Thanks for mentioning and I agree with you. Although there is a difference, but I just wanted to keep it simpler for audience.

There are many suites of automated tools and online services available that deal with both at same time. And as a PCI Auditor, I also deal with both at same time and the official term we use for both is “Network Scanning”.

Nessus is a vulnerability scanning tool which only identifies “possible” security vulnerabilities (with a hell lot of false +/-).

Vulnerability Assessment checks for the visible/obvious security issues but Penetration Testing goes further and not only identifies security vulnerabilities but also exploits them to demonstrate an actual hacker attack and includes steps such as footprinting, scanning, enumeration, sniffing, packet inspection, password cracking, bufferover flow attacks, exploitation, backdoor, denial of service, erase logs, patch and report to name a few activities.