From the course: Implementing a Vulnerability Management Lifecycle
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Validate reported vulnerabilities
From the course: Implementing a Vulnerability Management Lifecycle
Validate reported vulnerabilities
- [Instructor] Now that you've generated a report, it's almost time to turn these vulnerabilities into actionable mitigation plans. But first, you need to validate that each vulnerability on the report exists on the computers indicated. And second, you need to ensure the severity level of each vulnerability is correct for your situation. As I've said before, vulnerability scanners, like any other tool, are not 100% accurate all the time. A false positive occurs when the scanner believes that it's found a vulnerability that does not actually exist. Here's some questions that you can ask to identify a false positive. Is this vulnerability for a product or service that's not installed on the scanned computer? Maybe the scanner got confused and there is a vulnerability, but not what's described in the report. Also ask yourself, does the version of the software detected by the scanner match the version that's actually…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.