Validating a Vulnerability
You've scanned your targets and identified potential vulnerabilities. The next step is to determine whether or not those vulnerabilities present a real risk. To validate a vulnerability, you have a couple of options: the Vulnerability Validation Wizard or manual validation.
The Vulnerability Validation Wizard
The Vulnerability Validation Wizard provides an all-in-one interface that guides you through importing and exploiting vulnerabilities discovered by Nexpose. It enables you quickly determine the exploitability of those vulnerabilities and share that information with Nexpose. This feature is extremely handy if you use Nexpose to find and manage vulnerabilities.
Learn more about the Vulnerability Validation Wizard.
Manual validation requires a bit more legwork than the wizard. This method provides you with much more control over the vulnerabilities that are targeted. It is generally used when you want to validate individual vulnerabilities or vulnerabilities discovered by other third-party scanners like Qualys or Nessus.
When you perform manual validation, you will need to set up a penetration test as you normally would, which includes creating a project and adding vulnerability data via import or scan. Then, you need to try to exploit each vulnerability to determine whether or not they are valid threats. If the vulnerabilities were discovered by Nexpose, you have the option to send the results Nexpose.
Learn more about how you can validate vulnerabilities discovered by Nexpose.