vulnerability scanner

A vulnerability scanner is a program that performs the diagnostic phase of a vulnerability analysis, also known as vulnerability assessment... (Continued)

A vulnerability scanner is a program that performs the diagnostic phase of a vulnerability analysis,also known as vulnerability assessment. Vulnerability analysis defines,identifies, and classifies the security holes (vulnerabilities) in a computer, server, network, or communications infrastructure. In addition, vulnerability analysis can forecast the effectiveness of proposed countermeasures, and evaluate how well they work after they are put into use.

A vulnerability scanner relies on a database that contains all the information required to check a system for security holes in services and ports, anomalies in packet construction, and potential paths to exploitable programs or scripts. Then the scanner tries to exploit each vulnerability that is discovered. This process is sometimes called ethical hacking.

An ideal vulnerability scanner has capabilities such as the following:

  • Maintenance of an up-to-date database of vulnerabilities.
  • Detection of genuine vulnerabilities without an excessive number of false positives.
  • Ability to conduct multiple scans simultaneously.
  • Ability to perform trend analyses and provide clear reports of the results.
  • Recommendations for countermeasures to eliminate discovered vulnerabilities.

If security holes are detected by a vulnerability scanner, a vulnerability disclosure may be required. The person or organization that discovers the vulnerability, or a responsible industry body such as the Computer Emergency Readiness Team (CERT), may make the disclosure, sometimes after alerting the vendor and allowing them a certain amount of time to remedy or mitigate the problem.

This was first published in July 2006

Continue Reading About vulnerability scanner

Glossary

'vulnerability scanner' is part of the:

View All Definitions

Dig deeper on Software Security Testing Tools

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchSOA

TheServerSide

SearchCloudApplications

SearchAWS

SearchBusinessAnalytics

SearchFinancialApplications

SearchHealthIT

Close