{
	"id": "4502ba39-f6a7-4390-99d7-9fddc55dd524",
	"created_at": "2026-04-06T00:22:25.875002Z",
	"updated_at": "2026-04-10T03:21:59.482758Z",
	"deleted_at": null,
	"sha1_hash": "0bac0ea1fc09ee296f8edd5c1d98d9b95e92f3a2",
	"title": "OAT-014 Vulnerability Scanning | OWASP Foundation",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 70201,
	"plain_text": "OAT-014 Vulnerability Scanning | OWASP Foundation\r\nArchived: 2026-04-05 22:44:41 UTC\r\nVulnerability Scanning is an automated threat. The OWASP Automated Threat Handbook - Web Applications\r\n(pdf, print), an output of the OWASP Automated Threats to Web Applications Project, provides a fuller guide to\r\neach threat, detection methods and countermeasures. The threat identification chart helps to correctly identify the\r\nautomated threat.\r\nDefinition\r\nOWASP Automated Threat (OAT) Identity Number\r\nOAT-014\r\nThreat Event Name\r\nVulnerability Scanning\r\nSummary Defining Characteristics\r\nCrawl and fuzz application to identify weaknesses and possible vulnerabilities.\r\nIndicative Diagram\r\nDescription\r\nSystematic enumeration and examination of identifiable, guessable and unknown content locations, paths, file\r\nnames, parameters, in order to find weaknesses and points where a security vulnerability might exist. Vulnerability\r\nhttps://owasp.org/www-project-automated-threats-to-web-applications/assets/oats/EN/OAT-014_Vulnerability_Scanning\r\nPage 1 of 2\n\nScanning includes both malicious scanning and friendly scanning by an authorised vulnerability scanning engine.\r\nIt differs from OAT-011 Scraping in that its aim is to identify potential vulnerabilities.\r\nThe exploitation of individual vulnerabilities is not included in the scope of this ontology, but this process of\r\nscanning, along with OAT-018 Footprinting, OAT-004 Fingerprinting and OAT-011 Scraping often form part of\r\napplication penetration testing.\r\nOther Names and Examples\r\nActive/Passive scanning; Application-specific vulnerability discovery; Identifying vulnerable content management\r\nsystems (CMS) and CMS components; Known vulnerability scanning; Malicious crawling; Vulnerability\r\nreconnaissance\r\nSee Also\r\nOAT-004 Fingerprinting\r\nOAT-011 Scraping\r\nOAT-018 Footprinting\r\nCross-References\r\nCAPEC Category / Attack Pattern IDs\r\n—\r\nCWE Base / Class / Variant IDs\r\n799 Improper Control of Interaction Frequency\r\n841 Improper Enforcement of Behavioral Workflow\r\nWASC Threat IDs\r\n21 Insufficient Anti-Automation\r\nOWASP Attack Category / Attack IDs\r\n—\r\nSource: https://owasp.org/www-project-automated-threats-to-web-applications/assets/oats/EN/OAT-014_Vulnerability_Scanning\r\nhttps://owasp.org/www-project-automated-threats-to-web-applications/assets/oats/EN/OAT-014_Vulnerability_Scanning\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://owasp.org/www-project-automated-threats-to-web-applications/assets/oats/EN/OAT-014_Vulnerability_Scanning"
	],
	"report_names": [
		"OAT-014_Vulnerability_Scanning"
	],
	"threat_actors": [],
	"ts_created_at": 1775434945,
	"ts_updated_at": 1775791319,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/0bac0ea1fc09ee296f8edd5c1d98d9b95e92f3a2.pdf",
		"text": "https://archive.orkl.eu/0bac0ea1fc09ee296f8edd5c1d98d9b95e92f3a2.txt",
		"img": "https://archive.orkl.eu/0bac0ea1fc09ee296f8edd5c1d98d9b95e92f3a2.jpg"
	}
}