Strike Graph security compliance blog

6 types of vulnerability scanning

Written by Kenneth Webb, CISSP, GWAPT, CSSLP, CISA, CIS LA | Jan 27, 2023 8:00:00 AM

Don't wait for an attacker to find the holes in your company’s security measures. With vulnerability scanning, you’ll be able to take preventative measures against data theft before it becomes an issue.

Thankfully, vulnerability scanning can help businesses know where the vulnerabilities in their networks are and how to secure them — and for a minimal cost. Here’s a little bit more about how vulnerability testing can help you ensure all the data your organization is responsible for is safe and secure.

What is vulnerability scanning?

In order to define vulnerability scanning, let’s first define penetration testing. A penetration test — also known as a pen test — simulates a real-world attack, showing you exactly how a hacker can gain access to your organization’s network. This, in turn, allows your company to identify potential threats and secure your systems before it's too late.

A vulnerability scan is a subset of pen test activities designed to test a network and its related systems against a known set of common vulnerabilities. You may only conduct a pen test annually (in addition to when there is an addition or significant change to infrastructure or applications, or end-user access policies are modified), but vulnerability scans are typically run more frequently.

During a vulnerability scan, an automated tool identifies and creates an inventory of all IT assets. This includes everything connected to the network (including desktops, laptops, servers, firewalls, virtual machines, switches, printers, containers, etc) and its operational details (for example, operating systems, software, user accounts, or open ports).

Vulnerability scanning can be categorized into six types based on the categories of assets they scan. Let’s take a look at each now.

1. Port scanning

Port scanning assists in the prevention of unauthorized network access. This is accomplished by examining network servers for open ports. Connection requests are sent to them, and request responses are monitored to determine whether they are active or not. If the scan uncovers open port vulnerabilities, hackers can likely identify them too, which is why this type of scan is so important.

2. Network vulnerability scanning

Network-based vulnerability scanning is one of the most critical types of scans for your organization. This scan identifies vulnerable systems and possible network security attacks on wired or wireless networks. By discovering unauthorized or unknown devices and systems on a network, you’ll be able to determine if there are unknown perimeter points on the network—this could include connections to insecure networks or unauthorized remote access servers.

Network vulnerability scanning can be conducted via brute force scans that check for weak passwords, credentialed scans that allow approved users to check for vulnerabilities without impacting network activity or business operations, and exploit scans that check for vulnerabilities and exploit them to the point of network disruption.

3. Application vulnerability scanning

Application vulnerability scanning tests networks, websites, web applications, and mobile applications in order to detect known erroneous configurations and software vulnerabilities. Since both web and mobile apps are updated with new features on a regular basis, new vulnerabilities can creep in with those new updates. Furthermore, external components like plugins and themes can also provide a chance for exploitable vulnerabilities.

4. Host-based vulnerability scanning

Host-based vulnerability scanning assesses the configurations and operating systems of servers, local machines, and other network hosts. It does so by first locating and identifying vulnerabilities, providing greater visibility into the configuration settings and patch history of scanned systems. This also highlights the potential damage that can be done by an attacker.

This type of vulnerability scanning usually falls into one of three categories. When the scan uses an agent server, a software agent is installed on an endpoint, then scans and reports data back to a central server for analysis. When the scan is agentless, an administrator-credentialed user centrally initiates vulnerability scans. In a standalone scan, scanner installation is required on every host you intend to check, and scan data must be collected from all the hosts, then compiled, analyzed, and reported on for mitigation action.

5. Database vulnerability scanning

Database vulnerability scanning identifies the weak points in a database by scanning for vulnerabilities like lack of encryption, faulty security configuration, and more. This helps your business prevent malicious attacks while ensuring the integrity, confidentiality, and availability of databases and database management systems. 

6. Cloud vulnerability scanning

Cloud vulnerability scanning scans a cloud deployment for common vulnerabilities in order to monitor, manage, and improve the overall security of your organization’s cloud infrastructure.

While cloud computing has many advantages for businesses of all sizes, the US National Security Agency (NSA) has identified four categories of cloud vulnerabilities. These include:

  • Misconfiguration: Server misconfigurations, such as misconfigured S3 buckets, and mistakes in cloud service settings and technical controls
  • Poor access control: Includes weak passwords and insufficient authentication processes and policies
  • Shared tenancy: Failure of cloud service providers to properly segment multiple organizations’ resources and data, including XSS, CSRF, and SQLi bugs that can be easily exploited by hackers
  • Supply chain: Malicious activity that can compromise software or hardware prior to a cloud service provider acquiring it

A hacked database can be devastating for a business of any size, as it impacts business reputation, brand value, continuity, intellectual property, and finances, and may even lead to the levying of fines and penalties.

Vulnerability scanning enables organizations to monitor their computer networks, systems, applications, and procedures for security vulnerabilities, allowing them to:

  • Recognize weaknesses in their environment
  • Gather insights into degrees of risk from each vulnerability
  • Receive recommendations on how to mitigate those vulnerabilities

This, in turn, can lead your organization to become more compliant, which brings its own host of benefits as well, including revenue growth, operational efficiency, customer trust and loyalty, industry acceptance, and more.

While you may think you need many different kinds of security providers in order to properly conduct all of these types of vulnerability scans, the good news is that you don’t!

With a one-stop solution like Strike Graph, you’ll be able to use tools like vulnerability scanning to make your audit prep for security frameworks like SOC 2, ISO 27001, HIPAA, and more a lot faster and easier.

After spotting weaknesses you may miss, we’ll provide you with a prioritized list of recommendations so you can quickly remedy vulnerabilities before your audit. And we won’t stop there — you can employ these tools year after year to ensure your controls and protocols are working so you can rest assured that your infrastructure is secure at all times.