A vulnerability scanner is a passive scanner that identifies vulnerabilities or weaknesses on the system. For example, there could be missing updates for the operating system, anti-virus solutions, or there could be only one administrator account on the system. Microsoft has a vulnerability scanning tool called the Microsoft Baseline Security Analyzer (MBSA). A zero day exploit cannot be traced by a vulnerability scanner; it has not yet been identified and has no updates or patches available.
Let's look at the type of output a vulnerability scanner could produce:
- False positive: A false positive is where the scan believes that there is a vulnerability but when you physically check it is not there.
- False negative ...