FIGURE 15.5 Web application vulnerability scan of the same web

               server that was port scanned in Figure 15.1 and network vulnerability
               scanned in Figure 15.2.




                             Do network vulnerability scans and web vulnerability

                  scans sound similar? That’s because they are! Both probe services
                  running on a server for known vulnerabilities. The difference is
                  that network vulnerability scans generally don’t dive deep into the
                  structure of web applications whereas web application scans don’t

                  look at services other than those supporting web services. Many
                  network vulnerability scanners do perform basic web vulnerability
                  scanning tasks, but deep-dive web vulnerability scans require
                  specialized, dedicated web vulnerability scanning tools.

                  You may have noticed that the Nessus vulnerability scanner
                  performed both the network vulnerability scan shown in Figure
                  15.4 and the web vulnerability scan shown in Figure 15.5. Nessus is

                  an example of a hybrid tool that can perform both types of scan.