Vulnerability Assessment Penetration Testing (black-box, gray-box, white-box)

A vulnerability assessment is systematic review of security weaknesses in an information system. It evaluates if the system is susceptible to any known vulnerabilities, assign severity levels to those vulnerabilities, and recommends remediation or mitigation, if and whenever needed.

A penetration test (PT) is a proof-of concept approach to actually explore and exploit discovered vulnerabilities. This process takes vulnerability assessment one step further to verify and confirm if the vulnerability discovered really exists and can be exploited by an attacker, in that case can result in damage to the application/network.