The explosion of web and mobile applications presents an entirely new set of security challenges. While most of the tools and practices of traditional web and desktop applications are equally applicable to mobile, there are some unique concerns to keep in mind, including lost or stolen devices, mobile malware, targeted attacks on devices, and more.
A vulnerability assessment usually includes a mapping of the network and systems connected to it, an identification of the services and versions of services running and the creation of a catalogue of the vulnerable systems. A vulnerability assessment normally forms the first part of a penetration test. The additional step in a penetration test is the exploitation of any detected vulnerabilities, to confirm their existence, and to determine the damage that might result due to the vulnerability being exploited and the resulting impact on the organisation.