What is a vulnerability scan, and how is it different from a penetration test?
A vulnerability scan is an automated check that probes a system — a website, a server, a network — against a database of known weaknesses and misconfigurations, and reports what it finds. It is the routine, repeatable health check of security: fast, broad, and run regularly:
- Scan vs pen test — a vulnerability scan is automated and tells you “here are the known issues an attacker could look up”; a penetration test is a human expert actively trying to break in and chain weaknesses together, and it is priced accordingly.
- A certification expectation — the audited Platinum tier of the SMB1001 standard expects regular vulnerability scanning of internet-facing systems.
- The realistic small-business layer — regular scanning of the parts of your site the public can reach is the realistic, affordable layer — the continuous health check — while a full penetration test is reserved for when a contract specifically requires it.
A vulnerability scan is the regular automated health check; a penetration test is the occasional expert break-in attempt — most small businesses need the first far more often than the second.