An original article from Alpine Security.
Many organizations ask us to perform an internal penetration test against their internal environment (inside the firewall). They may have heard that this is a good thing to do or think it is required for compliance. The reality is that very few organizations are mature enough to need an internal penetration test. An internal vulnerability assessment usually provides a better ROI. This post explains the main differences between an internal network penetration test and an internal vulnerability assessment. The intent of the article is to help you make an informed decision on which is best for you.