Skip to Main Content
Effective Vulnerability Management
book

Effective Vulnerability Management

by Chris Hughes, Nikki Robinson
April 2024
Intermediate to advanced content levelIntermediate to advanced
288 pages
7h 33m
English
Wiley
Content preview from Effective Vulnerability Management

7Vulnerability Chaining

Vulnerability chaining is defined as the usage of multiple vulnerabilities to create critical cyberattacks in the FIRST CVSS User Guide (www.first.org/cvss/v3.0/user-guide). The use of multiple vulnerabilities in combination is a common tactic used by hackers and red teamers to compromise systems. Vulnerability chaining, however, isn't typically defined in Vulnerability Management Programs (VMPs), or used as a technique for prioritization and remediation.

This chapter will explore the use of vulnerability chains within a cybersecurity program, specifically in the remediation aspect of VMPs. Examples of chained vulnerabilities will be provided, including possible remediation paths for each situation. Each organization will have its own unique vulnerability considerations, but each scenario will provide a path forward to implementing chained vulnerabilities into their cybersecurity programs.

Vulnerability Chaining Attacks

Vulnerability chaining attacks have only recently become part of the mainstream conversation of vulnerability management, but they have been leveraged by advanced persistent threat (APT) groups for many years. Some documentation links vulnerability chaining directly to APT-type attacks, including a 2020 article by the Cybersecurity and Infrastructure Security Agency (CISA) on how APT groups leverage vulnerability chains against critical infrastructure and election organizations (read the article at www.cisa.gov/news-events/cybersecurity-advisories/aa20-283a ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Practical Vulnerability Management

Practical Vulnerability Management

Andrew Magnusson

Publisher Resources

ISBN: 9781394221202Purchase Link