📖 What is Vulnerability Scanning?
Vulnerability scanning is an automated process used to identify known security weaknesses in a network, system, or application. It compares system signatures against a database of known vulnerabilities to provide a comprehensive snapshot of the current security posture.
"Do not confuse this with penetration testing. Scanning identifies the 'open door'; penetration testing actually tries to 'walk through it' to see how far they can get."
📚 Certification: Certified Information Systems Security Professional (CISSP)
🔑 What are the Key Concepts of Vulnerability Scanning?
- ▸ Credentialed scans use provided login info to access the OS, offering deeper visibility into installed software and internal configurations than non-credentialed scans.
- ▸ False positives occur when a scanner incorrectly identifies a vulnerability, while false negatives occur when a real vulnerability is missed entirely.
- ▸ The CVSS (Common Vulnerability Scoring System) is typically used to prioritize remediation efforts based on the severity and exploitability of the identified flaw.
- ▸ Scanning can be agent-based, where software resides on the host, or network-based, where a remote scanner probes the target over the network.
- ▸ Regular scheduling and continuous monitoring are essential to detect new vulnerabilities as they are disclosed in global databases like CVE and NVD.
🎯 How does Vulnerability Scanning appear on the CISSP Exam?
You may be asked to recommend a scanning method for a high-uptime server where network-based probing might cause instability; the correct answer is typically a credentialed or agent-based scan.
A scenario might describe a company needing to meet a compliance requirement for quarterly security assessments; you must distinguish if a vulnerability scan or a full penetration test is required.
Expect questions about prioritizing a long list of scan results; you should focus on the intersection of high CVSS scores and the criticality of the affected asset to determine the remediation order.
❓ Frequently Asked Questions
What is the primary advantage of credentialed scanning over non-credentialed scanning?
Credentialed scanning allows the tool to log into the system, enabling it to see internal version numbers and registry settings, which significantly reduces false positives and identifies vulnerabilities that network probes cannot see.
Can vulnerability scanning replace the need for penetration testing?
No. Scanning identifies known vulnerabilities based on signatures, whereas penetration testing uses human expertise to exploit those vulnerabilities and discover complex logic flaws or zero-day issues that scanners miss.