What is the difference between a Vulnerability Assessment and a Penetration Test?

Vulnerability Tests and Penetration Tests are very different. Vulnerability Scans and Assessments search systems for known vulnerabilities, whereas a Penetration Test attempts to exploit weaknesses.

Why do you need Vulnerability Scanning?

Regular Vulnerability Scanning is necessary for maintaining information security. Our scan detects issues, such as missing patches, outdated protocols, certificates, and services - all of which may be exploited and could offer hackers a route into your network.

This service runs against all devices inside the network, including:

  • Servers
  • Switches
  • Firewalls
  • IoT / AV devices
  • Workstations
  • Printers
  • Core Applications
  • Storage
  • Web-facing apps
  • Proxy devices

Devices will be scanned for vulnerabilities and compared against known vulnerability databases. The results are displayed using the Common Vulnerability Scoring System (CVSS), an open framework for communicating the characteristics and severity of vulnerabilities. As a result, each finding has a score, running from High, Medium or Low. Fifosys will then produce baseline reports on the vital equipment and, in future, any changes in open ports or added services should be investigated and compared against internal change control. This service can be run as a one-off or regularly, depending on requirements.


Next Step: Contact the Fifosys Security Team to book your vulnerability test today and help to protect your business.