Chapter 5
Analyzing Vulnerability Scans
THIS CHAPTER COVERS THE FOLLOWING COMPTIA PENTEST+ EXAM OBJECTIVES:
Domain 2: Information Gathering and Vulnerability Identification
- 2.3 Given a scenario, analyze vulnerability scanning results.
- Asset categorization
- Adjudication
- False positives
- Prioritization of vulnerabilities
- Common themes
- Vulnerabilities
- Observations
- Best Practices
- 2.5 Explain weaknesses related to specialized systems.
- ICS
- SCADA
- Mobile
- IoT
- Embedded
- Point-of-sale system
- Application containers
- RTOS
Domain 4: Penetration Testing Tools
- 4.2 Compare and contrast various use cases of tools.
- Use cases
- Vulnerability scanning
- Use cases
Penetration testers spend a significant amount of time analyzing and interpreting the reports generated by vulnerability scanners, in search of vulnerabilities that may be exploited to gain a foothold on a target system. Although scanners are extremely effective at automating the manual work of vulnerability identification...