During a vulnerability assessment project we try to identify as many vulnerabilities as possible in all systems in scope.
This type of evaluation is mainly based on automated scanning with dedicated tools, doubled by manual validation of the identified vulnerabilities.
It is recommended to perform a vulnerability assessment before penetration testing because it will cover obvious security holes that could be easily used by pentesters to gain access.
Security Café 