OWASP DevSecOps Guideline - v-0.2

Vulnerability Scanning

Vulnerability scanning is an inspection of the potential points of exploit on a computer, application, endpoints, and IT infrastructure (including network) to identify security holes.

Performing vulnerability scanning is a common requirements for regulatory compliance and can help to minimize an organization’s cybersecurity risk. An Approved Scanning Vendor (ASV), for example, is a service provider that is certified and authorized by the Payment Card Industry (PCI) to scan payment card networks.

In the following, we take a look into different types of vulnerability scanning that are as follows:

1. Static Application Security Test - SAST
2. Dynamic Application Security Test - DAST
3. Interactive Application Security Testing - IAST
4. Software Composition Analysis - SCA
5. Infrastructure Vulnerability Scanning
6. Continer Vulnerability Scanning

References

• Wikipedia - Vulnerability Scanner
• Techtarget - Vulnerability Scanning
• Checkpoint - Vulnerability Scanning