1. Vulnerability Scanner
   1. Automated tools and programs that scan for security vulnerabilities.
   2. Modern scanning tools may be available as:
      1. Cloud-Based SaaS (Software as a Service)
      2. Web Application
      3. Agent (installed on the host device)
2. Examples:
   1. Tenable Nessus
      1. A proprietary vulnerability scanner developed by Tenable Network Security.
      2. Host-Based
   2. Burp Suite
      1. Web Application-Based
      2. Burp Suite also has a Mobile Application
   3. Rapid7 Nexpose + InsightVM
      1. Rapid7 are the sentinels of the Metasploit Project, which develops a bulk of the open-source penetration testing and exploitation tools used by white hat hackers today. Their vulnerability scanner combines a cloud-based and host-based solution.
      2. Nexpose: Host-Based
      3. InsightVM: Cloud-Based
   4. OWASP Zed Attack Proxy (ZAP)
      1. The Open Web Application Security Project (OWASP) is another security-minded group. Unlike Rapid7, however, OWASP has no profit motive. Their ZAP open-source web application security scanner is one of the most active OWASP projects, intended for both professionals and inexperienced security users, and is free to download and use.
      2. When used as a proxy server, the user may manipulate all traffic that passes through it, including HTTPS.