A vulnerability scanner is a program that performs the diagnostic phase of a vulnerability analysis,also known as vulnerability assessment. Vulnerability analysis defines,identifies, and classifies the security holes (vulnerabilities) in a computer, server, network, or communications infrastructure. In addition, vulnerability analysis can forecast the effectiveness of proposed countermeasures, and evaluate how well they work after they are put into use.
A vulnerability scanner relies on a database that contains all the information required to check a system for security holes in services and ports, anomalies in packet construction, and potential paths to exploitable programs or scripts. Then the scanner tries to exploit each vulnerability that is discovered. This process is sometimes called ethical hacking.
An ideal vulnerability scanner has capabilities such as the following:
- Maintenance of an up-to-date database of vulnerabilities.
- Detection of genuine vulnerabilities without an excessive number of false positives.
- Ability to conduct multiple scans simultaneously.
- Ability to perform trend analyses and provide clear reports of the results.
- Recommendations for countermeasures to eliminate discovered vulnerabilities.
If security holes are detected by a vulnerability scanner, a vulnerability disclosure may be required. The person or organization that discovers the vulnerability, or a responsible industry body such as the Computer Emergency Readiness Team (CERT), may make the disclosure, sometimes after alerting the vendor and allowing them a certain amount of time to remedy or mitigate the problem.