What is vulnerability scanning?

Vulnerability scanning is an automated, proactive process that identifies security weaknesses across computing systems in a network. It uses specialized scanning tools to inspect hosts, services, configurations, and applications, then compares what it finds against known vulnerability databases and security best practices. The goal is to uncover missing patches, misconfigurations, weak settings, or exposed services that could be exploited by attackers, so you can prioritize and remediate them before an actual breach. This approach contrasts with manual exploitation, which is what penetration testing does to actively test defenses by attempting to break in. It’s also different from routine backups, which protect data, or a review of user permissions, which focuses on who has access. In practice, vulnerability scanning is a foundational activity in a vulnerability management program, often run on a schedule (sometimes with authenticated access for deeper insight) to generate reports and guide remediation priorities.