When tasked with securing an application there is a choice between an automated vulnerability scan and a pentest. When starting out, companies will often focus on automated testing/scanning procedures rather than manual in-depth application reviews.

Although these types of test are worthwhile exercises and should form part of a ‘defence in depth’ approach to security, manual application testing should be considered for critical applications.

Read more here: www.secarma.com/whats-the-difference-between-a-vulnerability-scan-and-a-pentest