Many organizations offer security services and use terms such as security audit, network or risk assessment, and Penetration Test with overlapping meanings. By definition, an audit is a measurable technical assessment of a system(s) or application(s). Security assessments are evaluations of risk, meaning services used to identify vulnerabilities in systems, applications, and processes.

Penetration Testing goes beyond an assessment by evaluating identified vulnerabilities to verify if the vulnerability is real or a false positive. For example, an audit or an assessment may utilize scanning tools that provide a few hundred possible vulnerabilities on multiple systems. A Penetration Test would attempt to attack ...