Definition[edit | edit source]
A vulnerability scanner is a computer program that searches the Internet looking for computers that are vulnerable to a particular type of attack. The scanners have a large database of vulnerabilities that they use to probe computers in order to determine the vulnerable ones. Both commercial and free vulnerability scanners exist.
Overview[edit | edit source]
Vulnerability scanners can:
- Proactively identify vulnerabilities
- Provide a fast and easy way to measure exposure
- Automatically fix discovered vulnerabilities
- Identify out-of-date software versions
- Validate compliance with an organizational security policy
- Generate alerts and reports about identified vulnerabilities.
However, vulnerability scanners do have some weaknesses. Scanners:
- Depend on regular updating of the vulnerability database
- Tend to have a high false positive error rate
- May generate significant amounts of network traffic
- May cause a denial of service (DoS) of hosts, because scanner probing may cause a system to crash inadvertently.
Community content is available under CC-BY-SA unless otherwise noted.
