Vulnerability scanning
Vulnerability scanning is the automated process of probing a website, server, or network for known weaknesses such as outdated software, missing security headers, weak TLS, exposed services, and common misconfigurations. A scanner checks the target against a database of issues and returns a ranked list of findings to fix.
What a vulnerability scan actually does.
A scan runs in stages. First it figures out what is there, then it tests each thing it found, then it reports what looks wrong. The point is breadth and repeatability: a scanner can recheck the same target every week and tell you what changed, which a human review cannot do at the same cadence or cost.
Discovery
The scanner maps the target: which hosts answer, which ports are open, what software and versions are running, and which pages and endpoints exist.
Testing
Each discovered surface is checked against known issues: missing headers, weak ciphers, outdated components, exposed admin paths, and signature-matched vulnerabilities.
Reporting
Results come back as a list of findings, usually ranked by severity (often a CVSS score), so you can fix the high-risk items before the cosmetic ones.
Scanning compared to a manual test.
A vulnerability scan is automated and finds known issues at scale. A penetration test is a person chaining weaknesses into real exploits, including ones no scanner has a signature for. The two answer different questions, and most security programs use both rather than picking one.
| Aspect | Vulnerability scan | Penetration test |
|---|---|---|
| Driver | Automated tooling against a known-issue database | A human tester reasoning about the target |
| Finds | Known weaknesses, misconfigurations, exposed services | Chained exploits and business-logic flaws |
| Cadence | Repeatable, can run on every change | Point in time, usually once or twice a year |
| Output | Ranked finding list, often with false positives to triage | Narrative report with proof-of-concept exploits |
How AuditWard relates.
AuditWard runs a vulnerability scan as one half of its audit. Real tooling (curl, testssl.sh, Nuclei, Nmap, Gobuster, nslookup, and WhatWeb) probes the target, then an Analyst agent triages the raw output, scores confidence, and tags each finding to frameworks like PCI DSS 4.0, OWASP Top 10, and SOC 2. The same run also QA-tests the site in a real browser. AuditWard is not a PCI Approved Scanning Vendor and does not replace a manual penetration test; it complements one by giving you a fast, repeatable read on the issues a scan can catch. See the website security scanning pillar for the full picture.
Related terms: DAST, penetration test vs vulnerability scan, and the full glossary.
Vulnerability scanning questions.
What is vulnerability scanning in simple terms?
It is letting software check a website or server for known security weaknesses, then handing you a ranked list of what it found. The scanner compares what is running against a database of issues, so it catches the common, well-documented problems quickly.
Does a vulnerability scan replace a penetration test?
No. A scan finds known issues automatically and on a schedule, while a penetration test is a person who chains weaknesses into real exploits and finds business-logic flaws no scanner has a signature for. Most teams run both.
How often should you run a vulnerability scan?
Because scans are automated and repeatable, run one whenever the target changes: a new release, a config change, or a fresh deploy. Many teams also schedule a recurring scan so they catch new exposures between releases.