Vulnerability Assessment (also called as “VA”), is a systematic security assessment by using professional tools such as Nessus, Burpsuite etc. to scan IT assets to identify, classify and verify detected vulnerabilities before hackers discover and utilize these vulnerabilities to launch malicious attacks. VA is a simplified security assessment comparing with Pen-test; difference between Pen-test and VA is that VA does not involve manual exploitation of security vulnerability except manual verification of vulnerabilities detected by tools scanning.