From the course: Security Testing: Vulnerability Management with Nessus
Join today to access over 22,700 courses taught by industry experts or purchase this course individually.
Correlating scan results - Nessus Tutorial
From the course: Security Testing: Vulnerability Management with Nessus
Correlating scan results
- [Instructor] In addition to validating your scan results to eliminate false-positive reports and remove documented exceptions, you'll also want to correlate scan reports with other information available to you. The first source of information you should consult are any industry standards, best practices, or compliance obligations that are relevant to your organization. These standards may provide specific guidance on the types of vulnerabilities that require more urgent remediation. For example, PCI DSS contains some very specific guidance on vulnerability scanning. Here's a quote from the standard: To demonstrate compliance, a scan must not contain high-level vulnerabilities in any component in the cardholder data environment. Generally, to be considered compliant, none of those components may contain any vulnerability that has been assigned a Common Vulnerability Scoring System, CVSS, Base score equal to or higher than 4.0. That's very explicit guidance. That is very helpful to an…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.