Penetration testing vs Vulnerability Analysis
So we are talking about penetration testing and we are talking about vulnerability analysis.
Think about a bank job – movies like Dog Day Afternoon, Inside Man, American Heist or the 1995 movie Heat. Before the bank robbers penetrate into a bank, they recon the place for days and days together, and look for vulnerable spots, study the building schematics so they could make use of a weakness or a couple of weaknesses to penetrate in to the bank – get in and out sometimes without leaving a trace and sometimes with damages to the banks’ property.
Think about a web application that has a weakness in output encoding, an attacker could exploit this weakness and try to hijack sessions, do a Denial of Service, change web page content, include key loggers, steal information, serve malware and so on. Think about an another application that takes user input, does not validate it and concatenates into a SQL statement, an attacker could exploit this weakness and try to access confidential data from database, hack into the company’s corporate network, or sabotage systems.
Identifying vulnerabilities like encoding mistakes (XSS), concatenation mistakes (Injection) are done during a vulnerability analysis. Identified vulnerabilities could then be exploited leading to a successful penetration.
Often in terms of computer hacking, penetration testing (aka pen testing) is an activity where a person (that is called a penetration tester) tries to penetrate (or hack into) a particular resource/system. In order to do that the penetration tester often analyzes the system/resource for vulnerable spots that could lead a way in. Hence vulnerability analysis (VA) is done to identify weak spots in an application. The results of a vulnerability analysis (VA) could be used for an effective penetration testing (PT).