While browsing forums and articles it seems there’s some confusion over the distinction between vulnerability scanners and penetration testers. What do these two digital security roles have in common, where do they overlap and where do they differ.
Vulnerability scanners and penetration testers should both have written or implied permission to perform both of their roles against all and every separate network or target. If a company hires you to penetrate or perform vulnerability scans against their network, its likely they don’t actually have permission to grant you for their publicly accessible servers. These servers are likely to require permission from data-centres, ISP or server hosts.
Both roles are likely to be conducted by people with an interest, background and knowledge of programming, operating systems (namely Linux or MacOS) and logical problem solving. Penetration testers are likely to have a more in-depth knowledge of their tools and targets than vulnerability scanners.
The main difference between vulnerability scanners and penetration testers lies in their goals.
How do Vulnerability Scanners differ to Penetration Testers?
Lets look at a few goals of these individuals; it should then become quite clear what the distinction is.
- Escalate a users permission to that of a superuser,
- Find what attack vectors there are against the companies old mail server,
- Access private medical records,
- Trigger a refund to a different credit card
- Produce a prioritised list of weaknesses and threats of the companies LAN
- Are any services susceptible to known Denial of Service attacks
Vulnerability scans are unlikely to help you with 1, 3 or 4; however a vulnerability scan will definitely yield desirable results for the three other security issues. They are both broad-spectrum tasks that will likely produce multiple shallow entries in a report. You would likely hand over a large document covering dozens, if not hundreds, of vulnerabilities, issues or concerns.
A penetration test is exactly what you need for tasks 1, 3 and 4. They have a clear goal to them – can I do X by any means. Can I change my permissions to that of root user. Can I access those confidential records. Can I change a stored credit card number. After a penetration test you’re likely to hand over a small but detailed report on how you carried out such a task and how you’d recommend resolving the weakness.