Vulnerability Scanning

who is the single guy from pyeongyang, north korea on steam

Generally Good Ideas

Look for:

• open ports
• active IP addresses
• running apps/services
• missing IMPORTANT/critical updates/patches
• active default/guest user accounts
• default or blank passwords
• misconfigurations
• missing security controls

Scan Options

• intrusive (finds a potential exploit and ACTUALLY TRIES TO DO IT)
• non-intrusive (just finds potential exploits, doesn't know if they work)
• credentialed (insider attack simulator)
• non-credentialed (packet crafting simulator)

Web App Specifics

You should be doing static and dynamic analysis, a.k.a. reading your code and testing it to see if it works as intended. It might help you find:

• unvalidated inputs
• broken access controls / permissions
• SQL injection vulnerabilities
• XSS 
• insecure direct object references (i can smell the Rust "enjoyers" from a few clicks away)
• package/dependency vulnerability monitoring