(also vulnerability assessment tool)
Vulnerability scanner definition
In cybersecurity, vulnerability scanners are used to identify potential security weaknesses in computer networks, systems, and applications. Individuals and network administrators use them to measure system vulnerabilities before attackers or hackers exploit them. Vulnerability scanners scan systems, networks, and applications, looking for missing security patches, unconfigured settings, or weak passwords. If such vulnerabilities are detected, suitable recommendations are generated to improve the system’s security.
See also: cyber hygiene, antivirus, VPNs vs. antivirus
Popular types of vulnerability scanners
- Network scanners: These scanners are used to find and identify vulnerabilities in network-based devices such as firewalls, routers, and switches. They can detect vulnerable services, scan for open ports and identify active hosts if such appear in the network.
- Application scanners: Web application scanners search for vulnerabilities in web applications like cross-site scripting (XSS), SQL injections, and file inclusion weaknesses.
- Cloud-based scanners: These scanners look for weaknesses in cloud-based environments such as Google Cloud Platform, Microsoft Azure, and Amazon Web Services. They usually detect unconfigured cloud services and insecure storage.
- Mobile app scanners: Mobile application scanners are dedicated to identifying vulnerabilities in mobile apps. They usually look for insecure data storage, communication channels, and weak authentication systems.
- Database scanners: This type of vulnerability scanner is designed to identify vulnerabilities in database systems, such as weak authentication mechanisms, SQL injection weaknesses, and missing patches.