Along with Penetration Testing, Vulnerability Scanning is one of the most insightful methods of testing your business security settings. A vulnerability scan uses a tool to scan an entire network, probing devices and analyzing their configurations. When the scan has commenced, the program will provide you with a list of any discovered security vulnerabilities, their causes, and even remediation instructions. You can then take these discoveries and recommended remediations, and jump back to Stage 3 to implement fixes.
To understand the language of vulnerability scanning, you need to grasp two concepts: CVEs and CVSS.
CVE stands for Common Vulnerabilities and Exposures. CVEs identify vulnerabilities and catalog them, assigning them unique identifiers. A CVE is written in the following format:
CVE - YYYY - NNNNN, where CVE = prefix, YYYY = year of discovery, NNNNN = sequential number for vulnerabilities discovered in said year.
CVSS stands for Common Vulnerability Scoring System, and it complements a CVE by assigning the discovered vulnerability a severity level. The CVSS score ranges and their severity levels are:
0.0 = None
0.1 - 3.9 = Low
4.0 - 6.9 = Medium
7.0 - 8.9 = High
9.0 - 10 = Critical
A vulnerability scan will provide you with both a CVE and its CVSS. You can take this information and use it to cycle back to an earlier stage to begin fixing the vulnerability. The CVSS scores provide you with an automatic ranking of which vulnerabilities to prioritize.
Two mainstream vulnerability scanners are usually recommended:
- Nessus: Proprietary
- Greenbone OpenVAS: Free community edition, with various proprietary tiers afterwards