Vulnerability scan reports typically include the following:
- Report overview: including overview information such as scanned objects, scanning time, and scanning tools. This information can quickly understand the basic situation of this vulnerability scan.
- Vulnerability statistics: statistics on the number of vulnerabilities classified by severity level (high risk, medium risk, low risk), used to understand the security status of the current system or application.
- Vulnerability List: List the detailed information of each specific vulnerability, including vulnerability name, CVE number, vulnerability description, risk level, solution, etc. This is one of the main contents of the report.
- Vulnerability Details: A more in-depth analysis and description of certain critical or high-risk vulnerabilities, including the principle of vulnerability generation, hazard analysis, and utilization methods, etc., to help readers understand the vulnerabilities and their hazards.
- Solution: For each vulnerability listed in the report, provide an operation plan or configuration suggestion for repairing or mitigating this vulnerability. These solutions are the basis for fixing the vulnerability.
- Risk assessment: assess the degree of impact of the system or assets on the vulnerability, and determine the priority of vulnerability repair. Vulnerabilities with the greatest impact and damage on assets require the highest priority remediation.
- Repair status: List the repair status of each vulnerability, including repaired, partially repaired, unrepaired, etc., to facilitate follow-up tracking of the progress of vulnerability repair.
- Scanning Tool: The name and version information of the signature scanning tool. Some paid leak scanning tools require authorization.
Therefore, a relatively complete vulnerability scanning report should include a summary, list, and details of vulnerabilities, provide repair plans and risk assessments, and track the status of vulnerability repairs.