What is vulnerability assessment
Vulnerability is the activity of mapping network services and versions against publically available exploits. It is non-intrusive but based on actively gathered information and correlated with the available range of exploits based on different versions.
Vulnerability assessment can be performed on web applications, network protocols, network applications, network devices, and servers anywhere on the cloud or in premises. At times, vulnerability assessment is what is needed as the employer, organization, or client may not be ready for penetration testing as they fear breaking systems or loosing data, or both due to penetration testing.
It is worth noting that vulerability assessment is not actual exploitation, but it is matching the correlated data from the public sources that mention availability of exploit for the given version of services over the network/system. It contains false positives.
