It amazes me that most of the “security companies” that offer penetration testing services don’t know what penetration testing is. Specifically, they don’t deliver penetration tests even though they call their services penetration testing services. In most cases their customers think that they’re receiving penetration tests but instead they’re receiving the lesser quality vulnerability assessment service.
When customers are looking to purchase penetration testing services they should receive penetration testing services. Likewise, when they’re looking to purchase vulnerability assessment services they should receive vulnerability assessment services. Unfortunately, customers won’t know what they’re receiving unless they clearly understand what those services are and how those services are defined. The services are not interchangeable and they are Â entirely different.
The English dictionary defines a Penetration Test as a method for determining the presence of points where something can make its way through or into something else. Penetration testing is not unique to Information Security and is used by a wide variety of other industries. Â For example, penetration testing is used to test armor by exposing the armor to a level of threat that is usually slightly higher in intensity than what it will face […]