Vulnerability - A flaw in a system that can leave it open to attack. A vulnerability may also refer to any type of weakness in a computer system itself, in a set of procedures, or in anything that leaves information security exposed to a threat.
Vulnerability Scanning - An inspection of the potential points of exploit on a computer or network to identify security holes. A vulnerability scan detects and classifies system weaknesses in computers, networks, and communications equipment and predicts the effectiveness of countermeasures.
Goal is to identify:
System, network, or application weaknesses.
Unpatched or not-updated systems or applications.
Common misconfigurations.
A lack of security controls.
Passively test security controls.
Does not exploit a vulnerability.
Identify vulnerability, system flaw, or unpatched code.
Identify lack of security controls.
Identify common misconfigurations by reviewing system settings, policies, or rule sets.
Intrusive vs Non-Intrusive - See passive vs Active Reconnaissance.
Intrusive: Directly engaging on the target system to identify weaknesses that could be used to launch an attack.
Non-intrusive: Gain vulnerability information about targeted computers and networks without actively engaging with the systems.
Example: Qualys SSL Labs (https://www.ssllabs.com/ssltest/)
Credentialed vs Non-Credentialed - Whether or not authentication credentials (user IDs & passwords) are used in scanning. Credentialed has lesser risks and may provide more information, but isn't as realistic.
False Positive - Occurs when a scan mistakenly identifies a vulnerability when it is not.
​{NetBus}​
​{Back Orifice}​
​{Masters Paradise}​