Process Passively test security controls – Does not exploit a vulnerability. Identify vulnerability / System Flaw / Un-patched Code Identify lack of security controls Identify common mis-configurations by reviewing policies, rule set and system settings. Types Intrusive vs. non-intrusive: See passive vs. active reconnaissance Intrusive: Directly engaging on the target system to identify weaknesses that… Continue reading Vulnerability Scanning Concept