Vulnerability scanning is the automated process of checking systems, applications, or environments for known weaknesses, missing patches, or insecure configurations. It matters because organizations need a repeatable way to identify common exposures before attackers find and exploit them.
What is Vulnerability Scanning?
Vulnerability scanning uses tools to compare systems and software against known weakness data, configuration checks, or security policies. Scans can target internal hosts, external attack surfaces, web applications, cloud environments, containers, or endpoints.
Scanning is often one input into a larger vulnerability management program, not the entire program by itself.
What Vulnerability Scanning Can Find
Common findings include missing patches, outdated software, exposed services, weak protocol settings, known CVEs, risky configurations, and sometimes unsupported systems.
Vulnerability Scanning vs. Vulnerability Management
Scanning is the detection step. Vulnerability management includes prioritization, validation, remediation, exception handling, and tracking risk over time.
Frequently Asked Questions
Does vulnerability scanning find every security issue?
No. Scans are useful, but they can miss logic flaws, chaining risk, business context, and some application-specific weaknesses that require deeper testing.
How often should vulnerability scanning happen?
That depends on risk and change rate, but regular recurring scans and re-scans after remediation are common practice.
Related Cybersecurity Terms
