This module presents an overview of vulnerability assessment and penetration testing. It covers the subtle differences between the two and then digs into the various strategies and types of penetration testing. Vulnerability assessment or scanning is the process of looking for weaknesses in a system or environment. This spans physical, administrative, and logical weaknesses. Various examples of each kind are then presented. Penetration testing follows on the heels of a vulnerability assessment and determines if the discovered weaknesses can then be exploited. The field of ethical or white hat hacking comes under this process. We note that the goal is to never cause harm or data loss during this pen testing. The various phases of pen testing are discussed next along with the strategies and methodologies used during each phase.