Feature |
Penetration Testing |
Assessment Tools |
Purpose |
To identify and exploit vulnerabilities |
To identify potential vulnerabilities |
Approach |
Active |
Passive |
Scope |
Broad |
Narrow |
Cost |
High |
Low |
Duration |
Long |
Short |
Expertise |
Requires skilled security professionals |
Can be used by non-technical users |
Description |
A penetration test is an active process where a security professional attempts to exploit vulnerabilities in a system or network. This is done to identify and fix security weaknesses before they can be exploited by attackers. |
An assessment tool is a passive tool that scans a system or network for vulnerabilities. It does not attempt to exploit vulnerabilities, but it can help identify potential problems. |
Example |
A penetration test might involve a security professional trying to log into a system with a stolen password, or trying to exploit a known vulnerability in a web application. |
An assessment tool might scan a system for open ports, or look for known vulnerabilities in software installed on a system. |
Which one shall we use |
If you are concerned about the overall security of your systems and networks, then a penetration test may be a better option. However, if you are concerned about a specific vulnerability, then an assessment tool may be sufficient. |
The best approach to security assessment will depend on the specific needs of the organization. |
Penetration Test |
Purpose |
Product Name |
Microsoft Alternative |
What it is Testing |
OSI Model Layer |
MITRE ATT&CK Framework |
Black box penetration testing |
To identify and exploit vulnerabilities in a system or network that an attacker would not have prior knowledge of. |
Nexpose |
Microsoft Defender for Endpoint |
The security of a system or network without any prior knowledge of the internal structure or configuration |
Physical, Data Link, Network, Transport, Session, Presentation, Application |
Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion |
Grey box penetration testing |
To identify and exploit vulnerabilities in a system or network that an attacker would have some knowledge of. |
Nessus |
Microsoft Defender for Identity |
The security of a system or network with limited knowledge of the internal structure or configuration |
Physical, Data Link, Network, Transport, Session, Presentation, Application |
Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion |
White box penetration testing |
To identify and exploit vulnerabilities in a web application, including those that are not publicly known. |
AppScan |
Microsoft Application Security Testing (AST) |
The security of a web application with full knowledge of the source code |
Physical, Data Link, Network, Transport, Session, Presentation, Application |
Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Lateral Movement, Collection, Command and Control |
Social engineering penetration testing |
To assess the susceptibility of users to social engineering attacks, such as phishing emails and malicious websites. |
Social-Engineer Toolkit (SET) |
Microsoft Defender for Office 365 |
The susceptibility of users to social engineering attacks |
Application |
Initial Access |
Wireless penetration testing |
To identify and exploit vulnerabilities in wireless networks, such as weak passwords and unencrypted traffic. |
Aircrack-ng |
Microsoft Defender for IoT |
The security of wireless networks |
Physical, Data Link, Network |
Initial Access, Execution |
Network penetration testing |
To identify open ports and vulnerabilities on a network, which could be exploited by an attacker to gain access. |
Nmap |
Microsoft Security Assessment and Auditing (MAA) |
The security of networks, including identifying open ports and vulnerabilities |
Physical, Data Link, Network, Transport |
Initial Access, Execution, Lateral Movement |
Host penetration testing |
To identify and exploit vulnerabilities on a host, such as unpatched software and misconfigurations. |
Metasploit |
Microsoft Defender for Endpoint |
The security of hosts, including identifying vulnerabilities and exploiting them |
Physical, Data Link, Network, Transport, Session, Presentation, Application |
Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Lateral Movement, Collection, Command and Control |