What type of attack attempts to identify known holes in the security systems?

Vulnerability scanning is focused on identifying known vulnerabilities, or "holes," in a security system. This process employs automated tools that systematically scan networked systems and applications to detect weaknesses that could be exploited by attackers. The output of a vulnerability scan typically includes a list of identified vulnerabilities, categorized by their severity, which organizations can then prioritize for remediation.

This approach is proactive, allowing organizations to uncover security gaps before they can be exploited in an attack. Vulnerability scanning tools reference a database of known vulnerabilities, which are actively maintained and updated to reflect new threats and exploits.

In contrast, penetration testing (often referred to as pen testing) involves simulating attacks on a system to exploit vulnerabilities rather than just identifying them. Static Application Security Testing (SAST) focuses on analyzing source code for vulnerabilities, whereas Dynamic Application Security Testing (DAST) assesses running applications but without specifically targeting known security flaws. These methods serve valuable security functions, but they do not primarily share the same aim of simply identifying known vulnerabilities as vulnerability scanning does.