Reviewing and Interpreting Scan Reports
Vulnerability scan reports provide analysts with a significant amount of information that assists with the interpretation of the report. In addition to the high-level report examples shown in Chapter 3, “Designing a Vulnerability Management Program,” vulnerability scanners provide detailed information about each vulnerability that they identify. Figure 4.1 shows an example of a single vulnerability reported by the Nessus vulnerability scanner.
Let’s take a look at this report, section by section, beginning in the top left and proceeding in a counterclockwise fashion.
At the very top of the report, we see two critical details: the name of the vulnerability, which offers a descriptive title, and the overall severity of the vulnerability, expressed as a general category, such as low, medium, high, or critical. In this example report, the scanner is reporting that a server’...