Chapter 11

Performing Vulnerability Management Activities

This chapter covers the following topics:

  • Vulnerability Scans: This section covers credentialed vs. non-credentialed scans, agent-based/server-based scans, criticality ranking, and active vs. passive scans.

  • Security Content Automation Protocol (SCAP): This section describes Extensible Configuration Checklist Description Format (XCCDF), Open Vulnerability and Assessment Language (OVAL), Common Platform Enumeration (CPE), Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS), Common Configuration Enumeration (CCE), and Asset Reporting Format (ARF).

  • Self-assessment vs. Third-Party Vendor Assessment: This section compares and contrasts these two approaches ...

Get CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.