What Is Vulnerability Scanning?

Why Do We Need Vulnerability Scanning?

A vulnerability is a weakness in a computer system, which threatens the confidentiality, integrity, availability, and access control of the system or its application data. Hackers can exploit known vulnerabilities, such as SQL injection, buffer overflow, and cross-site scripting, to easily attack your network, which may cause immeasurable loss. Vulnerability scanners are used to periodically scan, detect, and evaluate vulnerabilities so that you can take measures promptly to improve system security, reduce attack risks, and prevent serious cyber security incidents such as data leakage.

How Do We Perform Vulnerability Scanning?

When a vulnerability scanner is used to scan a host, the scanner typically searches for missing patches, known malware, open ports, and weak passwords, as well as performing other security analysis. After the scanning is complete, it further analyzes the scanning result, evaluates risks, provides handling suggestions, and generates a comprehensive and detailed vulnerability scanning report.

Vulnerability scanning is classified into the following types:

• Authenticated scanning: Scanners are allowed to use remote management protocols to directly access network asset information, such as specific services on the host operating system and details about installed software. The scanners detect and attempt to exploit vulnerabilities during the scanning process. This helps discover more comprehensive and hidden vulnerability information, and even vulnerabilities that are not easy to detect.
• Unauthenticated scanning: Such scanning is performed without authenticating any credentials. As a result, it can detect only limited vulnerability information and may contain false positives.

In addition, new vulnerabilities keep emerging. As such, vulnerability scanners need to continuously update their vulnerability signature databases to identify all vulnerabilities in the system, minimize false positives, and improve the vulnerability scanning accuracy.

Major Differences Between Vulnerability Scanning and Penetration Testing

Vulnerability scanning shares some similarities with penetration testing, but there are some major differences between them.

• Vulnerability scanning is an advanced automated test that searches for potential security vulnerabilities, and identifies only vulnerabilities. Vulnerability scanners are used to automatically perform the vulnerability scanning tasks, which can be completed within several minutes or hours.
• Penetration testing is an exhaustive check. The test personnel exploit the system vulnerabilities to simulate attacks, perform in-depth discovery, confirm vulnerabilities, evaluate possible consequences, and determine the root cause of the vulnerabilities. The test personnel also search for service logic vulnerabilities and evaluate them based on the actual environment.