Summary
Vulnerability scans provide penetration testers with an invaluable information source as they begin their testing. The results of vulnerability scans identify potentially exploitable systems and may even point to specific exploits that would allow the attacker to gain a foothold on a network or gain elevated privileges after achieving initial access.
Anyone conducting a vulnerability scan should begin by identifying the scan requirements. This includes a review of possible scan targets and the selection of scan frequencies. Once these early decisions are made, analysts may configure and execute vulnerability scans on a regular basis, preferably through the use of automated scan scheduling systems.
In Chapter 5, you’ll learn how to analyze the results of vulnerability scans and use those results in a penetration test.