Reviewing and Interpreting Scan Reports
Vulnerability scan reports provide analysts with a significant amount of information that assists with the interpretation of the report. In addition to the high-level report examples shown in Chapter 4, “Vulnerability Scanning,” vulnerability scanners provide detailed information about each vulnerability that they identify. Figure 5.1 shows an example of a single vulnerability reported by the Nessus vulnerability scanner.
Let’s take a look at this report, section by section, beginning at the top left and proceeding in a counterclockwise fashion.
At the very top of the report, labeled A, we see two critical details: the name of the vulnerability, which offers a descriptive title, and the overall severity of the vulnerability, expressed as a general category, such as low, medium, high, or critical. In this example report, the scanner is reporting that a server’s Secure Shell...