登录查看更多内容

How can you prioritize security vulnerabilities during testing?

由人工智能和领英社区提供技术支持

Security vulnerabilities are flaws or weaknesses in a system or application that can be exploited by attackers to compromise its confidentiality, integrity, or availability. Testing for security vulnerabilities is a crucial part of network security, but it can also be overwhelming and time-consuming. How can you prioritize security vulnerabilities during testing to focus on the most critical ones and reduce the risk of breaches?

此文章中的业界达人

由社区从 6 条内容中精选。了解更多

1 Assess the impact

The first step to prioritize security vulnerabilities is to assess the impact of each one on your network. The impact is the potential damage or harm that an attacker can cause by exploiting the vulnerability. You can use a scale of low, medium, or high to rate the impact based on factors such as the sensitivity of the data, the functionality of the system, the reputation of the organization, and the legal or regulatory implications. For example, a vulnerability that allows an attacker to access confidential customer information or disrupt essential services would have a high impact, while a vulnerability that only affects a minor feature or a test environment would have a low impact.

添加您的观点

Brandy Gordon MS, PhD(c), MCFE, CSO

CSO | Certified Digital Forensic Examiner| Doctoral Researcher??Cybersecurity Analyst| Malware/Reverse Engineer| Founder| DFIR investigator?? Expert Witness| Assisting in IT Audits and Litigations ? Let's Talk Security
(已编辑)
举报内容
When prioritizing security vulnerabilities, precedence should be given to vulnerabilities that cause the biggest impact and are likely to occur. For example, if a critical business server is down and customers lose access to your services, this will have a big impact on business continuity. However, if the server has several redundant back-ups, then the likelihood of a service loss is low. Therefore, it is important to conduct an estimation analysis on the probability that a risk event will occur. This can be done using techniques such as the "Bayesian Analysis" or the "Event Tree Analysis". Overall, these techniques will help you prioritize security vulnerabilities during testing.

已翻译

赞
Sathyaprakash Sahoo

Head of Product & Security Engineer @ SECUREU | Founding Member
举报内容
Prioritizing security vulnerabilities during penetration testing is a critical aspect. A simple approach is to assess the impact of each vulnerability considering, factors such as level of risk and urgency. 1. Categorize vulnerabilities into critical, high, medium, low and informative 2. Evaluate the business impact of each vulnerability. Not all vulnerabilities might be relevant to an organization 3. Understand the difficulty level for an attacker to exploit the vulnerability. The easier it is to exploit, the more critical the vulnerability 4. Check for available exploits for the same issue as CVE, CWE

已翻译

赞

2 Evaluate the likelihood

The second step to prioritize security vulnerabilities is to evaluate the likelihood of each one being exploited by an attacker. The likelihood is the probability or frequency of an attack occurring based on factors such as the complexity of the exploit, the availability of the exploit code, the exposure of the system, the motivation of the attacker, and the presence of mitigating controls. You can use a scale of low, medium, or high to rate the likelihood based on these factors. For example, a vulnerability that requires advanced skills, specialized tools, or physical access to exploit would have a low likelihood, while a vulnerability that is easy to exploit, widely known, or publicly disclosed would have a high likelihood.

添加您的观点

Stephen Shaffer

Principal Security Engineer @ Moderna ?? | EPSS SIG Co-Chair
举报内容
The Exploit Prediction Scoring System quantifies the likelihood that a CVE will be exploited in the wild in the next 30 days. It is a machine-learning model based on XGBoost that models real-world exploitation data in order to provide a likelihood of exploitation expressed as a decimal between 0 and 1. EPSS has done the heavy lifting for quantifying likelihood for you, and it should be used as a basis for further quantifying likelihood based on organization context.

