Many organizations engage with third party vendors for performing Vulnerability Assessments and Penetration Testing. Small organizations are doing this out of the compliance requirements or genuine security considerations. It is not necessary that the person responsible for managing IT in these small organizations really understands the difference between Vulnerability Assessments and Penetration Testing. This article is limited to the VA/PT of computing systems.
Vulnerability assessment is the process of identifying the vulnerabilities or weakness in the system.