📋
A Journey From IT to IT Security
  • IT Training Resources
  • IT Security Roles
    • Web Application Security Specialist
      • Training Guide
      • Self-hosted Training Lab
        • Vulnerable Web Apps
      • Web Security testing Methodology
        • 1 Footprinting
        • 2 Scanning
        • 3 Enumeration
        • 4 Gaining Access
        • 5 Maintain Access
        • 6 Covering Tracks
        • 7 Vulnerability assessment
    • DevSecOps Engineer
      • Training Guide
      • Building a DevSecOps CD/CI Pipeline
        • Self-hosted DevOps CD/CI platforms
        • Software Component Analysis (SCA)
        • Static Application Security Testing (SAST)
        • Dynamic Application Security Testing (DAST)
        • System Hardening
        • System Compliance Analysis
        • Vulnerability Analysis
      • Ready-to-use and train DevSecOps CD/CI Pipeline
    • Chief Information Security Officer (CISO)
    • Digital Forensics Investigator
      • Forensics Methodology
    • Cloud Security Engineer
      • Getting started with kubernetes
  • Resources
    • IT Basics
      • Networking Basics Study Guide
      • RBAC / ABAC
      • Anonymous Surfing
      • Python Programming
      • Infrastructure as code
      • Containers
        • Docker
        • Docker security
      • The Security Development Lifecycle (SDL)
    • Literature
    • Useful Tool Tutorials
    • Useful Online Tools
    • Exploits
  • Unsorted
    • Gitlab-ci with docker-compose
Powered by GitBook
On this page
  • Vulnerability scanning tools often refer to a CVSS score for each item. You should know the severity levels of this table in order to choose when to fail a build stage.
  • Passive Assessment
  • External Assessment/Internal Assessment
  1. IT Security Roles
  2. Web Application Security Specialist
  3. Web Security testing Methodology

7 Vulnerability assessment

Previous6 Covering TracksNextDevSecOps Engineer

Last updated 3 years ago

Vulnerability scanning tools often refer to a CVSS score for each item. You should know the severity levels of this table in order to choose when to fail a build stage.

Rating

CVSS Score

None

0.0

Low

0.1 - 3.9

Medium

4.0 - 6.9

High

7.0 - 8.9

Critical

9.0 - 10.0

Tools: scanning tools, nmap, openVAS,SolarWinds, nikto, AngryIP, wireshark

Passive Assessment

tools: wirkeshark, sniffing tools

External Assessment/Internal Assessment

LogoCVSS v3.1 Specification DocumentFIRST — Forum of Incident Response and Security Teams