1
00:00:00,860 --> 00:00:08,840
Vulnerability scanning employs automating processes and applications to identify vulnerabilities in

2
00:00:08,840 --> 00:00:14,420
a network system, operating system or application that may be exploitable.

3
00:00:14,450 --> 00:00:22,610
When performed correctly, a vulnerability can deliver an inventory of devices, normal abilities that

4
00:00:22,610 --> 00:00:29,990
have been actively scanned for, and usually a confirmation of how compliant the devices are with various

5
00:00:29,990 --> 00:00:32,720
policies and regulations.

6
00:00:32,990 --> 00:00:36,950
Unfortunately, vulnerability scans are load.

7
00:00:36,980 --> 00:00:44,960
They deliver multiple packets that are easily detected by most network controls and make stealth almost

8
00:00:44,960 --> 00:00:46,850
impossible to achieve.

9
00:00:46,880 --> 00:00:52,250
They also suffer from, for the most important part, a vulnerability.

10
00:00:52,250 --> 00:00:59,810
Scanners are signature based, so they can only detect known vulnerabilities and only if there is an

11
00:00:59,810 --> 00:01:05,300
existing recognition signature that the scanner can apply to the target to a penetration tester.

12
00:01:05,310 --> 00:01:13,200
The most effective scanners are open source, so they load the tester to rapidly modify code to detect

13
00:01:13,230 --> 00:01:14,970
new vulnerabilities.

14
00:01:15,510 --> 00:01:23,070
And also scanners produce large volumes of output, frequently containing false positive results that

15
00:01:23,070 --> 00:01:25,120
can lead a tester astray.

16
00:01:25,140 --> 00:01:33,360
In particular, networks with a different operating systems can produce false positives with a rate

17
00:01:33,360 --> 00:01:40,620
as high as 70%, and scanners may have a negative impact on the network.

18
00:01:40,650 --> 00:01:45,690
They can create a network latency or cause the failure of some devices.

19
00:01:45,690 --> 00:01:55,800
So it's recommended to tweak the scan by removing denial of service type plugins during initial scans

20
00:01:55,800 --> 00:02:04,150
and in certain jurisdictions, scanning is considered hacking and may consider Tuite an illegal act.

21
00:02:04,150 --> 00:02:12,040
And there are multiple commercial and open source products that perform vulnerability scans.