Menu Close

What is the difference between Penetration Test, Vulnerability Assessment and Red Teaming?

In marketing, the terms mentioned in the title are often used as synonyms, even if this is not entirely correct. In the industry, we distinguish between different types of orders, but we cannot expect the customer to know everything about everything, so marketing managers try to attract the attention of prospective customers with the best known terms. In this article we try to present the most common orders.

Vulnerability Assessment

Vulnerability testing used as a collective name is one of the most common assignments. The goal is to security-check an application / network / system under development or not yet tested and examine it as thoroughly as possible, then report the found vulnerabilities. The task of this type of order is not to take advantage of the errors, because it would take significantly more time, so it would not be economically expedient, but to discover as many errors as possible. We recommend this to almost all customers who do not perform regular security testing.

Penetration Test

Penetration test (pentest, penetration test) is perhaps the best known and most frequently used term, it’s marketing value is also the greatest.
In the classical sense, a penetration test has a specific purpose, such as whether an attacker can access the application database. The purpose of pentesting is not to find every vulnerability, but to achieve the goal of the project. The cyber security expert documents each step in detail, regardless of the result of the test, and delivers a report to the client.

Red Teaming

Red teaming is an increasingly popular service in which an ethical hacker tries to penetrate as deeply as possible into the corporate infrastructure.
The purpose of the assignment is to see what parts of the network could a real attacker access and how big damage can cause. Red teaming is a time-consuming and resource-intensive assignment, as a hacker has almost unlimited time to crawl a company, so a security expert must also simulate such an attack.