Vulnerability scanners
In Chapter 9, we experimented with a number of the more popular penetration testing tools. An important distinction between penetration testing tools and vulnerability scanners is that penetration testing requires intelligent decisions. Currently, these are made by humans – for example, in deciding to pursue a potential vulnerability once a particular system behavior or response has been observed, although advances in AI and machine learning have the potential to make penetration testing faster and more accurate. Vulnerability scanning, on the other hand, involves simply scanning applications for vulnerabilities and so can be achieved using automated tools. The OWASP maintains a list of vulnerability scanning tools at https://owasp.org/www-community/Vulnerability_Scanning_Tools. You will see from this list that there are two categories of vulnerability scanners:
- Static Application Security Testing (SAST): This testing is typically carried out on...