Vulnerability testing uses automated software to find vulnerabilities in a system. You can perform a vulnerability assessment on your website, company network, devices, or any application. As the software scans your systems, it compares findings to a database of known vulnerabilities.
For example, if your website is running on WordPress, you’ll want to run regular tests to make sure your website is secure. A WordPress installation is only partially secure when you keep all plugins, themes, and core files updated and patched. There’s still the possibility of unknown vulnerabilities that haven’t been patched.
Unfortunately, since vulnerability testing is automated, it can turn up false positives and it can miss some of the most critical and complex vulnerabilities, including ones that lead to zero-day exploits. Although, vulnerability testing is much faster and cheaper than penetration testing since it’s automated.
Even though vulnerability testing can miss critical vulnerabilities, it can detect quite a bit, and it’s extremely helpful. However, it’s best supplemented by the manual methods of penetration testing.