{"id":2488,"date":"2013-06-14T00:00:00","date_gmt":"2013-06-14T00:00:00","guid":{"rendered":"http:\/\/otava.test\/a-quick-tech-tutorial-vulnerability-scanning\/"},"modified":"2013-06-14T00:00:00","modified_gmt":"2013-06-14T00:00:00","slug":"a-quick-tech-tutorial-vulnerability-scanning","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/a-quick-tech-tutorial-vulnerability-scanning\/","title":{"rendered":"A Quick InfoSec Tutorial: Vulnerability Scanning for HIPAA and PCI Compliance"},"content":{"rendered":"

Vulnerability scanning<\/a> is an automated tool used for assessing security weaknesses.\u00a0 Online Tech recommends monthly vulnerability scans to regularly identify any new vulnerabilities that may have inadvertently been opened in your system.\u00a0 Learn as our technical team gives a quick overview of vulnerability scanning in the interview below.<\/p>\n

Or, listen to the vulnerability scanning interview audio.<\/a><\/p>\n

Q<\/strong>:\u00a0 What is vulnerability scanning?<\/em>
\nA<\/strong>:\u00a0 Vulnerability scanning is a protection mechanism Online Tech uses in the PCI stack(PCI hosting<\/a>) for security.\u00a0 What vulnerability scanning does is looks for vulnerabilities in switches, firewalls, servers, software applications. It will look for over 5,000 different vulnerabilities. Online Tech adds new vulnerabilities to look for and update its engines every day.<\/p>\n

Q<\/strong>: How does it work?<\/em>
\nA<\/strong>:\u00a0\u00a0 Online Tech grabs an IP address and then we start attacking that IP Address with a probe that is looking for vulnerabilities.\u00a0 Once that is done, it sends back a report and hopefully most of the items are green.\u00a0 Some items may be yellow.\u00a0 Some may be red.\u00a0 Those are going to be the things we are going to look at.\u00a0 That is where human intervention comes in to remediate any possible vulnerabilities.\u00a0 So, someone is going to look at the report and decide what actions should be taken.<\/p>\n

\"Vulnerability<\/p>\n

Q<\/strong>: Who should be using vulnerability scanning and how often should this be done?<\/em>
\nA<\/strong>: PCI requirements dictate that it is done quarterly.\u00a0 Online Tech does this monthly and any one with PCI data or other sensitive data like health care or social security numbers should be using vulnerability scanning.<\/p>\n

Companies that need to meet PCI compliance<\/a> must meet PCI requirement 11.2 that requires scanning of their environments:<\/p>\n

Run internal and external network vulnerability scans at least quarterly and after any significant change in the network (such as new system component installations, changes in network topology, firewall rule modifications, product upgrades). – PCI DSS Requirements and Security Assessment Procedures, Version 2.0<\/p><\/blockquote>\n

While not explicitly stated to meet HIPAA compliance<\/a>, \u201cautomated vulnerability scanning tools\u201d can be used to proactively test system security, as stated in the Risk Management Guide for Information Technology Systems and recommended by the National Institute of Standards and Technology (NIST).<\/p>\n

Interested in learning more?\u00a0 Download Online Tech\u2019s PCI Compliant Hosting whitepaper<\/a>.\u00a0 It explores the impact of the PCI DSS standard on data centers and server infrastructure, describes the architecture of a PCI compliant data center<\/a> both technically and contractually, and outlines the benefits and risks of data center outsourcing and vendor selection criteria.<\/p>\n","protected":false},"excerpt":{"rendered":"

