The term vulnerability analysis is used in corporate policy to assess the performance and competitiveness of a company, but also in information security
to detect vulnerabilities. Vulnerability analysis focuses on the capabilities
thathackers have to penetrate a system. The purpose of vulnerability analysis is to discover weaknesses in the IT infrastructure and to fix them by means of vulnerability management
. Typically, vulnerability assessments are performedwith penetration testing
, vulnerability scanning, or side-channel analysis. Vulnerability assessments can be performed by professional security experts and companies as Hacking as a Service (HaaS), but they can also be performed by white-hats, which are hackers who simply spy on the vulnerabilities and report them to the company or organization, but do not use them to their advantage.