Automated scanning uses tools like Nessus, Qualys, OpenVAS to identify known vulnerabilities across systems — fast and comprehensive for known issues but misses logic flaws and chained vulnerabilities.
Automated scanners are starting points, not substitutes for manual testing. They produce false positives — verify findings manually before reporting. Authenticated scans find 3-5x more vulnerabilities than unauthenticated. Web app scanners (Nikto, OWASP ZAP) supplement network scanners for web targets.