What is Vulnerability Scanning?

Vulnerability scanners check systems against databases of known vulnerabilities (CVEs). They test for missing patches, misconfigurations, default credentials, outdated software, and known exploits. Scans can be authenticated (with credentials) or unauthenticated.

Tools include Nessus, OpenVAS, Qualys, and Trivy (containers). Regular scanning is required by PCI DSS, HIPAA, and other compliance standards. Scanners report findings with severity ratings (CVSS scores) and remediation guidance. Integrate scanning into CI/CD pipelines for continuous security.