Section 01: Vulnerability Assessment Concepts
Vulnerability
Vulnerability
Vulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware.
Examples
Protocols such as HTTP, FTP, telnet are inherently insecure
OS is not patched / using latest version
Software / hardware using weak or default credentials
Misconfigurations in different part of the stack
Microsoft security response center
The Microsoft Security Response Center is part of the defender community and on the front line of security response evolution. For over twenty years, we have been engaged with security researchers working to protect customers and the broader ecosystem.
Vulnerability assessment
A vulnerability assessment is a systematic review of security weaknesses in an information system.
Links
CVEs
CVE (Common vulnerabilities and exposures)
The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures.
CVSS (Common vulnerability scoring system)
The Common Vulnerability Scoring System (CVSS) is a free and open industry standard for assessing the severity of computer system security vulnerabilities.
NVD (National vulnerability database)
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
CWE (Common weakness enumeration)
The Common Weakness Enumeration (CWE) is a category system for hardware and software weaknesses and vulnerabilities.
Links
Last updated