What is Pentesting, Vulnerability Scanning and which one do you need?

We often get asked about these two concepts and we noticed that there is a lot of unclarity around these topics. Please read to find out more.

Vulnerability scan

Also known as Vulnerability Assessment, looks for known vulnerabilities in your systems and reports potential exposures.

Vulnerability assessments are performed by using an off-the-shelf software package, such as Nessus or OpenVas to scan an IP address or range of IP addresses for known vulnerabilities.

For example, the software has signatures for the Heartbleed bug or missing Apache web server patches and will alert if found. The software then produces a report that lists out found vulnerabilities and (depending on the software and options selected) will give an indication of the severity of the vulnerability and basic remediation steps.

It’s important to keep in mind that these scanners use a list of known vulnerabilities, meaning they are already known to the security community, hackers and the software vendors. There are vulnerabilities that are unknown to the public at large and these scanners will not find them.

Penetration test (aka “pentest”)

It is designed to actually exploit weaknesses in the architecture of your systems.   Where a vulnerability scan can be automated, a penetration test requires various levels of expertise within your scope of systems.   In short, a technician runs a vulnerability scan while a hacker performs a penetration test. In this light, you have to think of a pentest as a two steps process:

  1. Vulnerability Assessment – produces the list of exploitable weaknesses

  2. Exploitation of the vulnerabilities

When you think to pentesting, you need to think of hackers. A good pentest would simulate the same conditions a hacker would have when he wants to hack your system. This is also the reason why pentesting is so hard to do.

Penetration tests can also be performed using automated tools, such as Metasploit, but experienced testers will write their own exploits from scratch.

Here is a table help understand the difference between Vulnerability Scan & Penetration Test (from [2]):


Vulnerability Scan

Penetration Test

How often to run

Continuously, especially after new equipment is loaded

Once a year


Comprehensive baseline of what vulnerabilities exist and changes from the last report

Short and to the point, identifies what data was actually compromised


Lists known software vulnerabilities that may be exploited

Discovers unknown and exploitable exposures to normal business processes

Performed by

In house staff, increases expertise and knowledge of normal security profile.

Independent outside service

Required in regulations




Low to moderate: about $1200 / yr + staff time

High: about $10,000 per year outside consultancy


Detective control, used to detect when equipment is compromised.

Preventative control used to reduce exposures

Who can do this?

There are various certifications for both vulnerability assessment and penetration testing.

Here is an overview:



  1. http://www.csoonline.com/article/2921148/network-security/whats-the-difference-between-a-vulnerability-scan-penetration-test-and-a-risk-analysis.html

  2. http://www.tns.com/PenTestvsVScan.asp


Award winning antivirus protection from TotalAV. Stay 100% safe from malware and online threats.

Industry Latest

Microsoft Issues Vital Security Patch for Old OS Systems
Microsoft has issued major updates for XP and 7 – systems 17 and 9 years old respectively
21 May 2019

Security & Privacy

Hackers Could Exploit Critical Data via ‘ZombieLoad’ Intel Bug
Findings revealed that the vulnerabilities could lead to devices being exposed to cyber criminals
17 May 2019

Industry Latest

Hackers Hit WhatsApp, Spyware Installed on User’s Phones
WhatsApp revealed that an advanced cyber actor was able to infect users’ devices with a malicious malware.
15 May 2019