Which vulnerability catalog creates a list of publicly known vulnerabilities, each assigned an ID number, description, and reference?
- CVE
- CVSS
- OWASP WSTG
- NIST SP 800-115
|
Explanation & Hint: Vulnerability scanners rely heavily on catalogs of known vulnerabilities. The two catalogs of known vulnerabilities that a cybersecurity analyst should be familiar with are Common Vulnerabilities and Exposures (CVE), which is a list of publicly known vulnerabilities, each assigned an ID number, description, and reference, and Common Vulnerability Scoring System (CVSS), which provides a score from 0 to 10 that indicates the severity of a vulnerability. OWASP WSTG is a comprehensive guide focused on web application testing. NIST SP 800-115 is a document to provide organizations with guidelines on planning and conducting information security testing. |