Hello Team,

Last week as a class we discussed maintenance plan and the necessity of being able to monitor the security posture built within the organization. Vulnerability assessments and penetration testing are ways for organization to test for access controls are being used as mandated, security devices are filtering authorized access, and network is secure where encryption is being established.

Vulnerability testing is used to identify any know vulnerability within the security perimeter identifying any misconfiguration and weaknesses. Penetration is a forced testing to look for any vulnerabilities internal and external of the security posture. Both detection services are useful for an organization to be conducted.

Both are essential, but the purpose of each testing are different. Vulnerability assessments is a quick diagnosis of the security posture that should be done on a monthly or quarterly basis, that finds vulnerabilities within the security perimeter. Penetration testing, also known as Ethical Hacking, is a more intense testing that acts like a potential hack that is conducted external of the security posture. Such testing should be conducted on an annual basis. Pen testing will show a deeper possible vulnerability such as social hacking weaknesses.

Swanagan, M$.(2023,$ February $16).$ Vulnerability assessment VS Penetration Testing: Key differences explained. PurpleSec. https:$//$purplesec$.$us$/$learn$/$vulnerability$-$assessment$-$vs$-$penetration$-$testing$/$#:~:text$=$Vulnerability$\%20$assessments$\%20$are$\%20$generally$\%20$more$\%20$cost$\%2$Deffective$\%20$and,the$\%20$goal$\%20$of$\%20$testing$\%20$and$\%20$exploiting$\%20$vulnerabilities.