April 2024
Intermediate to advanced
288 pages
7h 33m
English
Content preview from Effective Vulnerability Management
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
7Vulnerability Chaining
Vulnerability chaining is defined as the usage of multiple vulnerabilities to create critical cyberattacks in the FIRST CVSS User Guide (www.first.org/cvss/v3.0/user-guide). The use of multiple vulnerabilities in combination is a common tactic used by hackers and red teamers to compromise systems. Vulnerability chaining, however, isn't typically defined in Vulnerability Management Programs (VMPs), or used as a technique for prioritization and remediation.
This chapter will explore the use of vulnerability chains within a cybersecurity program, specifically in the remediation aspect of VMPs. Examples of chained vulnerabilities will be provided, including possible remediation paths for each situation. Each organization will have its own unique vulnerability considerations, but each scenario will provide a path forward to implementing chained vulnerabilities into their cybersecurity programs.
Vulnerability Chaining Attacks
Vulnerability chaining attacks have only recently become part of the mainstream conversation of vulnerability management, but they have been leveraged by advanced persistent threat (APT) groups for many years. Some documentation links vulnerability chaining directly to APT-type attacks, including a 2020 article by the Cybersecurity and Infrastructure Security Agency (CISA) on how APT groups leverage vulnerability chains against critical infrastructure and election organizations (read the article at www.cisa.gov/news-events/cybersecurity-advisories/aa20-283a ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.