I've been asked for a question: why we need vulnerability scanning and what is it for?
After I give it a thought, and my answer is: Vulnerability Scanning is a process with the intent to assess 3 things at the infrastructure:
- Missing patch
- Mis-configuration
- Default credential
Is this an over-simplified answer? 8-|
Let's see if I'm correct on this in the next few years. :P