Cheat sheets

Vulnerability scan before a pentest

In a vulnerability scan, the auditor use a number of specialized tools such as Nessus to test a large number of vulnerabilities on your systems in a short time.

This is different from a pentest, where the pentester(s) also try to manually hack into your systems and investigate your custom environments. A vulnerability scan is a good first step to assess the security of your organization and to make concrete improvements.

It is then recommended to perform a pentest. For example, you can have a vulnerability scan performed on your entire internal network or on all external IP addresses of your organization.