Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Vulnerability Scans & Penetration Test Comparison Chart

293 views

Published on

Are you 100 percent sure you understand the difference between vulnerability scans and penetration tests? Learn the specific variations here from I.S. Partners, LLC!

Published in: Business
  • Be the first to comment

  • Be the first to like this

Vulnerability Scans & Penetration Test Comparison Chart

  1. 1. Type VulnerabilityScansPenetrationTests - Scans system for known vulnerabilities - Provides reports on risk exposures - Automated process, per the business?s choice - Searches network devices like routers, servers, firewalls and switches - Requires a program like Rapid 7, Nessus, Retina and Qualys for the scan - Auditing firms can help organizations sort out the results to learn more about their system and whether it is sufficient for operations - Requires expertise and planning - Performed at least on annual basis - Mandatory per PCI DSSand the PCI Security Standards Council - Simulates a hacking scenario - Scope focuses on a highly valuable asset - Exposes lax or inadequate security settings or other unsecured business processes - Frequently uncovers password issues such as reused passwords and unencrypted passwords - Necessary to have a program like Core Impact, write code and/or hire an auditing firm to perform the penetration test Vulnerability Scan & Penetration Test Comparison Feat ures, Funct ions, Requirement s, Goals & Findings Means of Implement at ion Vulnerability Scan & Penetration Test Comparison Type Feat ures, Funct ions, Requirement s, Goals & Findings Means of Implement at ion Vulnerability Scans PenetrationTests - Scans system for known vulnerabilities - Provides reports on risk exposures - Automated process, per the business?s choice Searches network devices like routers, servers, firewalls and switches - Requires a program like Rapid 7, Nessus, Retina and Qualys for the scan - Auditing firms can help organizations sort out the results to learn more about their system and whether it is sufficient for operations - Requires expertise and planning - Performed at least on annual basis - Mandatory per PCI DSSand the PCI Security Standards Council - Simulates a hacking scenario - Scope focuses on a highly valuable asset - Exposes lax or inadequate security settings or other unsecured business processes - Frequently uncovers password issues such as reused passwords and unencrypted passwords - Necessary to have a program like Core Impact, write code and/or hire an auditing firm to perform the penetration test

×