Your task will be to review, analyze, and report on a log file generated by an automated sample vulnerability scan. Parse a sample vulnerability log and complete the following tasks. A sample file will be moved to Doc Sharing that contains information from a real vulnerability scan. (Note: It is large; about 20MB in size)
Evaluate it, summarizing:
- The total number of vulnerabilities found by the scan
- The total number of unique vulnerabilities found that were critical in nature (i.e., greater than or equal to a CVSS score of 7.0)
- The total number of machines affected with critical vulnerabilities
Select four different specific critical vulnerabilities. Research each of them and write a 1-page summary of each that includes the following details:
- Describe the vulnerability
- When it was discovered
- What the potential impact of the vulnerability is
- Research methods to fix, correct, prevent, or mitigate the vulnerability.
Describe your strategy to remedy these logged vulnerabilities if you owned the site described by the logs.
Please limit your paper to 10 pages.
(Note: There are many sources on the Internet that will reveal this information, from blogs and forums, technical resources, as well as sites such as http://cve.mitre.org, http://csrc.nist.gov/groups/SMA/ate/, https://www.first.org/cvssand so on. Documentation on most vulnerabilities can usually be found by simply searching for the vulnerability name on any browser and perusing the search results.)