Security assessments tests diagnose actual security vulnerabilities by testing specific areas of your security infrastructure. They can be performed with or without a Security Review. Each test has separate goals and a different process, but all are designed to identify security vulnerabilities and to assign a probability of occurrence so that a plan can be defined related to controlling that security risk. Consult your security expert to determine which tests might be appropriate for your environment.
The most common security tests used in security risk assessments are network vulnerability scanning tests. These tests can be used to test external networks, Websites, Web applications as well as internal networks.