A web application vulnerability assessment is an evaluation of websites and web applications for potential vulnerabilities that could expose private data or otherwise increase the likelihood of a successful hacking incident. Unlike penetration testing, web application vulnerability assessments do not involve attempting to exploit identified vulnerabilities and demonstrate the ability to access private data.