The Difference Between Auditing and Vulnerability Scanning

Why both look the same, yet have subtle differences

When talking about auditing, I see that most technical people immediately think about vulnerability scanning. While they definitely have things in common, there are also a lot of minor differences. In this blog post I will show them, and also share how technical auditing and vulnerability scanning can work together.

Similarities and Differences

Let’s first determine what makes technical auditing and vulnerability scanning look similar. First of all, both processes have a technical focus with the goal to discover. The output of both is usually a list of issues. The ones performing the tests have both a technical background. But then things get different.

When we talk about technical auditing, we mean performing an in-depth health check of a system. A technical audit looks at different areas of the system, to determine how well it is configured. Vulnerability scanning on the other has the main purpose to detect software flaws. It is often used by penetration testers and other security professionals, to determine how well a system is patched.

OpenVAS and Lynis

In the field of Linux systems, let’s compare OpenVAS and Lynis. The first is an open source vulnerability scanner, the latter an open source auditing scanner. Both tools have the purpose to find weaknesses on the system. Where OpenVAS does a wide range of tests from the network, Lynis runs on the host itself. Both tools will find different findings, depending on the detected services.

If you would only run OpenVAS, you might it detected some services running, like a web server. It will then perform a set of tests against the HTTP or HTTPS port and reveal its findings. Such findings could be weak ciphers used in the SSL/TLS configuration. While that is a good thing, it might be totally missing that your system time is not properly synced. These kind of things can be detected by Lynis. So in the end it does not make sense to compare vulnerability scanners and auditing tools, as their focus is different. If you would compare something, then take Nessus and OpenVAS, and compare those. For Lynis you could compare it with OpenSCAP.

Overview

Similar

  • Technical focus
  • Find weaknesses

Different

  • Audit performs health check, vulnerability scan checks for software weaknesses
  • Audit can be more generic, vulnerability scan focuses on software

Feedback

Small picture of Michael Boelen

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution!

Mastodon icon