I know for a fact we are not the only ones :)  It's a business...  and no I didn't knew the #stem tag, thanks for mentioning :)
👍  ,
properties (23)
authorverhp11
permlinkpxlznj
categoryblog
json_metadata{"tags":["blog","stem"],"app":"steemit/0.1"}
created2019-09-10 09:28:33
last_update2019-09-10 09:28:33
depth2
children0
last_payout2019-09-17 09:28:33
cashout_time1969-12-31 23:59:59
total_payout_value0.011 HBD
curator_payout_value0.011 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length291
author_reputation101,983,719,324,115
root_title"Penetration test vs. Vulnerability scan"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id90,435,409
net_rshares108,093,152,060
author_curate_reward""
vote details (2)
@trincowski · 
Very interesting... I've worked in places where they don't even escape the **'** character from the SQL Queries. Someday, they'll regret it.
properties (22)
authortrincowski
permlinkre-verhp11-2019910t103451730z
categoryblog
json_metadata{"tags":["blog","writing","security","ocdb","informationsecurity"],"app":"esteem/2.2.0-surfer","format":"markdown+html","community":"esteem.app"}
created2019-09-10 09:34:51
last_update2019-09-10 09:34:51
depth1
children0
last_payout2019-09-17 09:34:51
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length140
author_reputation159,418,145,168,851
root_title"Penetration test vs. Vulnerability scan"
beneficiaries
0.
accountesteemapp
weight1,000
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id90,435,531
net_rshares0
Help/Feedback