The answer is no. All three are different but interlinked.
Security audits:
Auditing is related to guideline/ check list that the solution should be followed all these guidelines. For example, for payment applications should follow PCI guidelines.
Penetration tests:
Penetration testing is nothing but a specialized & non functional testing where the testing will be done to make sure how secure the application is to internal and external threat through flaws in the design, development, deployment, up gradation and in maintenance of the application.
In short, penetration tester is a paid hacker (you can say ethical) where he tries to emulate the hackers view on the application before deployment of the application so that unthinkable can be avoided in production environment.
Vulnerability assessments:
At high level or in broader picture Assessment involved in compliance, audits, testing.
If we split one bit then we can divide this assessment in two steps.
1. Pre development of the solution.
Will try to figure out the guidelines/ compliance, standards, tests that the solution should follow.
2. Post development of the solution.
Once application is developed it will go through the assessments like compliance audits, penetration testing and root cause analysis for each vulnerability came out during testing.
In short assessment is not a one step effort or one phase approach. It includes from beginning to end while developing the solution.
No comments:
Post a Comment