<div>
Finally, I know what kind of vulnerabilities testing are they going to perform. They are going to use Qualys Guard Scan and perform &quot;authenticated scans&quot;. First time I've heard about that. According to Qualys company, they are very helpful to find security vulnerabilities:<br />
<br />
<a href="https://community.qualys.com/thread/11562" rel="ugc">https://community.qualys.com/thread/11562</a><br />
<br />
Any experience with that kind of scans?
</div>


Finally, I know what kind of vulnerabilities testing are they going to perform. They are going to use Qualys Guard Scan and perform "authenticated scans". First time I've heard about that. According to Qualys company, they are very helpful to find security vulnerabilities:

https://community.qualys.com/thread/11562 [https://community.qualys.com/thread/11562]

Any experience with that kind of scans?

<div>
<div class="content wysiwyg-content">
We are a company that has many web application developed in ASP.NET. Our Internet Service Provider (Telefonica) wants to test our web sites looking for vulnerabilities. For that, they are asking us to provide them userid and password (read-only access) for each web site.<br />
<br />
It's the first time that I heard that for testing vulnerabilities in websites you need to inform userid and password to an IPS. Is it not supposed that for testing vulnerabilities you should try to break or hack websites without knowing that precious info? <br />
<br />
Or maybe that is difference between Vulnerability Testing and Penetration Testing?
</div>
</div>


We are a company that has many web application developed in ASP.NET. Our Internet Service Provider (Telefonica) wants to test our web sites looking for vulnerabilities. For that, they are asking us to provide them userid and password (read-only access) for each web site.

It's the first time that I heard that for testing vulnerabilities in websites you need to inform userid and password to an IPS. Is it not supposed that for testing vulnerabilities you should try to break or hack websites without knowing that precious info? 

Or maybe that is difference between Vulnerability Testing and Penetration Testing?

Is it needed userid and password for testing vulnerabilities in a website?

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.