Skip to main content

Vulnerability Scans

Updated Jan 30, 2024 ·

Overview

Vulnerability scans identify security weaknesses in systems and networks, helping organizations prioritize and mitigate potential risks.

  • Uncover weak points that attackers might exploit.
  • Compare systems against known vulnerabilities.
  • Help maintain security by routine checks.

Scanners

There are three primary categories of scanners used to assess security:

  • Port Scanners

    • Identify open ports on a network or system.
    • Help detect services that might be vulnerable to attack.

  • Vulnerability Scanners

    • Identify security flaws in systems and networks.
    • Compare systems against known vulnerabilities and misconfigurations.

  • Application Scanners

    • Scan web applications for security weaknesses.
    • Detect vulnerabilities like SQL injection, cross-site scripting (XSS), and insecure configurations.

Types of scans

Vulnerability Scan

Identifies and prioritizes vulnerabilities in systems or networks by checking against known security flaws.

  • Non-Intrusive Scanning

    • Gathers information without actively exploiting vulnerabilities.
    • Minimizes the risk of disruption to systems.
    • Safer for production environments.

  • Intrusive Scanning

    • Actively tests for vulnerabilities by simulating an attack.
    • Can identify more issues but might disrupt services.
    • Best for testing in non-production environments.

Configuration Scan

Ensures systems are securely configured to meet security standards and prevent misconfigurations that could create vulnerabilities.

  • Checks the settings and configurations of systems and applications.
  • Identify misconfigurations that could lead to security issues.
  • Ensure compliance with security policies and best practices.

Code Scan

Analyzes source code to detect security flaws before deployment.

  • Detect coding errors and potential security weaknesses before deployment.
  • Use SAST tools such as Fortify or Sonarqube to examine the source code.
  • Integrated into the SDLC to ensure secure coding practices.

Credentialed Scans

Uses credentials to provide deeper insights into the system, checking configurations and permissions more thoroughly.

  • Gathers detailed configuration data with read-only access.
  • Detects hidden vulnerabilities that uncredentialed scans might miss.

Scan Reports

Scan reports categorize findings to differentiate between real and false alerts, ensuring effective remediation.

  • False Negative: A real vulnerability is missed.
  • False Positive: A non-threatening issue is flagged.
  • True Positive: A real vulnerability is accurately identified.
  • True Negative: Non-malicious activities are recognized as safe.

For more information, see Analyzing Vulnerabilities.