cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Newcomer I

Vulnerability Assessment/Reports

Would anyone out there have a vulnerability assessment/report they could provide to me so I can get a better understanding of what information, format and the length one should contain?

Thank you,
Justin Jordan
12 Replies
Highlighted
Anonymous
Not applicable

Re: Vulnerability Assessment/Reports

i think maybe you can find a good information in google about it and can find good samples

take a look at this one and you can find many others:

https://www.giac.org/paper/gcux/241/public-servers-vulnerability-assessment-report/101868

Highlighted
Newcomer I

Re: Vulnerability Assessment/Reports

Honestly there are many formats, but one things to keep in mind is what scoring type you use or want. My advice is to use one that matches what you use in your risk management program. Using government NIST for example then use CVSS model. Many of the main line vulnerability scanning softwares out there allow you to set preferences on reporting and provide different types of report formats, PDF, CSV, and excel as examples . Hope that helps?
Wes D, CISSP
Highlighted
Newcomer I

Re: Vulnerability Assessment/Reports

I've found it useful to have a go with one of the scanners as this will give you an actual live report.  Openvas is a free one that you can download and will just require a virtual machine to get started.  GFI Languard and Nessus offer 30 day + evaluations to have a go with a paid product.  The report results differ with the type of device and scan you perform.  What are you wanting to do a report on?

Highlighted
Viewer

Re: Vulnerability Assessment/Reports

Appendix K of the NIST Guide for Conducting Risk Assessments provides with a list of potentially all the information that your report should include. The length of the report is dependent on your writing style but should be long enough to cover the requirements that you are seeking to fulfill and with enough detail to show that you know what you are talking about.