Date Added: Sep 2009
There are two methodologies used for performing vulnerability assessment regardless of patch assessment or compliance verification. One philosophy revolves around the need to penetrate a system to prove its vulnerability and the other uses available information to postulate the status of the vulnerability. Longstanding discussions have centered on the merits of either type of scanning, as well as their potential liabilities. In summary, since a vulnerability assessment scanner emulates an attack, each of these methods mirrors an attacker's style for compromising a host.