Automated process of identifying security weaknesses in systems, networks, and applications.
Vulnerability scanning uses automated tools to identify security weaknesses across systems, networks, and applications. Scanners compare system configurations, software versions, and settings against databases of known vulnerabilities, producing reports of identified issues. Scanning can be authenticated (with credentials for deeper inspection) or unauthenticated (external perspective). Regular scanning—weekly or continuous for critical systems—identifies vulnerabilities before attackers exploit them. Scanning is foundational to vulnerability management programmes.
Why It Matters
The DSC Perspective:
Vulnerability scanning identifies what needs patching before attackers find it. Regular scanning is expected by compliance frameworks and security questionnaires. Many organisations scan too infrequently—consider continuous or weekly scanning for critical assets.