In your idea why a customer should do a BAS if they already have gone through vapt?

2 replies

Userlevel 2
Badge +2

Hey @lac_lac,
This is Nir from the product team!

I wanted to share some articles with you that explain the importance of validating your security posture with BAS instead of just relying on VAPT.

1. Gartner blog
2. Cymulate’s blog

Thank you!

Userlevel 2

Hi @lac_lac 

To add to the information Nir shared, the scope of each depends on the specific definition you subscribe to. The approaches are certainly not mutually exclusive as there are supporting and overlapping activities.

The main difference between Breach and Attack Simulation (BAS) and Vulnerability Assessment and Penetration Testing (VAPT) is the scope of the testing. BAS tests individual security controls and the full kill chain, as frequently as required, while VAPT focuses on a particular scope and set of objectives, providing a binary answer of whether the tester achieved the objective or not.

Additionally, BAS through an automated platform is accessible to a wider range of skill levels, whereas VAPT generally requires expert pen-testers to customize their efforts to the scope and objectives of the test.

Great question!

Kind regards,