Vulnerability Assessment

Vulnerability assessment aims to identify, analyze, and prioritize security weaknesses from the information found in the information gathering phase.

Is focused on detection and categorization, and provides an overview of the security posture, highlighting areas that require remediation to strengthen defenses, as well as possible routes for exploitation, known vulnerabilities, and security holes that have already been discovered.

Its main difference with penetration testing is that it looks for vulnerabilities in networks without simulating cyber attacks and usually uses automatized tools where there is little to no manual exploitation.