CySA+
  • CySA+ CS0-002 Exam Objectives
  • Threat Intelligence Cycle
  • Intelligence Sources
  • Security Intelligence Sharing
  • Threat Classification and Threat Actors
  • Threat Research and Indicators of Compromise
  • Attack Frameworks and The Cyber Kill Chain
  • Defining Threat Modeling and Threat Hunting
  • Vulnerability Identification and Validation
  • Vulnerability Scan Results and CVSS Scores
  • Nmap and Enumeration
  • Security Controls
  • Defense in Depth Security Baselines
  • Security Trend Analysis
  • Remediation Issues
  • Asset, Change, and Configuration Management
  • Software Development Lifecycle & Development Models
  • Software Assessment and Code Review
  • Mitigating Attack Types Part 1
  • Mitigating Attack Types Part 2
  • Mitigating Attack Types Part 3
  • Password Cracking and Hashing
  • Privilege Escalation & Man-in-the-Middle
  • Network Based IoCs
  • Host Based IoCs
  • Network Architecture and Segmentation
  • Network Traffic, Packet, and Protocol Analysis
  • Pentesting and Active Defense
  • Firewalls
  • URL Analysis & DNS in Malware
  • Network Access Control and Port Security
  • Identity and Access Management (IAM)
  • Web Application Scanners
  • SSL/TLS Digital Certificate Management
  • Mobile Threats
  • Email Threats and Mitigation
  • Data Loss Prevention (DLP)
  • Endpoint Security and Behavior Analysis
  • Hardware Assurance
  • Blackholes and Sinkholes
  • IoT, Embedded Systems & ICS/SCADA Threats
  • Log Analysis & Continuous Security Monitoring
  • SIEM and Event Correlation
  • Malware Analysis
  • Cloud Models and Service Threats
  • Cloud Automation and Other Cloud Threats
  • VDI, Containers, and Microservices
  • CI/CD, IaC, DevOps
  • AI and Machine Learning
  • Digital Forensics
  • Technical Controls for Securing Data
  • Non-Technical Controls for Securing Data
  • Security Policies and Procedures
  • Continuity Planning and Risk Assessment
  • Incident Response Phases and Communication
Powered by GitBook
On this page

Vulnerability Scan Results and CVSS Scores

PreviousVulnerability Identification and ValidationNextNmap and Enumeration

Last updated 2 years ago

  • The vulnerability database: what makes a scanner good or bad

  • SCAP – Security Content Automation Protocol

  • Mitre developed SCAP

  • Identifiers

    • CVE – Common vulnerability enumeration

    • CPE – Common platform enumeration

    • CCE – Common configuration enumeration

    • CWE – Common weakness enumeration

    • CAPEC – Common attack pattern enumeration and classification

    • OVAL – Open Vulnerability and Assessment Language

    • XCCDF – Extensible Configuration Checklist description format

  • Vulnerability Scan Reports

    • Usually includes: asset – vulnerability – CVSS score

    • CVSS score: metric for comparing and prioritizing vulnerabilities based on several factors.

    • False positives happen. Verify results.

    • True positives. True negatives. Good.

    • False Positive. False negatives. Bad.

  • Avoiding False Results

    • Is scanning traffic allowed?

    • Credentialed?

    • Fine tuning?

    • Baseline OK?

    • Applies to you?

    • Worth considering?

  • CVSS Score and CVE

    • Help priotize, but not only factor

    • CVE = Base Metrics + Temporal Metrics (Optional) + Environment Metrics (Optional)

    • CVSS Base Metrics

      • Attack Vector (AV)

        • Network (N), Adjacent (A), Local (L), Physical (P)

      • Attack complexity (AC)

        • Low (L), High (H)

      • Privileges Require (PR)

        • None (N), Low (L), High (H)

      • User Interaction (UI)

        • None (N), Required (R)

      • Scope (S)

        • Unchanged (U), Change (C)

      • Impact metrics

        • Confidentiality: High, Low, None

        • Integrity: High, Low, None

        • Availability: High, Low, None

    • Temporal Metrics

      • Exploit Code Maturity (E) – Current state of exploit

        • Not defined (X), High (H), Functional (F), Proof-of-Concept (P), Unproven (U)

      • Remediation Level (RL)

        • Not Defined (X), Unavailable (U), Workaround (W), Temporary Fix (T), Official fix (O)

      • Report Confidence

        • Not defined (X), Confirmed (C), Reasonable (R), Unknown (U)

      • Security Requirements (CR, IR, AR) – Environmental metric

        • Not defined (X), High (H), Medium (M), Low (L)

A picture containing timeline Description automatically generated