AnsweredAssumed Answered

"Authenticated scans do not find real vulnerabilities"

Question asked by AlbertRudolf on May 22, 2013
Latest reply on May 22, 2013 by wkandek

"Authenticated scans do not find real vulnerabilities". That is something a lot of people tell me. They claim authenticated scans do not reproduce real world scenarios since an attacker wouldn't have an account with management privileges.


I usually answer to this by telling people the remote scan is still performed when authentication is enabled. I need some stronger arguments to convince people... Might anybody help me proving that authenticating doesn't make the scan results "unreal"?




Albert Rudolf