Vulnerabilities are the gates through which threats enter the enterprise. The more applications a company deploys, the more vulnerabilities it creates for itself. Security management must identify the primary threat vectors within the company. The biggest danger is the power of a threat to gain a toehold somewhere, and then pivot to another part of the system.
Vulnerability testing may be conducted with pOf (passive OS detection), Nmap, Nessus or Hping. When vulnerabilities are discovered, they must be dealt with or the testing does not achieve anything.
Related article:
Proactive Ways to Defend Your Data