已翻译

赞
Marcelo Silva

Director of Cybersecurity | Strategic Leader | Advisor | Speaker | Data Security & AI Strategy | Global Experience | 30+ Years in IT & Cyber
举报内容
Evaluating the likelihood of a vulnerability being exploited is a critical aspect to define priorities, and it's addressed by NIST SP 800-30 (appendix G), along with threats, impacts, and security controls that must be in place. In order to evaluate the likelihood we need to analyze historical data on similar vulnerabilities to understand the likelihood of exploitation. Evaluate whether similar vulnerabilities have been exploited in the past and the impact of those incidents. There are frameworks to qualify those risks. Probably to be addressed in a separate article I guess. ;-)

已翻译

赞
Sathyaprakash Sahoo

Head of Product & Security Engineer @ SECUREU | Founding Member
举报内容
The likelihood assessment involves proper analysis of various elements such as - 1. Exploit complexity: A vulnerability requiring advanced skills would be rated as low likelihood of exploitation 2. Availability of exploit code: A vulnerability with a publicly available exploit code is more likely to be exploited 3. System exposure: Systems accessible over the internet to those with a larger attack surface have higher chances of getting exploited

已翻译

赞

3 Calculate the risk

The third step to prioritize security vulnerabilities is to calculate the risk of each one based on the impact and likelihood ratings. The risk is the measure of the potential loss or damage that an attacker can cause by exploiting the vulnerability. You can use a formula such as risk = impact x likelihood to derive a numerical value for the risk, or you can use a matrix or a chart to plot the impact and likelihood on two axes and assign a color code or a label to the risk. For example, a vulnerability that has a high impact and a high likelihood would have a critical risk, while a vulnerability that has a low impact and a low likelihood would have a negligible risk.

添加您的观点

4 Prioritize the remediation

The fourth step to prioritize security vulnerabilities is to prioritize the remediation actions based on the risk ratings. The remediation is the process of fixing or mitigating the vulnerability to prevent or reduce the possibility of an attack. You can use a priority scale of urgent, high, medium, or low to assign the remediation actions based on the risk ratings. For example, a vulnerability that has a critical risk should be remediated urgently, while a vulnerability that has a negligible risk can be remediated later or accepted as part of the risk tolerance. You should also consider the cost, effort, and feasibility of the remediation actions when prioritizing them.

添加您的观点

5 Document the results

The fifth step to prioritize security vulnerabilities is to document the results of your testing and prioritization process. The documentation is the record of the findings, ratings, and actions related to the security vulnerabilities. You should use a consistent and clear format to document the results, such as a report, a spreadsheet, or a dashboard. You should also include relevant information such as the date, the scope, the methodology, the sources, the evidence, the recommendations, and the status of the security vulnerabilities. The documentation will help you communicate the results to the stakeholders, track the progress of the remediation actions, and review the effectiveness of the testing and prioritization process.

添加您的观点

加载更多内容

6 Update the process

The sixth and final step to prioritize security vulnerabilities is to update the process based on the feedback, lessons learned, and changes in the network environment. The process is the set of steps, tools, and criteria that you use to test and prioritize security vulnerabilities. You should review and improve the process regularly to ensure that it is aligned with the best practices, standards, and regulations of network security. You should also adapt the process to the evolving threats, risks, and requirements of your network. Updating the process will help you maintain a high level of network security and resilience.

添加您的观点

7 Here’s what else to consider

This is a space to share examples, stories, or insights that don’t fit into any of the previous sections. What else would you like to add?

添加您的观点

Network Security

+ 关注

给文章评分

我们借助人工智能创建了此文章。您认为这篇文章怎么样？

很棒不太好

举报此文章

查看全部

How can you prioritize security vulnerabilities during testing?

1

2

3

4

5

6

7

1 Assess the impact

2 Evaluate the likelihood

3 Calculate the risk

4 Prioritize the remediation

5 Document the results

6 Update the process

7 Here’s what else to consider

Network Security

给文章评分

感谢您的反馈

更多Network Security相关文章

更多相关阅读内容

How can you prioritize security vulnerabilities during testing?

1

2

3

4

5

6

7

1 Assess the impact

2 Evaluate the likelihood

3 Calculate the risk

4 Prioritize the remediation

5 Document the results

6 Update the process

7 Here’s what else to consider

Network Security

给文章评分

感谢您的反馈

查看其他技能