Martian Defense NoteBook
  • Martian Defense Notebook
  • Training and Career
    • Keeping it Real for Beginners
    • Reading and Repos
    • Media
    • Guides
      • Cybersecurity Roadmaps
      • Cybersecurity Training Topics
      • AppSec Training Pathway
      • Interview Checklist
    • Platforms
      • General
      • Offensive Security
      • Defensive Security
      • CTF Sites
      • Live Vulnerable Sites
    • Entrepreneurship Roadmaps
      • Consulting
      • Starting a Business
  • Technical Resources
    • Offensive-Cybersecurity
      • Application Security
      • General
      • Recon + OSINT
      • Infrastructure Pentesting
      • Cloud Pentesting
      • Wordlists
      • Social Engineering
      • Mobile Pentesting
      • Container Security
      • Blockchain
    • Defensive-Cybersecurity
    • General Cybersecurity
      • Cybersecurity Operating Systems
    • Coding/Programming
    • Reverse Engineering
    • AI and ML
  • Notes
    • Product Security Engineering
      • DevSecOps
        • Docker
          • How to Dockerize Applications with Docker Compose (Using SQLite and Flask)
      • SAST/SCA
        • How to setup a GitHub Action for Code Security analysis
        • JavaScript Security Analysis
        • Java Security 101
        • Tools
        • CodeQL for Beginners
      • Product Security Hardening
      • Threat Modeling
      • PHP Security
    • AppSec Testing
      • Checklists
        • WEB APP PENTESTING CHECKLIST
        • API Testing Checklist
        • Android Pentesting Checklist
        • IoS Pentesting Checklist
        • Thick Client Pentesting Checklist
        • Secure Code Review Checklist
      • Targeted Test Cases
        • Part 1
        • Part 2
      • Common Web Attack and Prevention List
      • Ports and associated Vectors
      • DNS
      • Web Tools
      • Command Injection Testing
      • JWTs and JSON
    • Security Research
      • Publishing CVEs
      • Threat Intelligence
      • Shodan Dork Cheatsheet
      • Github Dorks
      • Bug Bounty
        • Bug Bounty Programs
      • Forums
    • Coding/Programming
      • Secure Coding Practices Checklist
      • JavaScript
      • Python
        • Quick Notes
        • Python Basics for Pentesters
        • Python Snippets
        • XML Basics with Python
      • Golang
        • Theory
        • Security
        • Modules
        • Entry Points
        • File Forensics
        • Cryptography and Encoding
        • Golang Snippets
      • PHP
        • Setup
        • Syntax
        • Variables and Data Types
        • Control Structures
        • Arrays
        • Functions
        • OOP Concepts
        • Database Integration
        • Handling HTTP Methods
        • Session Management
        • File Uploads
        • Email Function
        • Error Handling
        • Advanced Topics and Best Practices
    • Network Security
      • Domain Trust Enumeration
      • Bleeding Edge Vulnerabilities
      • Post-Exploitation
      • Access Control Lists and Entries (ACL & ACE)
      • Credentialed Enumeration
      • Password Attacks
        • Internal Password Spraying
        • Remote Password Attacks
        • Linux Local Password Attacks
        • Windows Local Password Attacks
        • Windows Lateral Movement
      • PowerView
      • Pivoting, Tunneling and Forwarding
        • Advanced Tunneling Methods
        • Dynamic Port Forwarding (SSH + Socks)
        • Port Forwarding Tools
        • SoCat
      • Linux Privilege Escalation
      • Windows Privesc
        • OS Attacks
        • Windows User Privileges
        • Windows Group Privileges
        • Manual Enumeration
        • Credential Theft
      • Kerberos Attacks
        • Kerberos Quick Reference Sheet
    • Cloud Security Testing
    • Defensive Security
      • Splunk
        • Basic Queries
        • Dashboards
      • Forensics
        • Volatility
      • WireShark filters
    • Governance, Risk, Compliance
      • Vulnerability Management Lifecycle
    • Capture-the-Flag Training
      • Vulnerable Machine Checklist
      • Reverse Engineering Checklist
      • Mobile Checklist
      • Forensics Checklist
      • Binary Exploitation
      • Cryptography Checklist
    • Reporting
    • PowerShell
    • Linux Basics
    • Basic IT Tasks
  • Digital Privacy and Hygiene
    • Personal Information Removal Services
    • De-Googling Android
    • DNS Services
    • Privacy References
    • Opsec
  • RedPlanet Labs
    • PyGOAT
    • OWASP Juice Shop
Powered by GitBook
On this page
  • Discovery
  • Prioritize Assets
  • Assess
  • Reporting
  • Remediate
  • Verify
  • VM Lifecycle Challenges
  1. Notes
  2. Governance, Risk, Compliance

Vulnerability Management Lifecycle

The VM Lifecycle represents the process and series of critical stages to identify and remediate vulnerabilities/weakness to attacks and exploitation of discovered findings.

Discovery

Detect and interrogate system assets

  • Devices, platforms, applications

Identify all assets

  • Identify assets that need to be monitored

  • The intent is to ensure no vulnerable devices are overlooked

Prioritize Assets

Determines the priority of discovered assets

  • What assets are most business-critical?

  • What assets require immediate attention?

  • Helps focus resources

Patching all assets at once is likely not feasible. Ensure to collaborate with asset owners and stakeholders to determine asset priorities

Assess

Determines if a vulnerability exists in the system

  • Compares assets to known vulnerabilities

  • Determine Risk score (CVSS, VRT, etc)

Reporting

Presents assets and vulnerabilities in a form to view findings

  • Compile discovery with identified vulnerabilities

  • Usually categorized by priority, location, etc

  • Tailor reports for various audiences

Remediate

Takes action on a vulnerability

  • Apply patches

  • Initiate compensating controls

  • Accept the vulnerability/risk

Verify

Verifies that a remediation was successful or effective

  • Was vulnerability resolved?

  • Is further action needed?

VM Lifecycle Challenges

Incomplete asset information - Effective discovery requires both asset identification and the information about the contents of each asset

Incomplete asset lists - Out-of-date asset lists and mixed data sources can prevent discovery from providing complete asset accountability for a thorough risk evaluation

Overwhelming scan data - Prioritization helps target efforts for the most critical assets from the most serious threats

Organizational communication - Frequent communication, reports, system dashboards, and notifications help keep teams informed for required patching/updates

Vulnerability Identification - Vulnerability data must be up to data and relevant from authoritative sources

Timely Remediation - Efforts must be timely, organized, and effective with specific assignments and accountability

Process Tracking - Verification helps assure that remediation is successful with no new vulnerabilities exposed

PreviousGovernance, Risk, ComplianceNextCapture-the-Flag Training

Last updated 5 months ago