Owasp vulnerability Management Guide (ovmg) June 1, 2020
Yüklə 1,27 Mb. Pdf görüntüsü
|
|
OWASP Vulnerability Management Guide (OVMG) - June 1, 2020 2 Table of Content I. Foreword ______________________________________________________________________________ 3 About OVMG ___________________________________________________________________________ 3 II. Guide _________________________________________________________________________________ 4 1 Detection Cycle _______________________________________________________________________ 4 1.1 Scope _________________________________________________________________________ 4 1.2 Tools _________________________________________________________________________ 5 1.3 Run Tests ______________________________________________________________________ 6 1.4 Confirm Findings ________________________________________________________________ 7 2 Reporting Cycle _____________________________________________________________________ 8 2.1 Assets Groups __________________________________________________________________ 8 2.2 Metrics _______________________________________________________________________ 9 2.3 Audit Trail ____________________________________________________________________ 10 2.4 Reports ______________________________________________________________________ 11 3 Remediation Cycle _________________________________________________________________ 12 3.1 Prioritize _____________________________________________________________________ 13 3.2 Remediation __________________________________________________________________ 13 3.3 Investigate False Positives (FP) ____________________________________________________ 14 3.4 Exceptions ____________________________________________________________________ 15 III. Figures ______________________________________________________________________________ 17 IV. Reference Table _______________________________________________________________________ 20 OWASP Vulnerability Management Guide (OVMG) - June 1, 2020 3 I. Foreword The objective of this document is to bridge the gaps in information security by breaking down complex problems into more manageable repeatable functions: detection, reporting, and remediation. The guide solely focuses on building repeatable processes in cycles. When implementing, it is recommended to start “small” and then incrementally and continuously refine each task and sub-task in the Cycle. While you, as an individual or an organization, may not know all answers to the questions outlined in the OWASP Vulnerability Management Guide (OVMG or the guide), it should not prohibit your business from becoming more resilient through vulnerability management program adoption. About OVMG The document is organized as follows: There are three cycles (tricycle), each of which has a numeric value and color code. The tasks inside of each Cycle have the corresponding colors and numbers. Yüklə 1,27 Mb. Dostları ilə paylaş:
|