Vulnerability Assessment
Vulnerability assessment is the process of identifying and quantifying vulnerabilities in a system. Vulnerability assessment has many things in common with risk assessment. Assessments are typically performed according to the following steps:
1. Cataloging assets and capabilities (resources) in a system
2. Assigning quantifiable value and importance to the resources
3. Identifying the vulnerabilities or potential threats to each resource
4. Mitigating or eliminating the most serious vulnerabilities for the most valuable resources
This is generally what a security company is contracted to do, from a technical perspective, not to actually penetrate the systems, but to assess and document the possible vulnerabilities and recommend mitigation measures and improvements.