What type of vulnerabilities will not be found by a vulnerability scanner?

Zero-day vulnerabilities refer to security flaws that are unknown to the software vendor or have not been publicly disclosed, which also means there are no patches or fixes available for them at the time of discovery. Vulnerability scanners typically rely on a database of known vulnerabilities and their signatures to identify potential weaknesses in systems or applications. Therefore, because zero-day vulnerabilities are not documented or known to security communities at the time, they cannot be detected by such tools.

A vulnerability scanner is effective at identifying known vulnerabilities, misconfigurations, and configuration errors, as these are usually documented and can be cross-referenced against the tool's database. In contrast, the nature of zero-day vulnerabilities makes them inherently difficult to detect without manual or more advanced threat intelligence approaches to identify unusual behavior or signs of exploitation. This distinction highlights the importance of having a layered security approach, including continuous monitoring and behavioral analytics, to detect threats beyond what traditional scanners can identify.