Vulnerability Assessment & Penetration Testing
This is an assessment of the functionality and resilience of the compiled application to known threats. This assessment focuses on the compiled and installed elements of the entire system: how the application components are deployed, communicate or otherwise interact with both the user and server environments.
Application scanning tools as well as manual testing with and without application credentials are used to perform this assessment. Typically some host, network, and general information security practices are assessed as part an application vulnerability assessment.
Penetration tester would involve the auditing of an application (typically web based) and looking for a minimum list of vulnerabilities like: