Vulnerability Testing

Vulnerability Scanning

  • Vulnerability - A flaw in a system that can leave it open to attack. A vulnerability may also refer to any type of weakness in a computer system itself, in a set of procedures, or in anything that leaves information security exposed to a threat.
  • Vulnerability Scanning - An inspection of the potential points of exploit on a computer or network to identify security holes. A vulnerability scan detects and classifies system weaknesses in computers, networks, and communications equipment and predicts the effectiveness of countermeasures.


  • Goal is to identify:
    • System, network, or application weaknesses.
    • Unpatched or not-updated systems or applications.
    • Common misconfigurations.
    • A lack of security controls.

Assessment Process

  • Passively test security controls.
    • Does not exploit a vulnerability.
  • Identify vulnerability, system flaw, or unpatched code.
  • Identify lack of security controls.
  • Identify common misconfigurations by reviewing system settings, policies, or rule sets.

Assessment Types

  • Intrusive vs Non-Intrusive - See passive vs Active Reconnaissance.
    • Intrusive: Directly engaging on the target system to identify weaknesses that could be used to launch an attack.
    • Non-intrusive: Gain vulnerability information about targeted computers and networks without actively engaging with the systems.
      • Example: Qualys SSL Labs (
  • Credentialed vs Non-Credentialed - Whether or not authentication credentials (user IDs & passwords) are used in scanning. Credentialed has lesser risks and may provide more information, but isn't as realistic.
  • False Positive - Occurs when a scan mistakenly identifies a vulnerability when it is not.

Backdoor Applications