Penetration Tester vs Vulnerability Assessor

0 votes
I am facing a lot of confusion in understanding the difference between a Penetration Tester and a Vulnerability Assessor. I don't need a comparison table, etc. I just need the difference explained in a Simple Way. Thanks
Jan 2 in Career Counselling by Vidhyut
• 1,150 points
30 views

2 answers to this question.

0 votes

This is a very common confusion because when you look at what a Penetration Tester does and what a Vulnerability Assessor does, you won't see much difference. Let me put it in simple words for you. 

Both Penetration Tester and Vulnerability Assessor do the same thing i.e., find vulnerabilities, try to exploit them and then report the issue to the company so that the company can increase the security. But the difference comes in, what kind of companies they do this for.

Penetration Tester finds vulnerabilities for a company that has covered and provided security to the application/software as much as they could think of. Now, they want to find if there are other vulnerabilities that they missed. Here, a Penetration Tester helps them find these issues.

There are few companies that have not provided security to application/software. They know that there are issues, but they do not know how to prioritize those issues. So, a Vulnerability Assessor goes through these issues and helps prioritize which issue should be addressed and solved first.   

answered Jan 2 by Sangar
0 votes

Hello Vidhyut, A Penetration tester manually conducts an assessment on a target to uncover vulnerabilities by exploiting them. The goal is to gain unauthorized access through exploitation which can be used to emulate the intent of a malicious hacker. A pentester often uses following phases:

  • Reconnaissance
  • Scanning and enumeration
  • Exploitation
  • Post-exploitation
  • Covering tracks

While a Vulnerability assessor, or VA, identifies threats and vulnerabilities on a target by using automated vulnerability scanners. This sometimes includes a range of manual testing with additional tools to further evaluate the security of applications or networks and to verify vulnerabilities discovered by the scanning applications.

answered Jun 11 by Ritvik

Related Questions In Career Counselling

0 votes
2 answers

Penetration Tester career path

Hey Vidhyut, Penetration testers are able to ...READ MORE

answered Jun 11 in Career Counselling by Karuna
29 views
0 votes
1 answer

Penetration Tester future path

No, Penetration Testing is not the end ...READ MORE

answered Jan 2 in Career Counselling by Neil
19 views
0 votes
3 answers

Penetration Tester Skills

A Penetration tester should have following skills: Expert ...READ MORE

answered Jun 11 in Career Counselling by Chandra
20 views
0 votes
2 answers

Penetration Tester Certifications

Hey Vidhyut, these are some of the ...READ MORE

answered Jun 11 in Career Counselling by Farhan
35 views
0 votes
2 answers

Salary for Security Administrator

For freshers, if you have good certifications and skills, then ...READ MORE

answered Apr 9 in Career Counselling by Sunny
30 views
0 votes
2 answers

What skills do Security Administrator need?

A Security Admin must have excellent knowledge ...READ MORE

answered Apr 9 in Career Counselling by Sandeep
24 views
0 votes
3 answers

What does a Security Administrator do?

A Security Admin is a person who ...READ MORE

answered Apr 9 in Career Counselling by Sandy
29 views
0 votes
2 answers

Security Administrator Tools

The Top free tools being used by ...READ MORE

answered Apr 9 in Career Counselling by Sharan
28 views
0 votes
3 answers

What does a Penetration Tester do?

Hi Vidhyut, some of the responsibilities of ...READ MORE

answered May 30 in Career Counselling by Umesh
29 views
0 votes
3 answers

Penetration Tester Salary in 2019

This varies on the location, company, and ...READ MORE

answered Mar 6 in Career Counselling by Rashmi
77 views