Overview
-
Prioritize the vulnerabilities in your environment using the Common Vulnerability Scoring System (CVSS). Learn how to apply CVSS scores to effectively assess risk.
Syllabus
-
Introduction
- Welcome to this course
- Case study: Red30 technology
- Vulnerability risk assessment
- Vulnerability types and their causes
- Methods for fixing vulnerabilities
- Common terms in vulnerability management
- Intro to the Common Vulnerability Scoring System (CVSS)
- Core elements of CVSS v3.1
- CVSS v3.1 formula
- Making sense of the CVSS vector string
- The CVSS base metric group
- The attack vector metric
- How attack complexity affects risk
- The effects of the privileges required metric on risk
- User interaction and vulnerability risk
- Confidentiality, integrity, and availability impact metrics
- Security scope in CVSS
- Challenge
- Solution
- How exploit code maturity affects risk
- How remediation level affects risk
- How report confidence affects risk
- Confidentiality, integrity, and availability requirement
- Modified base metrics in CVSS
- Using CVSS scores
- CVSS severity rating scale
- Using CVSS scoring in the enterprise
- Remediating vulnerabilities
- Accepting vulnerability risks
- Challenge
- Solution
- Next steps
