You are here: Solutions > Solutions Part2 > Vulnerability Scanning
A vulnerability scanner is a software application that's specifically developed to map systems and search for vulnerabilities in a network, computer, or program. The first step in doing a proper vulnerability scan involves the examination of running applications, operating systems (OS), open ports, and active IP addresses. From there, the scanner may either create a report or move to the next step depending on its findings. Afterwards, the user must discern the patch level of the applications or OS. This is the part where the scanner can take advantage of a discovered vulnerability that can crash a program or OS for the sake of giving the user a clearer idea of how serious or benign a given security hole is.
The purpose of executing a vulnerability scan is to find known or undiscovered vulnerabilities in the devices in your network or programs in your system. Naturally, different scanners can accomplish this objective through varying methods. Also, some scanners work better than others depending on the type of system or problem you have. Scanners could either be friendly or malicious depending on the intentions of a developer. To be more specific, a security scanner can be used for either your benefit or detriment, so it's best for users and security professionals alike to identify and fix these code flaws as soon as they find them before any hackers, online outlaws, or virtual villains decide to use them against you and your computer.
Non-malicious scanners usually stop during the midway portion of the scanning process (that is, the step where it produces a detailed assessment of the machine's security rating and a list of vulnerabilities) but never actually move on to the last step (which is actually demonstrating what could happen to your machine once a security hole is exploited). Vulnerability scanning is a lot like port scanning, packet sniffing, and other security-related actions in that it can either assist you greatly in securing your own system or be used by cyber terrorists to identify weaknesses in your network that they can exploit or use to mount an attack with.