What are the Six Types of Vulnerability Scanning?

What are the Six Types of Vulnerability Scanning?What are the Six Types of Vulnerability Scanning?
Rebecca KappelRebecca Kappel Staff asked 6 months ago

1 Answers
Rebecca KappelRebecca Kappel Staff answered 6 months ago
Vulnerability scanning is critical in maintaining an organization’s security posture. Here are six key types of vulnerability scanning, each serving specific purposes in securing IT environments:

1. Internal Scanning:

Internal scanning is conducted within the network infrastructure, focusing on strengthening applications and resources against internal threats such as rogue employees or potential intruders who may have breached network perimeters. Within this category, a credentialed vulnerability scan is a type of security assessment involving using privileged or login credentials to evaluate a system’s security vulnerabilities comprehensively. In contrast to non-credentialed scans, which assess vulnerabilities from an external perspective, credentialed scans have internal access to the tested systems. 

2. External Scanning:

External scanning operates as if the scanner were an external threat actor attempting to breach the organization’s perimeter. It identifies vulnerability categories in external-facing elements such as firewalls, internal applications, web apps, data ports, and network elements.

External scans simulate real-world external threats to uncover weaknesses accessible from outside the organization. They offer insights into vulnerabilities visible to external adversaries.

3. Discovery Scanning:

Discovery scanning plays a fundamental role in identifying situations within the network that present risks and threats to the organization. It involves mapping and cataloging devices, services, and potential vulnerabilities.

Discovery scanning lays the groundwork for comprehensive vulnerability management, ensuring that organizations clearly understand their network landscape and potential areas of concern.

4. Network Scanning:

Network scanning works with port scanners to identify weak or questionable passwords, perform limited penetration testing without disrupting network operations, and exploit identified vulnerabilities to pinpoint attack vectors and anomalies.

5. Cloud Vulnerability Scanning or Web Application Scanning:

Web application scanning examines public-facing web applications for potential vulnerabilities. It involves assessing the security of web applications to protect against attacks and unauthorized access.

Web application scanning helps organizations identify and remediate vulnerabilities in their web applications, reducing the risk of data breaches and ensuring the integrity of online services.

6. CISA Database Vulnerability Scanning

CISA’s database vulnerability scanning service is a comprehensive security assessment that employs credentialed vulnerability scanning to examine databases thoroughly. Before each assessment, the scanning tool is updated to the latest version, ensuring it incorporates the most recent knowledge and security vulnerability types. The process involves analyzing discovered vulnerabilities and cross-referencing them against the National Vulnerability Database (NVD) Common Vulnerabilities and Exposures (CVE) database.

Related Content

Authorization to Operate (ATO)

Authorization to Operate (ATO)

What is an ATO? An ATO is a hallmark of approval that endorses an information system…


What is StateRAMP? In 2011, the Federal Risk and Authorization Management Program (FedRAMP) laid the groundwork…
Segregation of Duties

Segregation of Duties

What is the Segregation of Duties? Segregation of duties (SoD) is like a game of checks…
Skip to content