Internal vulnerability assessment is carried out on assets that are exposed to the private networks (internal to the company) hosting internal services. An internal vulnerability assessment is primarily conducted to ensure that the network insiders cannot gain unauthorized access to any of the systems by misusing their own privileges, illustrated as follows:

The internal vulnerability assessment is used to identify weaknesses in a particular system inside the organization's network. When the vulnerability assessment team performs the tests from within the target network, all external gateways, filters, and firewalls get bypassed and the tests are targeted directly at the systems in scope. The internal vulnerability assessment may involve testing from various network segments to check virtual isolation.