Owasp vulnerability Management Guide (ovmg) June 1, 2020
Yüklə 1,27 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- 1 Detection Cycle
|
1 Detection #FB027F
2 Reporting #FDCC65 3 Remediation #66CCFE Each Cycle is a domain that comprises four main processes. Each process is essentially a Task that includes a to-do list. The order of these lists is logical but could be adjusted to fit your objectives. All tasks have “Inputs” and “Outputs.” For example, the task “Scope” feeds into multiple processes: set-up of the security tools for vulnerability testing, grouping the assets for scans and reports, prioritizing remediation, applying metrics in vulnerability reports, and defining what is acceptable and what is not. The “Outputs” of the Scope may be impacted by changes coming from the “Inputs.” This is imperative to remember! Your Scope changes as you receive feedback from reports and exceptions. The cyclical nature of vulnerability management implies continuous process improvement, and it is crucial to understand how a single process feeds into other processes and how all tasks are interconnected across three domains. The official web page of the OVMG contains a GIF animation that illustrates connections among all tasks in the tricycle. OWASP Vulnerability Management Guide (OVMG) - June 1, 2020 4 II. Guide 1 Detection Cycle During the detection cycle, we conduct the tasks that support vulnerability tests in essential ways by defining the: who, what, where, why, and how. The principal activities are focused on defining and refining the scope after each round of the tricycle, getting tools ready and verifying their integrity, conducting tests, and verifying results. 1.1 Scope 1.1 TASK INPUT OUTPUT Yüklə 1,27 Mb. Dostları ilə paylaş:
|