COMPTIA Security+ Tutorial: Module 03,Part 08 – PENETRATION TESTING Vs VULNERABILITY SCANNING




TESTING Vs VULNERABILITY SCANNING

Organizations can buy most expensive firewall or intrusion detection systems. For Penetration Testing, we deploy the team of professionals that tests your network and environment. They come together to find out and verify whether threats exists. The experts would find ways to bypass security controls. Through this, the experts will establish the fact that the malicious users can also break into the security system and that the security control is not robust enough. They Actively test Security Control despite everything being in place. The professional will need to exploit the vulnerabilities means they can identify weaknesses or absence of control.

Post the testing they will provide suggestions to fix the errors and issues.

VULNERABILITY SCANNING

Vulnerability Scanning can be done by the personnel in your organization, that is , to test the weakness or absence of security control.It can be done using automated tools or manually. Under vulnerability scanning we need to identify vulnerabilities, absence of Security Control, common mis-configurations and correct them.

There are several types of testing that could be conducted by the penetration testers. We have :

Black Box Testing: The testers have no knowledge of the test environment like what sort of the operating server, what servers are there, what ports, etc. They walk blindly to test the penetration.

White Box Testing: When the penetration testers have sufficient knowledge of the test environment like what sort of the operating server, what servers are there, what ports, etc.

Gray Box Testing: This is between black and white that is the penetration testers have some knowledge of the test environment.

Hope the module details fairly well on the attacks, security types and network scanners.