• Asset discovery
- Map scans
- Device fingerprinting
• Special considerations - Scheduling
- Operations
- Performance
- Sensitivity levels
- Segmentation
- Regulatory requirements
• Internal vs. external scanning
• Agent vs. agentless
• Credentialed vs. non-credentialed
• Passive vs. active
• Static vs. dynamic - Reverse engineering
- Fuzzing
• Critical infrastructure - Operational technology (OT)
- Industrial control systems (ICS)
- Supervisory control and data
acquisition (SCADA)
• Security baseline scanning
• Industry frameworks - Payment Card Industry Data
Security Standard (PCI DSS) - Center for Internet Security
(CIS) benchmarks - Open Web Application Security
Project (OWASP) - International Organization for
Standardization (ISO) 27000
series