1. A security team probes the organization's public-facing infrastructure from an internet connection with no prior network access — checking which ports are reachable from outside, which services are running and at what version, and whether those services match any entries in the CVE database. The results show two internet-facing servers running end-of-life operating systems.
2. A security team runs a scan from inside the corporate network and discovers 14 devices that are not in the asset inventory: six personal laptops, five smart TVs in conference rooms, and three network-attached storage devices installed by individual departments. None of these devices are visible from the internet and none would appear in an external scan.
3. A security engineer feeds a running REST API thousands of automatically generated malformed inputs, including oversized strings, negative integers in quantity fields, and JSON structures with hundreds of levels of nesting. After 8,000 iterations, a specific deeply nested input causes the API to crash and return a stack trace revealing the underlying framework version. The engineer documents this as a potential denial-of-service vulnerability requiring input depth validation.
4. A financial services firm uses a tool that maintains a real-time inventory of all open-source dependencies installed across its applications, cross-referenced against vulnerability databases. When a new CVE is published for any library version present in production, the tool immediately generates an alert to the security team identifying which applications are affected and the severity of the finding.