Practical security insights for teams without a SOC

No vendor fluff. No recycled threat reports. Real guidance on vulnerability scanning, malware, and attack surface management — written by practitioners.

o

Obaida Al-Sulaiman

Information Security Manager · CISSP · CEH · OSCP

Can vulnerability scanning ensure NIS2 compliance? No, and any vendor promising otherwise is selling a false sense of safety. Vulnerability scanning is a required technical control under the NIS2 Directive (EU 2022/2555), but it satisfies only one of the ten risk-management measures in Article 21. Real compliance also demands board governance, 24-hour incident reporting, supply-chain […]
Active vs passive vulnerability scanning comes down to how the scanner looks for weaknesses. Active scanning sends probes and test traffic to your systems and reads the responses, going deep on specific assets. Passive scanning watches existing network traffic quietly, covering everything but only what the traffic reveals. One is a foot wide and a […]
To scan an API for vulnerabilities, you discover every endpoint, feed the scanner an OpenAPI or Swagger definition, authenticate it with the right API key, OAuth, or JWT token, run active and passive tests, then map each finding to the OWASP API Security Top 10 and retest after the fix. APIs cannot be crawled like […]
The difference between an authenticated scan and an unauthenticated scan comes down to one thing: whether the scanner logs in. An unauthenticated scan probes your system from the outside like an anonymous attacker; an authenticated scan uses valid credentials to inspect what sits behind the login. Authenticated scanning finds far more, but unauthenticated scanning shows […]
Continuous vulnerability scanning means your systems get checked for security weaknesses automatically and often, not once a quarter but every day and immediately after anything changes. To set up continuous vulnerability scanning, you discover and tag every asset, choose authenticated or unauthenticated scans, schedule them by risk, prioritize findings with CVSS and real exploit data, […]
A vulnerability assessment in cyber security is a systematic process that finds, ranks, and reports the security weaknesses across your websites, networks, and systems before an attacker exploits them. Think of it as a scheduled inspection of every door and window in your digital environment. This guide explains what a vulnerability assessment is, why it […]
Checking a website for vulnerabilities manually means testing it by hand, the way an attacker would, instead of relying only on an automated scanner. You probe inputs, read HTTP responses, inspect headers, and confirm each finding with real evidence. This guide walks you through How to Check Vulnerability of a Website Manually in seven repeatable […]
Knowing the types of website security vulnerabilities is the difference between fixing a flaw on your schedule and cleaning up a breach on the attacker’s. Most successful attacks do not use exotic zero-days; they exploit the same handful of well-documented weaknesses that appear on site after site. This guide breaks down the 12 most common […]
Choosing between vulnerability scanning vs penetration testing trips up a lot of teams, and picking the wrong one either wastes budget or leaves real holes open. A vulnerability scan is an automated, broad sweep that flags known weaknesses across your whole environment. A penetration test is a human-led, deep attack that proves which of those […]
Vulnerabilities in cyber security are weaknesses in software, hardware, configuration, or human process that an attacker can exploit to gain unauthorized access, steal data, or disrupt operations, and the problem keeps growing: the National Vulnerability Database logged more than 40,000 new CVEs in 2024, and Verizon’s Data Breach Investigations Report found that attackers exploiting vulnerabilities […]
This guide will tell you how to monitor your website availability and uptime by using ScanTitan free online website monitor. As the world evolves today, websites become an increasingly vital tool for businesses and end-users relying on the internet for work or pleasure. With an increase in websites, there is a need for website availability […]
This guide will tell you how to scan your website against malware which includes viruses, webshells, malicious javascript and others by using ScanTitan free website malware scanner. What is website malware? Can a website be infected with malware too? Malware, is the short form for malicious software, is designed basically to cause harm to a […]
This guide will tell you how to monitor your website availability and uptime by using ScanTitan free online website monitor. As the world evolves today, websites become an increasingly vital tool for businesses and end-users relying on the internet for work or pleasure. With an increase in websites, there is a need for website availability […]
This guide will tell you how to scan your website against malware which includes viruses, webshells, malicious javascript and others by using ScanTitan free website malware scanner. What is website malware? Can a website be infected with malware too? Malware, is the short form for malicious software, is designed basically to cause harm to a […]
This guide will tell you how to find your website security vulnerabilities and weakness by using ScanTitan free online vulnerability scanner. What is website vulnerability? According to research, it has shown on average that websites experience a cyber attack of over 25 times per day which implies over 9,000 attacks per year. Website vulnerability simply […]
This guide will tell you how to reduce your website and online services attack surface by finding your security exposures using ScanTitan free online vulnerability scanner. What is website security exposure? With an increasing rate of cyber-attacks daily, there are various factors in which website security exposure is one that allows a website to become […]
