Penetration testing
Information technology penetration testing can vary in many ways. They can focus on various aspects/issues and the duration and complexity can vary as well. A penetration test can take some where between a few hours and a couple of weeks depending on the thoroughness and the goals of the test.

Penetration testing is twofold, on the one hand it involves assessing the security weaknesses of a computer system or a network system, and on the other hand it involves performing/simulating attacks where the goal is to break into the systems to realise how far one can get into the system. The goal of such a test is to simulate hackers/crackers and to realize how far such individuals could get within the organisation.

Vulnerability scanning
Vulnerability scanning is similar to penetration testing in the sense that we’re looking for weaknesses in the IT systems. The big difference is that the vulnerabilities will not be exploited. By using this method you can map weaknesses from which you can build an improvement plan. This usually involves disabling unused services or upgrading services and software which is being used in your IT environment.