Trusted answers to developer questions
Trusted Answers to Developer Questions

Related Tags

What is the difference between VA and PT in computer security?

Affan Malik

Grokking Modern System Design Interview for Engineers & Managers

Ace your System Design Interview and take your career to the next level. Learn to handle the design of applications like Netflix, Quora, Facebook, Uber, and many more in a 45-min interview. Learn the RESHADED framework for architecting web-scale applications by determining requirements, constraints, and assumptions before diving into a step-by-step design process.

Overview

VA stands for vulnerability assessment, and PT stands for penetration testing or pentesting.

These two terms are often used interchangeably but misunderstood most of the time. Both are ways to discover vulnerabilities in our websites, applications, networks, or systems.

Vulnerability assessment

A vulnerability assessment evaluates vulnerabilities in IT structures at a positive factor in time to figure out the system’s weaknesses earlier than hackers can get preserve of them.

It is a complete analysis of the facts’ safety position (result evaluation). Furthermore, it identifies the capability weaknesses and presents the proper mitigation measures (remediation) to both put off the inadequacies or lessen them beneath the level of risk.

An illustration of vulnerability assessment

Often, it may consist of several tools trying out extra equipment to similarly compare the safety of programs or networks and affirm vulnerabilities located through the scanning programs.

Penetration testing

Penetration testing recreates the behavior of external and internal cyber attackers to break information security, hack critical data, or disrupt the daily functioning of an organization. As a result, intrusion testers use advanced tools and techniques to control critical systems and gain access to sensitive data.

Penetration testing means testing from the attacker’s point of view. If a vulnerability is detected, ethical hackers can exploit the exposure to the depth that the attacker can penetrate. Therefore, in penetration testing, the presence or absence of some vulnerabilities is of secondary importance. The purpose of penetration testing is to be as transparent as possible about how a problem can affect IT security and how this can affect a company.

An illustration of penetration testing

Intrusion testers, also known as ethical hackers, use a controlled environment to assess the security of their IT infrastructure and securely attack, identify, and exploit vulnerabilities. They check test servers, networks, web applications, mobile devices, and other potential entry points to find vulnerabilities.

Vulnerable assessment

  • It has a broader scope and creates a record of assets and resources in a given system.
  • It discovers potential vulnerabilities for each resource. The goal here is to find as many threats as possible.
  • It is automated, cost-effective, and quicker.
  • It gives partial details on the vulnerabilities and does not provide a proper method to mitigate them.
  • It’s better suited to non-critical systems or lab environments.

Penetration testing

  • It focuses intensely on a specific vulnerability and determines the scope or depth of a particular attack.
  • The goal here is to exploit the discovered threat to reach the root level and test the sensitive data collection alongside.
  • It is relatively costly and completely manual. It also requires highly skilled knowledge and a longer time duration to complete.
  • It reveals full details of the threat exploited and how to mitigate the risk.
  • It is ideal for critical real-time systems and physical network architecture.

RELATED TAGS

Grokking Modern System Design Interview for Engineers & Managers

Ace your System Design Interview and take your career to the next level. Learn to handle the design of applications like Netflix, Quora, Facebook, Uber, and many more in a 45-min interview. Learn the RESHADED framework for architecting web-scale applications by determining requirements, constraints, and assumptions before diving into a step-by-step design process.

Keep Exploring