This guide will tell you how to know your network exposure and running services on your edge device like a firewall or router and how to monitor network exposure using ScanTitan. What is network exposure monitoring? With the rate at which hackers are exploiting services behind open ports, it is very important to conduct network […]
This article will guide you on how to monitor your cyber brand security using ScanTitan cyber brand monitoring to prevent digital image issues, traffic drops, and your customer trust loss. What is cyber brand monitoring? Cyber brand monitoring is very essential in your business if you want to consistently stand out, retain customers on your […]
This guide will tell you what is vulnerability intelligence and exploit intelligence, why they are important, and how to get benefits using ScanTitan Vulnerability and Exploit intelligence features. What is vulnerability and exploit intelligence? Vulnerability and exploit intelligence are the basis of a good security strategy for your website. They play an important role in […]
This guide will tell you what is cyber threat intelligence and how it is important to identify relevant threats of your business using ScanTitan Threat Intelligence platform. What is Threat Intelligence? Cyber threats keep increasing daily and it has become an essential issue for organizations and companies to deal with. Threat intelligence is simply the […]
Can vulnerability scanning ensure NIS2 compliance? No, and any vendor promising otherwise is selling a false sense of safety. Vulnerability scanning is a required technical control under the NIS2 Directive (EU 2022/2555), but it satisfies only one of the ten risk-management measures in Article 21. Real compliance also demands board governance, 24-hour incident reporting, supply-chain […]
Active vs passive vulnerability scanning comes down to how the scanner looks for weaknesses. Active scanning sends probes and test traffic to your systems and reads the responses, going deep on specific assets. Passive scanning watches existing network traffic quietly, covering everything but only what the traffic reveals. One is a foot wide and a […]
To scan an API for vulnerabilities, you discover every endpoint, feed the scanner an OpenAPI or Swagger definition, authenticate it with the right API key, OAuth, or JWT token, run active and passive tests, then map each finding to the OWASP API Security Top 10 and retest after the fix. APIs cannot be crawled like […]
The difference between an authenticated scan and an unauthenticated scan comes down to one thing: whether the scanner logs in. An unauthenticated scan probes your system from the outside like an anonymous attacker; an authenticated scan uses valid credentials to inspect what sits behind the login. Authenticated scanning finds far more, but unauthenticated scanning shows […]
Continuous vulnerability scanning means your systems get checked for security weaknesses automatically and often, not once a quarter but every day and immediately after anything changes. To set up continuous vulnerability scanning, you discover and tag every asset, choose authenticated or unauthenticated scans, schedule them by risk, prioritize findings with CVSS and real exploit data, […]
A vulnerability assessment in cyber security is a systematic process that finds, ranks, and reports the security weaknesses across your websites, networks, and systems before an attacker exploits them. Think of it as a scheduled inspection of every door and window in your digital environment. This guide explains what a vulnerability assessment is, why it […]
Checking a website for vulnerabilities manually means testing it by hand, the way an attacker would, instead of relying only on an automated scanner. You probe inputs, read HTTP responses, inspect headers, and confirm each finding with real evidence. This guide walks you through How to Check Vulnerability of a Website Manually in seven repeatable […]
Knowing the types of website security vulnerabilities is the difference between fixing a flaw on your schedule and cleaning up a breach on the attacker’s. Most successful attacks do not use exotic zero-days; they exploit the same handful of well-documented weaknesses that appear on site after site. This guide breaks down the 12 most common […]
Choosing between vulnerability scanning vs penetration testing trips up a lot of teams, and picking the wrong one either wastes budget or leaves real holes open. A vulnerability scan is an automated, broad sweep that flags known weaknesses across your whole environment. A penetration test is a human-led, deep attack that proves which of those […]
Vulnerabilities in cyber security are weaknesses in software, hardware, configuration, or human process that an attacker can exploit to gain unauthorized access, steal data, or disrupt operations, and the problem keeps growing: the National Vulnerability Database logged more than 40,000 new CVEs in 2024, and Verizon’s Data Breach Investigations Report found that attackers exploiting vulnerabilities […]

Written by

o

Obaida Al-Sulaiman

Information Security Manager, Dubai

12+ years in information security. Specialises in web application security, vulnerability management, and external attack surface reduction for SMB and mid-market organisations.

Browse by topic

New CVEs, practical guides, and scan methodology updates. One email per week. No sales pitch.
No spam. Unsubscribe any time. GDPR compliant.

Editorial standards: All ScanTitan blog content is reviewed by certified InfoSec professionals before publication. Technical claims are tested against live scan results or cited from primary sources (CVE database, OWASP, NIST NVD). We do not accept sponsored posts or paid placements.

Try a free scan

Run a free vulnerability scan on your domain. No account required.
Loading posts...