Vulnerability scanning is an automated tool used for assessing security weaknesses.\u00a0 Online Tech recommends monthly vulnerability scans to regularly identify any new vulnerabilities that may have inadvertently been opened in your system.\u00a0 Learn as our technical team gives a quick overview of vulnerability scanning in the interview below. Or, listen to the vulnerability scanning interview audio. Q:\u00a0 What is vulnerability scanning? A:\u00a0 Vulnerability scanning is a protection mechanism Online Tech uses in the PCI stack(PCI hosting) for security.\u00a0 What vulnerability scanning does is looks for vulnerabilities in switches, firewalls, servers, software applications. It will look for over 5,000 different vulnerabilities. Online Tech adds new vulnerabilities to look for and update its engines every day. Q: How does it work? A:\u00a0\u00a0 Online Tech grabs an IP address and then we start attacking that IP Address with a probe that is looking for vulnerabilities.\u00a0 Once that is done, it sends back a report and hopefully most of the items are green.\u00a0 Some items may be yellow.\u00a0 Some may be red.\u00a0 Those are going to be the things we are going to look at.\u00a0 That is where human intervention comes in to remediate any possible vulnerabilities.\u00a0 So, someone is going to look at…<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"other_category":[],"class_list":["post-2488","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"acf":[],"yoast_head":"\nA Quick InfoSec Tutorial: Vulnerability Scanning for HIPAA and PCI Compliance | OTAVA<\/title>\n<meta name=\"description\" content=\"Vulnerability scanning is used in the PCI stack (PCI hosting) for security.\u00a0 It looks for vulnerabilities in switches, firewalls, servers, apps and more.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.otava.com\/blog\/a-quick-tech-tutorial-vulnerability-scanning\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A Quick InfoSec Tutorial: Vulnerability Scanning for HIPAA and PCI Compliance\" \/>\n<meta property=\"og:description\" content=\"Vulnerability scanning is used in the PCI stack (PCI hosting) for security.\u00a0 It looks for vulnerabilities in switches, firewalls, servers, apps and more.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.otava.com\/blog\/a-quick-tech-tutorial-vulnerability-scanning\/\" \/>\n<meta property=\"og:site_name\" content=\"OTAVA\" \/>\n<meta property=\"article:published_time\" content=\"2013-06-14T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/vscan.png\" \/>\n<meta name=\"author\" content=\"Irma Brillantes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Irma Brillantes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.otava.com\/blog\/a-quick-tech-tutorial-vulnerability-scanning\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/blog\/a-quick-tech-tutorial-vulnerability-scanning\/\"},\"author\":{\"name\":\"Irma Brillantes\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\"},\"headline\":\"A Quick InfoSec Tutorial: Vulnerability Scanning for HIPAA and PCI Compliance\",\"datePublished\":\"2013-06-14T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/a-quick-tech-tutorial-vulnerability-scanning\/\"},\"wordCount\":425,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/a-quick-tech-tutorial-vulnerability-scanning\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/vscan.png\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.otava.com\/blog\/a-quick-tech-tutorial-vulnerability-scanning\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.otava.com\/blog\/a-quick-tech-tutorial-vulnerability-scanning\/\",\"url\":\"https:\/\/www.otava.com\/blog\/a-quick-tech-tutorial-vulnerability-scanning\/\",\"name\":\"A Quick InfoSec Tutorial: Vulnerability Scanning for HIPAA and PCI Compliance | OTAVA\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/a-quick-tech-tutorial-vulnerability-scanning\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/a-quick-tech-tutorial-vulnerability-scanning\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/vscan.png\",\"datePublished\":\"2013-06-14T00:00:00+00:00\",\"description\":\"Vulnerability scanning is used in the PCI stack (PCI hosting) for security.\u00a0 It looks for vulnerabilities in switches, firewalls, servers, apps and more.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.otava.com\/blog\/a-quick-tech-tutorial-vulnerability-scanning\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.otava.com\/blog\/a-quick-tech-tutorial-vulnerability-scanning\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/blog\/a-quick-tech-tutorial-vulnerability-scanning\/#primaryimage\",\"url\":\"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/vscan.png\",\"contentUrl\":\"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/vscan.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.otava.com\/blog\/a-quick-tech-tutorial-vulnerability-scanning\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.otava.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"A Quick InfoSec Tutorial: Vulnerability Scanning for HIPAA and PCI Compliance\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.otava.com\/#website\",\"url\":\"https:\/\/www.otava.com\/\",\"name\":\"OTAVA\u00ae\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.otava.