A Vulnerability Assessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system. Examples of systems for which vulnerability assessments are performed include, but are not limited to, information technology systems, energy supply systems, water supply systems, transportation systems, and communication systems. 

Such assessments may be conducted on behalf of a range of different organizations, from small businesses up to large regional infrastructures. Vulnerability from the perspective of disaster management means assessing the threats from potential hazards to the population and to infrastructure. It may be conducted in the political, social, economic or environmental fields.

The almost universal use of mobile and web applications makes systems vulnerable to cyber-attacks. Vulnerability assessment can help identify the loopholes in a system while Penetration Testing is a proof-of-concept approach to explore and exploit a vulnerability.