Is a Penetration Testing just another term for Vulnerability Scanning?
No. Lets contrast the two processes. Vulnerability Scanning gives the IS tester a snapshot of the current configuration state of a given set of network components, as they respond to a set of probes launched from a fixed point in the network. The presence of a vulnerability on a component is usually determined by testing for the presence of a given software version or for a special response from a service, which sometimes leads to a lot of false positives since actual exploitability might not be possible. The snapshot result does not include information about the relationship between components, nor about the implications of a successful penetration for key business processes of the financial institution. In contrast, the Penetration Testing process gives you a more accurate view of the targets IS stance because it tests the system as a whole as it withstands an authorized real attack. The more granular results of penetration testing can immediately enable you to prioritize corrective
