Vulnerability assessments are necessary for discovering potential vulnerabilities throughout the environment. There are many tools available that automate this process so that even an inexperienced security professional or administrator can effectively determine the security posture of their environment. Full exploitation of systems and services is not generally in scope for a normal vulnerability assessment engagement.
Systems are typically enumerated and evaluated for vulnerabilities, and testing can
often be done with or without authentication. Most vulnerability management and
scanning solutions provide actionable reports that detail mitigation strategies such as
applying missing patches, or correcting insecure system configurations.
Vulnerability identification allows you to do your homework. You will learn about what
vulnerabilities your target is susceptible to so you can make a more polished set of attacks.