Typical vulnerability lifecycle has the following steps:
- Discover
- Prioritize Assets
- Assess
- Report
- Remediate
- Verify
Vulnerability Scanning -> Discover + Scan + Report
Vulnerability Assessment -> Discover + Scan + Prioritize (Asset + Vulnerability) + Report
Penetration Testing -> Discover + Scan + Exploit + Report
Vulnerability Management -> Discover + Scan + Prioritize (Asset + Vulnerability) + Report + Remediate + Verify
Although PT lifecycle is different from VM lifecycle, the steps mentioned in PT are for comparison purpose only. Also as a VM analyst, one has to manage exceptions and analyze false positives which I think can be considered a part of "Remediate" step.
Happy Learning !!
No comments:
Post a Comment