When talking about auditing, I see that most technical people immediately think about vulnerability scanning. While they definitely have things in common, there are also a lot of minor differences. In this blog post I will show them, and also share how technical auditing and vulnerability scanning can work together.
Similarities and Differences
Let’s first determine what makes technical auditing and vulnerability scanning look similar. First of all, both processes have a technical focus with the goal to discover. The output of both is usually a list of issues. The ones performing the tests have both a technical background. But then things get different.
When we talk about technical auditing, we mean performing an in-depth health check of a system. A technical audit looks at different areas of the system, to determine how well it is configured. Vulnerability scanning on the other has the main purpose to detect software flaws. It is often used by penetration testers and other security professionals, to determine how well a system is patched.
- Technical focus
- Find weaknesses
- Audit performs health check, vulnerability scan checks for software weaknesses
- Audit can be more generic, vulnerability scan focuses on software