[Owasp-manila] Pentest vs. VA

Michael Dungog michael.dungog at owasp.org
Sat Apr 26 02:58:54 UTC 2014

Vulnerability Assessment (VA) looks for known vulnerabilities in a system or a process of identifying and quantifying vulnerabilities in an environment while a Penetration Tester is designed to actually exploit weaknesses or simulates the actions of an external/internal attacker that aims to breach the security of the organization.

The only key aspect of a VA are list-orientation while PenTest are goal-orientation. 


> On 26 Apr, 2014, at 10:18 am, Ariel Moncayo <ariel.moncayo at owasp.org> wrote:
> Hello guys,
> Please share your thoughts regarding the difference between VA and Pentest.
> Thanks,
> Ayeah
> _______________________________________________
> Owasp-manila mailing list
> Owasp-manila at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-manila

More information about the Owasp-manila mailing list