
Automated Testing
A fully automated scan is used for both host operating systems and web applications. The host operating system test will scan for all currently known vulnerabilities affecting that operation system. It will report back on the CVE, the risk and usually suggested remediation tips. The same is true for the web application scanning. The fully automated web application scanner will scan your website at a minimum for the OWASP top 10 vulnerabilities and report back on risks and remediations. https://owasp.org/www-project-top-ten/.
Manual Testing
Manual testing means that you have an actual person who is using various methods to determine the security of a host or the application and, if the rules of the engagement permit, they will attempt to exploit a vulnerability and gain access, modify content or download information. There are varying degrees of manual testing, the simplest is one tester and one day and the more extensive 2 testers and 5 days of testing.
