Vulnerability Management
Scanning, assessment, prioritization, remediation, and compliance tracking.
Overview
Vulnerability management identifies and fixes security weaknesses.
Lifecycle
Architecture Diagram
āāāāāāāāāāāāāāā
ā Discover ā ā Asset inventory
āāāāāāāāāāāāāāā¤
ā Scan ā ā Vulnerability scanning
āāāāāāāāāāāāāāā¤
ā Assess ā ā Risk evaluation
āāāāāāāāāāāāāāā¤
ā Prioritize ā ā Remediation order
āāāāāāāāāāāāāāā¤
ā Remediate ā ā Fix vulnerabilities
āāāāāāāāāāāāāāā¤
ā Verify ā ā Confirm fixes
āāāāāāāāāāāāāāā¤
ā Report ā ā Documentation
āāāāāāāāāāāāāāā
Scanning Tools
| Tool | Type | Cost |
|---|---|---|
| Nessus | Commercial |
| | Nexpose | Commercial | $$ | | Nikto | Web Scanner | Free |
Vulnerability Scoring (CVSS)
Architecture Diagram
CVSS Score Range:
0.0 - 3.9 ā Low
4.0 - 6.9 ā Medium
7.0 - 8.9 ā High
9.0 - 10.0 ā Critical
CVSS Vector:
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ā ā ā ā ā ā ā ā
ā ā ā ā ā ā ā āā Availability
ā ā ā ā ā ā āāāāāā Integrity
ā ā ā ā ā āāāāāāāāāā Confidentiality
ā ā ā ā āāāāāāāāāāāāāā User Interaction
ā ā ā āāāāāāāāāāāāāāāāāāāā Privileges Required
ā ā āāāāāāāāāāāāāāāāāāāāāāāāāā Complexity
ā āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā Attack Vector
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā Version
Scanning Scripts
# Nmap vulnerability scan
nmap --script vuln target.com
# OpenVAS scan
omp -u admin -w password -X '<get_targets/>'
Remediation Priorities
| Priority | CVSS | SLA |
|---|---|---|
| P1 | 9.0-10.0 | 24 hours |
| P2 | 7.0-8.9 | 7 days |
| P3 | 4.0-6.9 | 30 days |
| P4 | 0.1-3.9 | 90 days |
Practice
Set up OpenVAS and perform a vulnerability scan on a test network.