Credentialed vs. Non-Credentialed

Vulnerability scans are security assessments conducted to identify vulnerabilities in systems, networks, or applications. Two common approaches for vulnerability scanning are credentialed and non-credentialed scans, each with its own advantages and limitations.

1. Credentialed Vulnerability Scans

Credentialed vulnerability scans are performed with privileged access or credentials, typically administrative or privileged accounts. This allows the scanner to gain deeper visibility into the target systems and applications, enabling comprehensive scanning and identification of vulnerabilities that require elevated privileges to detect.

Advantages:

• Increased Accuracy: Credentialed scans provide greater accuracy as they can access the system configuration, file systems, and installed software to identify vulnerabilities accurately.
• Comprehensive Coverage: With privileged access, credentialed scans can detect vulnerabilities in operating systems, installed applications, configurations, and account settings.
• Authenticated Checks: Credentialed scans enable authenticated checks, where the scanner can simulate an attacker with valid credentials to identify vulnerabilities that are only exposed to authenticated users.
• Reduced False Positives: Credentialed scans tend to produce fewer false positives compared to non-credentialed scans as they have a better understanding of the system and can differentiate between real vulnerabilities and false alarms.

2. Non-Credentialed Vulnerability Scans

Non-credentialed vulnerability scans are performed without privileged access or credentials. These scans rely on network-based scanning techniques and do not have visibility into the internal system configurations or installed software.

Advantages:

• Ease of Deployment: Non-credentialed scans can be easily deployed across a network without the need for privileged credentials, simplifying the scanning process.
• Network-Level Vulnerabilities: Non-credentialed scans excel at identifying vulnerabilities that can be detected at the network level, such as open ports, services, and weak configurations.
• External Perspective: Non-credentialed scans provide an external perspective, simulating an attacker without any internal privileges, which can help identify vulnerabilities that an external threat actor could exploit.
• Quick Assessments: Non-credentialed scans are faster to execute and provide a high-level assessment of network-level vulnerabilities, making them suitable for initial security checks.

Limitations:

• Reduced Accuracy: Non-credentialed scans may have limited visibility and accuracy, especially for vulnerabilities that require privileged access to detect.
• Missed Internal Vulnerabilities: Non-credentialed scans may miss vulnerabilities within the internal systems or applications that are not exposed at the network level.
• Potential False Positives: Non-credentialed scans may generate more false positives as they rely on network-based scanning techniques without fully understanding the system context.