ABSTRACT
It could be argued that the difference between a penetration test and vulnerability scanning is the act of exploitation. A vulnerability scanning (or analysis) service is engineered to identify vulnerabilities and determine a level of risk based on the potential of the vulnerability without regard for other environmental conditions on the network that may enhance or 242cancel out the vulnerability altogether. Without pushing the limits of the vulnerability, the actual risk associated with the vulnerability will remain conjecture. By exploiting the vulnerability, a company can determine the impact of not rectifying the problem as opposed to assuming the level of risk is bearable given a specific vulnerability.
