What are some of the differences between vulnerability scanning and penetration testing? What are some of the tools that can be leveraged to perform each and their methods?

Database System Concepts
7th Edition
ISBN:9780078022159
Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Chapter1: Introduction
Section: Chapter Questions
Problem 1PE
icon
Related questions
Question

Please I need to answer this question. The book's name is: "Network Security, Firewalls, and VPNS, 2e". Thank you.

Question:

What are some of the differences between vulnerability scanning and penetration testing? What are some of the tools that can be leveraged to perform each and their methods?

Expert Solution
Step 1

Differences between vulnerability scanning and penetration testing

Vulnerability scanning identifies the known vulnerabilities that exist in the system or devices connected over the network and lists the potential exposures in a report whereas penetration testing has been intended to exploit weaknesses found in the IT network architecture and also find the degree to which a hacker can have unauthorized access to organization's assets or sensitive data.

It uses automated tools (or off the shelf software tools) that scans for known vulnerabilities with the purpose of finding as many security pitfalls while penetration testing is a more detailed assessment conducted by a professional, known as a white-hat hacker, with the purpose of exploiting weaknesses.

Unlike vulnerability scanning, vulnerabilities in penetration testing are exploited to expose the full impact of individual concern.

A vulnerability scanning can include false positive which means identifying a non-real threat whereas penetration testing enables the expert to remove false positives and make an easy understanding of the real risks corresponding to each vulnerability.

Vulnerability scanning has a much wider scope as compared to penetration testing due to automated assessment. The scope includes several components such as network devices, printers, desktop, servers, laptops, and firewalls.

Vulnerability scanning is performed regularly like a weekly or monthly basis whereas penetration testing conducted two or three times a year.

steps

Step by step

Solved in 2 steps

Blurred answer
Knowledge Booster
Types of Security Technology
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.
Recommended textbooks for you
Database System Concepts
Database System Concepts
Computer Science
ISBN:
9780078022159
Author:
Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:
McGraw-Hill Education
Starting Out with Python (4th Edition)
Starting Out with Python (4th Edition)
Computer Science
ISBN:
9780134444321
Author:
Tony Gaddis
Publisher:
PEARSON
Digital Fundamentals (11th Edition)
Digital Fundamentals (11th Edition)
Computer Science
ISBN:
9780132737968
Author:
Thomas L. Floyd
Publisher:
PEARSON
C How to Program (8th Edition)
C How to Program (8th Edition)
Computer Science
ISBN:
9780133976892
Author:
Paul J. Deitel, Harvey Deitel
Publisher:
PEARSON
Database Systems: Design, Implementation, & Manag…
Database Systems: Design, Implementation, & Manag…
Computer Science
ISBN:
9781337627900
Author:
Carlos Coronel, Steven Morris
Publisher:
Cengage Learning
Programmable Logic Controllers
Programmable Logic Controllers
Computer Science
ISBN:
9780073373843
Author:
Frank D. Petruzella
Publisher:
McGraw-Hill Education