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.otava.com\/#organization\",\"name\":\"OTAVA\u00ae\",\"url\":\"https:\/\/www.otava.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"caption\":\"OTAVA\u00ae\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\",\"name\":\"Irma Brillantes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"caption\":\"Irma Brillantes\"},\"url\":\"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"A Quick InfoSec Tutorial: Vulnerability Scanning for HIPAA and PCI Compliance | OTAVA","description":"Vulnerability scanning is used in the PCI stack (PCI hosting) for security.\u00a0 It looks for vulnerabilities in switches, firewalls, servers, apps and more.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.otava.com\/blog\/a-quick-tech-tutorial-vulnerability-scanning\/","og_locale":"en_US","og_type":"article","og_title":"A Quick InfoSec Tutorial: Vulnerability Scanning for HIPAA and PCI Compliance","og_description":"Vulnerability scanning is used in the PCI stack (PCI hosting) for security.\u00a0 It looks for vulnerabilities in switches, firewalls, servers, apps and more.","og_url":"https:\/\/www.otava.com\/blog\/a-quick-tech-tutorial-vulnerability-scanning\/","og_site_name":"OTAVA","article_published_time":"2013-06-14T00:00:00+00:00","og_image":[{"url":"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/vscan.png","type":"","width":"","height":""}],"author":"Irma Brillantes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Irma Brillantes","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.otava.com\/blog\/a-quick-tech-tutorial-vulnerability-scanning\/#article","isPartOf":{"@id":"https:\/\/www.otava.com\/blog\/a-quick-tech-tutorial-vulnerability-scanning\/"},"author":{"name":"Irma Brillantes","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263"},"headline":"A Quick InfoSec Tutorial: Vulnerability Scanning for HIPAA and PCI Compliance","datePublished":"2013-06-14T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.otava.com\/blog\/a-quick-tech-tutorial-vulnerability-scanning\/"},"wordCount":425,"commentCount":0,"publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"image":{"@id":"https:\/\/www.otava.com\/blog\/a-quick-tech-tutorial-vulnerability-scanning\/#primaryimage"},"thumbnailUrl":"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/vscan.png","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.otava.com\/blog\/a-quick-tech-tutorial-vulnerability-scanning\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.otava.com\/blog\/a-quick-tech-tutorial-vulnerability-scanning\/","url":"https:\/\/www.otava.com\/blog\/a-quick-tech-tutorial-vulnerability-scanning\/","name":"A Quick InfoSec Tutorial: Vulnerability Scanning for HIPAA and PCI Compliance | OTAVA","isPartOf":{"@id":"https:\/\/www.otava.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.otava.com\/blog\/a-quick-tech-tutorial-vulnerability-scanning\/#primaryimage"},"image":{"@id":"https:\/\/www.otava.com\/blog\/a-quick-tech-tutorial-vulnerability-scanning\/#primaryimage"},"thumbnailUrl":"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/vscan.png","datePublished":"2013-06-14T00:00:00+00:00","description":"Vulnerability scanning is used in the PCI stack (PCI hosting) for security.\u00a0 It looks for vulnerabilities in switches, firewalls, servers, apps and more.","breadcrumb":{"@id":"https:\/\/www.otava.com\/blog\/a-quick-tech-tutorial-vulnerability-scanning\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.otava.com\/blog\/a-quick-tech-tutorial-vulnerability-scanning\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/blog\/a-quick-tech-tutorial-vulnerability-scanning\/#primaryimage","url":"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/vscan.png","contentUrl":"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/vscan.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.otava.com\/blog\/a-quick-tech-tutorial-vulnerability-scanning\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.otava.com\/"},{"@type":"ListItem","position":2,"name":"A Quick InfoSec Tutorial: Vulnerability Scanning for HIPAA and PCI Compliance"}]},{"@type":"WebSite","@id":"https:\/\/www.otava.com\/#website","url":"https:\/\/www.otava.com\/","name":"OTAVA\u00ae","description":"","publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.otava.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.otava.com\/#organization","name":"OTAVA\u00ae","url":"https:\/\/www.otava.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","caption":"OTAVA\u00ae"},"image":{"@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263","name":"Irma Brillantes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","caption":"Irma Brillantes"},"url":"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2488","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/comments?post=2488"}],"version-history":[{"count":0,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2488\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/media?parent=2488"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/categories?post=2488"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/tags?post=2488"},{"taxonomy":"other_category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/other_category?post=2488"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}