Join Mike Chapple for an in-depth discussion in this video Interpreting CVSS scores, part of SSCP Cert Prep: 3 Risk Identification, Monitoring, and Analysis.
- [Instructor] Once we've assigned ratings…to the six individual CVSS metrics,…we can combine them to determine the CVSS score.…Let's take a look at an example…using a real scan report.…Here's a SQL injection vulnerability report from Nessus.…You've seen this report before.…If I scroll down past the initial information…about the vulnerability, the description,…and the solution, I see the CVSS base score…assigned to this vulnerability.…This long character string provides me…with some important information.…
First, the number provides the CVSS summary score…for this vulnerability.…It has a CVSS score of 7.5.…Then the long string that appears next…to the number, in parentheses,…describes the values assigned to each one…of the six CVSS metrics.…Let's explore that string piece by piece.…The first metric is the attack vector.…Here, the attack vector is set…to a value of N for Network.…An attacker can exploit this SQL injection vulnerability…remotely over the network.…
AC:L means that the access complexity is low.…It would be easy for an attacker to…
- Risk management actions
- Ongoing risk management
- Risk management frameworks
- Scanning for threats and vulnerabilities
- Advanced vulnerability scanning
- Monitoring log files
- Code review and code tests
- Test coverage analysis
Skill Level Intermediate
Q: This course was updated on 05/18/2018. What changed?
A: New videos were added that cover identifying threats, understanding attacks, technology and process remediation, remediating vulnerabilities, and security monitoring. In addition, the following topics were updated: risk management and monitoring log files.
IT Security Foundations: Core Conceptswith Lisa Bock1h 13m Beginner
Insights from a Cybersecurity Professionalwith Mike Chapple32m 15s Intermediate
1. Risk Management
2. Threat Modeling
3. Threat Assessment
4. Remediating Vulnerabilites
5. Security Monitoring
6. Software Testing
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.