Security specialty

Vulnerability Management

Browse every cataloged workflow for vulnerability management, with source context, tags, and security framework mappings intact.

Complete collection

Skills in this domain

25 skills

cybersecuritySkill

Building Patch Tuesday Response Process

Establish a structured operational process to triage, test, and deploy Microsoft Patch Tuesday security updates within risk-based remediation SLAs.

Vulnerability Management
microsoftpatch-managementpatch-tuesdaysccm+3
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Building Vulnerability Aging and SLA Tracking

Implement a vulnerability aging dashboard and SLA tracking system to measure remediation performance against severity-based timelines and drive accountability.

Vulnerability Management
aging-reportcompliancekpiremediation-metrics+3
ATT&CK, 3 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Building Vulnerability Dashboard with DefectDojo

Deploy DefectDojo as a centralized vulnerability management dashboard with scanner integrations, deduplication, metrics tracking, and Jira ticketing workflows.

Vulnerability Management
dashboarddeduplicationdefectdojodevsecops+3
ATT&CK, 3 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Building Vulnerability Exception Tracking System

Build a vulnerability exception and risk acceptance tracking system with approval workflows, compensating controls documentation, and expiration management.

Vulnerability Management
compensating-controlsexception-trackinggovernancerisk-acceptance+2
ATT&CK, 2 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Exploiting Vulnerabilities with Metasploit Framework

The Metasploit Framework is the world's most widely used penetration testing platform, maintained by Rapid7. It contains over 2,300 exploits, 1,200 auxiliary modules, and 400 post-exploitation modules. Within vulnerability management, Metasploit serves as a validation tool to confirm that identified vulnerabilities are actually exploitable, enabling risk-based prioritization and demonstrating real-world impact to stakeholders.

Vulnerability Management
cveexploitationmetasploitpenetration-testing+2
ATT&CK, 3 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Attack Path Analysis with XM Cyber

Deploy XM Cyber's continuous exposure management platform to map attack paths, identify choke points, and prioritize the 2% of exposures that threaten critical assets.

Vulnerability Management
attack-path-analysisattack-surfacebreach-simulationchoke-points+3
ATT&CK, 3 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Cloud Vulnerability Posture Management

Implement Cloud Security Posture Management using AWS Security Hub, Azure Defender for Cloud, and open-source tools like Prowler and ScoutSuite for multi-cloud vulnerability detection.

Vulnerability Management
aws-security-hubazure-defendercloud-securitycnapp+4
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Continuous Security Validation with BAS

Deploy Breach and Attack Simulation tools to continuously validate security control effectiveness by safely emulating real-world attack techniques across the kill chain.

Vulnerability Management
attackiqbasbreach-attack-simulationcymulate+4
ATT&CK, 10 mappingsNIST CSF, 4 mappingsD3FEND, 5 mappings
cybersecuritySkill

Implementing EPSS Score for Vulnerability Prioritization

Integrate FIRST's Exploit Prediction Scoring System (EPSS) API to prioritize vulnerability remediation based on real-world exploitation probability within 30 days.

Vulnerability Management
cvssepssexploit-predictionfirst+3
ATT&CK, 3 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Patch Management Workflow

Patch management is the systematic process of identifying, testing, deploying, and verifying software updates to remediate vulnerabilities across an organization's IT infrastructure. An effective patch management workflow reduces the attack surface while minimizing operational disruption through structured testing, approval gates, and phased rollouts.

Vulnerability Management
ansiblepatch-managementrisksccm+2
ATT&CK, 3 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Rapid7 InsightVM for Scanning

Deploy and configure Rapid7 InsightVM Security Console and Scan Engines for authenticated and unauthenticated vulnerability scanning across enterprise environments.

Vulnerability Management
asset-discoveryauthenticated-scanninginsightvmnexpose+3
ATT&CK, 3 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Vulnerability Management with Greenbone

Deploy and operate Greenbone/OpenVAS vulnerability management using the python-gvm library to create scan targets, execute vulnerability scans, and parse scan reports via GMP protocol.

Vulnerability Management
compliancegmpgreenboneopenvas+3
ATT&CK, 4 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Vulnerability Remediation SLA

Vulnerability remediation SLAs define mandatory timeframes for patching or mitigating identified vulnerabilities based on severity, asset criticality, and exploit availability. Effective SLA programs drive accountability, ensure consistent remediation timelines, and provide measurable KPIs for vulnerability management maturity.

Vulnerability Management
cvepatch-managementremediationrisk+2
ATT&CK, 3 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Vulnerability SLA Breach Alerting

Build automated alerting for vulnerability remediation SLA breaches with severity-based timelines, escalation workflows, and compliance reporting dashboards.

