Vulnerability Assessment is a process of identifying, quantifying, and prioritizing vulnerabilities in an information system, network, or application. It involves the use of automated tools to scan systems for known vulnerabilities and configuration issues. The output of a vulnerability assessment is typically a report listing the identified vulnerabilities along with recommendations for remediation.
Penetration Testing, on the other hand, is an authorized simulated attack on your system, network, or application with the goal of identifying and exploiting vulnerabilities to gain access or steal sensitive data. Penetration Testing is typically conducted manually by experienced security professionals who use a combination of tools and techniques to try to circumvent security controls and gain access to systems and data. The output of a penetration test is a report detailing the vulnerabilities found and the success of attempts to exploit them.
There is a lot of similarity, however, Vulnerability Assessment is a more automated and passive approach that provides a broad overview of your security posture, while Penetration Testing is a more manual and active approach that attempts to simulate a real-world attack scenario to identify and exploit vulnerabilities.