Vulnerability Management
Scanning, assessment, prioritization, remediation, and compliance tracking.
Overview
Vulnerability management identifies and fixes security weaknesses.
Lifecycle
π
Discover
Asset inventory
π‘
Scan
Vulnerability scanning
π
Assess
Risk evaluation
π
Prioritize
Remediation order
π§
Remediate
Fix vulnerabilities
β
Verify
Confirm fixes
π
Report
Documentation
Scanning Tools
| Tool | Type | Cost |
|---|---|---|
| Nessus | Commercial |
| | Nexpose | Commercial | $$ | | Nikto | Web Scanner | Free |
Vulnerability Scoring (CVSS)
Architecture Diagram
CVSS Score Range:
0.0 - 3.9 -> Low
4.0 - 6.9 -> Medium
7.0 - 8.9 -> High
9.0 - 10.0 -> Critical
CVSS Vector:
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
| | | | | | | |
| | | | | | | +- Availability
| | | | | | +----- Integrity
| | | | | +--------- Confidentiality
| | | | +------------- User Interaction
| | | +------------------- Privileges Required
| | +------------------------- Complexity
| +------------------------------- Attack Vector
+------------------------------------- Version
Scanning Scripts
# Nmap vulnerability scan
nmap --script vuln target.com
# OpenVAS scan
omp -u admin -w password -X '<get_targets/>'
Remediation Priorities
| Priority | CVSS | SLA |
|---|---|---|
| P1 | 9.0-10.0 | 24 hours |
| P2 | 7.0-8.9 | 7 days |
| P3 | 4.0-6.9 | 30 days |
| P4 | 0.1-3.9 | 90 days |
Practice
Set up OpenVAS and perform a vulnerability scan on a test network.