Vulnerability Management
alertingcomplianceescalationremediation-tracking+3
ATT&CK, 3 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Performing Active Directory Vulnerability Assessment

Assess Active Directory security posture using PingCastle, BloodHound, and Purple Knight to identify misconfigurations, privilege escalation paths, and attack vectors.

Vulnerability Management
active-directoryad-securitybloodhoundkerberos+4
ATT&CK, 11 mappingsNIST CSF, 4 mappingsD3FEND, 5 mappings
cybersecuritySkill

Performing Agentless Vulnerability Scanning

Configure and execute agentless vulnerability scanning using network protocols, cloud snapshot analysis, and API-based discovery to assess systems without installing endpoint agents.

Vulnerability Management
agentless-scanningcloud-securitysnapshot-analysisssh+4
ATT&CK, 5 mappingsNIST CSF, 4 mappingsAI RMF, 3 mappings
cybersecuritySkill

Performing Asset Criticality Scoring for Vulns

Develop and apply a multi-factor asset criticality scoring model to weight vulnerability prioritization based on business impact, data sensitivity, and operational importance.

Vulnerability Management
asset-classificationasset-criticalitybusiness-impactcmdb+3
ATT&CK, 3 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Performing Authenticated Scan with OpenVAS

Configure and execute authenticated vulnerability scans using OpenVAS/Greenbone Vulnerability Management with SSH and SMB credentials for comprehensive host-level assessment.

Vulnerability Management
authenticated-scancredentialed-scangreenbonegvm+3
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Performing Authenticated Vulnerability Scan

Authenticated (credentialed) vulnerability scanning uses valid system credentials to log into target hosts and perform deep inspection of installed software, patches, configurations, and security settings. Compared to unauthenticated scanning, credentialed scans detect 45-60% more vulnerabilities with significantly fewer false positives because they can directly query installed packages, registry keys, and file system contents.

Vulnerability Management
authenticated-scanningcredentialscvenessus+3
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Performing CVE Prioritization with KEV Catalog

Leverage the CISA Known Exploited Vulnerabilities catalog alongside EPSS and CVSS to prioritize CVE remediation based on real-world exploitation evidence.

Vulnerability Management
bod-22-01cisa-kevcveepss+3
ATT&CK, 3 mappingsNIST CSF, 4 mappingsATLAS, 3 mappingsAI RMF, 3 mappings
cybersecuritySkill

Performing Web Application Scanning with Nikto

Nikto is an open-source web server and web application scanner that tests against over 7,000 potentially dangerous files/programs, checks for outdated versions of over 1,250 servers, and identifies version-specific problems on over 270 servers. It performs comprehensive tests including XSS, SQL injection, server misconfigurations, default credentials, and known vulnerable CGI scripts.

Vulnerability Management
cveniktoowasprisk+2
ATT&CK, 3 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Performing Web Application Vulnerability Triage

Triage web application vulnerability findings from DAST/SAST scanners using OWASP risk rating methodology to separate true positives from false positives and prioritize remediation.

Vulnerability Management
burp-suitedastfalse-positiveowasp+5
ATT&CK, 3 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Prioritizing Vulnerabilities with CVSS Scoring

The Common Vulnerability Scoring System (CVSS) is the industry standard framework maintained by FIRST (Forum of Incident Response and Security Teams) for assessing vulnerability severity. CVSS v4.0 (released November 2023) introduces refined metrics for more accurate scoring. This skill covers calculating CVSS scores, interpreting vector strings, and using CVSS alongside contextual factors like EPSS and CISA KEV for effective vulnerability prioritization.

Vulnerability Management
cvecvssnistprioritization+2
ATT&CK, 3 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Scanning Infrastructure with Nessus

Tenable Nessus is the industry-leading vulnerability scanner used to identify security weaknesses across network infrastructure including servers, workstations, network devices, and operating systems. This skill covers configuring scan policies, running authenticated and unauthenticated scans, interpreting results, and integrating Nessus into continuous vulnerability management workflows.

Vulnerability Management
cveinfrastructure-scanningnessusrisk+2
ATT&CK, 4 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Triaging Vulnerabilities with SSVC Framework

Triage and prioritize vulnerabilities using CISA's Stakeholder-Specific Vulnerability Categorization (SSVC) decision tree framework to produce actionable remediation priorities.

Vulnerability Management
cisacvssdecision-treeremediation+4
ATT&CK, 3 mappingsNIST CSF, 4 mappings