Google scholar arxiv informatics ads IJAIS publications are indexed with Google Scholar, NASA ADS, Informatics et. al.

Call for Paper


January Edition 2023

International Journal of Applied Information Systems solicits high quality original research papers for the January 2023 Edition of the journal. The last date of research paper submission is December 15, 2022.

Comparison of Vulnerability Assessment and Penetration Testing

Jignesh Doshi, Bhushan Trivedi Published in Security

International Journal of Applied Information Systems
Year of Publication: 2015
© 2015 by IJAIS Journal
Download full text
  1. Jignesh Doshi and Bhushan Trivedi. Article: Comparison of Vulnerability Assessment and Penetration Testing. International Journal of Applied Information Systems 8(6):51-53, April 2015. BibTeX

    	author = "Jignesh Doshi and Bhushan Trivedi",
    	title = "Article: Comparison of Vulnerability Assessment and Penetration Testing",
    	journal = "International Journal of Applied Information Systems",
    	year = 2015,
    	volume = 8,
    	number = 6,
    	pages = "51-53",
    	month = "April",
    	note = "Published by Foundation of Computer Science, New York, USA"


Business using internet has grown drastically in past decade. Attacks on web application have increased. Web application security is a big challenge for any organizations as result of increasing attacks. There exist different approaches to mitigate various security risks are defensive coding, hardening (Firewall), Monitoring and auditing. These solutions found more towards prevention of attacks or of monitoring types of. Vulnerability assessment and Penetration testing are two approaches widely used by organizations to assess web application security. Both solutions are different and complimentary to each other. In this paper comparison of these two approaches are provided. The authors found that penetration testing is better compare to vulnerability assessment as it exploits the vulnerability, while vulnerability assessment is superior in terms of coverage over penetration testing.


  1. Vulnerability Assessment and Penetration Testing: security/vulnerability-assessment-and-penetration-testing
  2. John Barchie, Triware Net world Systems, Penetration Testing vs. Vulnerability Scanning:
  3. Penetration Testing Limits http://
  4. Vulnerability Analysis, Vulnerability Analysis
  5. Open Web Application Security Project, Vulnerability
  6. Penetration Testing: http://searchsoftwarequality
  7. Vulnerability Assessment and Penetration Testing:
  8. Ankita Gupta, Kavita, Kirandeep Kaur: Vulnerability Assessment and Penetration Testing,
  9. International Journal of Engineering Trends and Technology- Volume4 Issue3- 2013, ISSN: 2231-5381 Page 328-330
  10. Konstantinos Xynos, Iain Sutherland, Huw Read, Emlyn Everitt and Andrew J.C. Blyth: PENETRATION TESTING AND VULNERABILITY ASSESSMENTS: A PROFESSIONAL APPROACH, Originally published in the Proceedings of the 1st International Cyber Resilience Conference, Edith Cowan University, Perth Western Australia, 23rd August 2010 available at :
  11. You Yu, Yuanyuan Yang, Jian Gu, and Liang Shen, Analysis and Suggestions for the Security of Web Applications,, International Conference on Computer Science and Network Technology, 2011, 978-1-4577-1587-7/111, IEEE
  12. Andrey Petukhov, Dmitry Kozlov, Detecting Security Vulnerabilities in Web Applications Using Dynamic Analysis with Penetration Testing, accessed on 31st January 2015
  13. Parvin Ami, Ashikali Hasan: Seven Phrase Penetration Testing Model,International Journal of Computer Applications (0975 – 8887),Volume 59– No.5, December 2012
  14. Aileen G. Bacudio, Xiaohong Yuan, Bei-Tseng Bill Chu, Monique Jones,an overview of penetration testing, International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011 DOI :10.5121/ijnsa.2011.3602
  15. Jignesh Doshi, Bhushan Trivedi, Assessment of SQL Injection Solution Approaches, International Journal of Advanced Research in Computer Science and Software Engineering, Volume 4, Issue 10, October 2014 ISSN: 2277 128X
  16. Netcraft, Total Sites Across All Domains August 1995 - April 2010,
  17. Gartner, Press releases,


Attack, Vulnerability, Security Risk, VAPT