Introduction to Hacking
◾
13
There are different ways for representing vulnerability assessment outputs
in the form of graph-
ical charts. Personally, I include two graphs; the first one classifies the vulnerability assessment on
the basis of the severity and the second one on percentage.
Vulnerabilities
by severity
Percent of vulnerabilities by severity
8
7
6
5
4
3
2
1
0
Critical
Critical
High
High
Medium
Medium
29%
21%
0%
50%
Low/info
Low/info
0
3
4
7
Next, I include a “vulnerabilities breakdown” chart, where I talk about the findings for a par-
ticular host followed by the number of vulnerabilities that were found.
Vulnerabilities breakdown
S #
IP
Address
Hostname
Critical
High
Medium
Low/Info
0
0
7
4
14
6
3
2
Services.rafayhackingarticles.net
Tools.rafayhackingarticles.net
1
2
192.254.236.66
192.254.236.67
Tabular Summary
A tabular summary is also a great way to present the findings of a vulnerability assessment to a
customer. The following screenshot comes directly from the “NII Report” and summarizes the
vulnerability assessment based upon the number of live hosts and also talks about the number of
findings with high,
moderate, or low risk.
Category
Systems vulnerability assessment summary
Description
Number of live hosts
50
14
6
9
High, medium, and info severity
vulnerabilities
Number of vulnerabilities
29