Exam Objective 4.3
Explain various activities associated with vulnerability management.
- Identification methods:
- Vulnerability scan: An automated system checks for weaknesses
- Application security: Evaluating software for potential vulnerabilities
- Threat feed: Gathering data on emerging threats
- Penetration testing: Simulating cyberattacks to uncover vulnerabilities
- Dark web: Monitoring hidden online spaces for risks
- Static analysis: Examining code for vulnerabilities without execution
- Dynamic analysis: Evaluating software during execution for vulnerabilities
- Package monitoring: Tracking software component vulnerabilities
- Open-source intelligence (OSINT): Gathering public information for insights
- ISO: Collaborative efforts to share threat data
- Responsible disclosure program: Reporting and addressing vulnerabilities ethically
- Bug bounty program: Rewarding individuals for finding and reporting vulnerabilities
- System/process audit: Comprehensive review of systems and processes
- Analysis:
- Confirmation...