Along with well-known services, other types of applications listen on the network. Some provide additional functionality to the standard service. One very common example is the web app. Web applications are scripts and executables that are included in the website's HTML. They provide dynamic content to the user and (usually) run on the website's standard TCP 80 and 443 ports. From a vulnerability scanning perspective, they also present an interesting challenge because so many are custom made. There are whole categories of web app vulnerabilities, but individual apps will behave differently from each other. An advanced pen tester might opt for testing for interesting behavior by the web app, in addition to using a pre-canned vulnerability scan.
Besides web apps, many other applications also listen on the network. These can be the hardest to identify, as they might not be predictable in the ports they use. If your scanner cannot identify the listening service, go to the host and use the netstat command for more information. You can also perform a Google search for information posted by the vendor.
Note: A deep dive into web application coding is beyond the scope of this class. For an interesting article on testing web app behavior, see https://portswigger.net/blog/backslash-powered-scanning-hunting-unknown-vulnerability-classes
