How Scanners Find Vulnerabilities

How Scanners Find Vulnerabilities



Vulnerability scanners are not that different from virus scanners. In both cases, the goal of the software is to find something out of the ordinary in the target. A virus scanner scans local resources and local storage of a computer to find potentially malicious software. A vulnerability scanner scans some kind of target to find potentially vulnerable software. Both use similar techniques to do so.


Signature-Based Scanning


In the case of signature-based scanning, the scanner looks for recognizable patterns, which are either prepared by the manufacturer of the scanner or taken from a public database. For example:


  • A virus scanner looks for a certain chain of bytes that are present in a malicious executable file. If it finds that chain of bytes, it assumes that the malicious file has been found.

  • A network scanner looks for a certain response from the server to recognize the exact version of the software that the server uses. It may be as simple as the software actually responding with version information or more complex, for example, recognizing certain typical behavior.

  • There are several advantages to signature-based scanning:


  • It is usually quite fast because no operations need to be performed except comparing chains of bytes from the scanner library with chains of bytes received from the target.

  • It is less intrusive and has nearly no side effects.

  • It is very easy for the scanner manufacturer because there is no need to write custom code. There are also public domain signature databases, which can be used to build their own database.

  • Unfortunately, there are some major disadvantages to this type of scanning, too:


  • It is not always very precise. The signature does not ..

    Support the originator by clicking the read the rest link below.