Vulnerability Scan

Vulnerability Assessment

  • Assessing aspects of system

    • OS (benchmark scan)

    • Network connections

    • Database connections

    • Inbound/outbound communication

    • Libraries used by applications and system

    • Is working according to security requirements and recommendation (Compliance)

    • Developing the scope

Vulnerability Management

  • Periodical Process to find, fix and remediate

  • Need to run external scan every day

    • Host discovery

Value Chain Analysis

  • What is critical for our services

Learn about environment

  • Build your scope according to that

  • Plan engagement

Identify

  • Threat modeling

  • Discover environment

https://msrc.microsoft.com/update-guide/en-us

https://www.microsoft.com/en-us/msrc?rtc=1

https://patchtuesdaydashboard.com/

https://cve.mitre.org/about/index.html

https://nvd.nist.gov/vuln/search/results?form_type=Basic&results_type=overview&query=Windows&search_type=all&isCpeNameSearch=false

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

https://owasp.org/

https://owasp.org/www-project-top-ten/

PreviousEPSSNextAuthenticated vs Unauthenticated Scans

Last updated