16 Explain various activities associated with vulnerability management

Introduction

This chapter covers the third objective of Domain 4.0, Security Operations, of the CompTIA Security+ 701 exam.

In this chapter, we will review vulnerability identification methods, including application security, and consider sources of information, such as threat feeds, Open Source Intelligence (OSINT), penetration testing (pen testing), and a bug bounty, and the scoring and classification of this data, using the Common Vulnerability Scoring System (CVSS) and vulnerability classification, respectively. We will finish the chapter with an exploration of vulnerability remediation and the creation of a management report.

This chapter will give you an overview of ...

Get CompTIA Security+ SY0-701 Certification Guide - Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

CompTIA Security+ SY0-701 Certification Guide - Third Edition by Ian Neil

16

Explain various activities associated with vulnerability management

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly