Skip to content

Vulnerability Management Workflow

Systematic approach to tracking, prioritizing, and remediating security vulnerabilities.

Overview

Duration: Ongoing process
Difficulty: Beginner to Intermediate
Use Case: Continuous vulnerability management, risk reduction

Vulnerability Management Lifecycle

graph LR
    A[Discover] --> B[Assess]
    B --> C[Prioritize]
    C --> D[Remediate]
    D --> E[Verify]
    E --> F[Report]
    F --> A

Phase 1: Discovery

1.1 Automated Scanning

Schedule Regular Scans: 

# Weekly vulnerability scan
aphids-cli \
  --api-key $API_KEY \
  --runbook vuln-scan-weekly \
  --target-domain example.com \
  --engagement vuln-management

Scan Coverage: - Web applications - Network infrastructure - Cloud resources - APIs - Mobile applications

1.2 Manual Testing

Complement Automated Scans: - Penetration testing - Code reviews - Architecture reviews - Configuration audits

1.3 External Sources

Monitor External Feeds: - CVE databases - Vendor advisories - Security bulletins - Threat intelligence - Bug bounty reports

Phase 2: Assessment

2.1 Validate Findings

Verification Steps: 1. Reproduce the vulnerability 2. Confirm exploitability 3. Assess actual impact 4. Eliminate false positives

In Hive: 1. Navigate to Intelligence → Vulnerabilities 2. Review each finding 3. Mark as: - Confirmed - False Positive - Needs Investigation

📸 Screenshot: Vulnerability validation

2.2 Impact Analysis

Assess Impact: - Confidentiality: Data exposure risk - Integrity: Data modification risk - Availability: Service disruption risk - Business Impact: Revenue, reputation, compliance

Impact Levels: 

Critical: Immediate business impact
High: Significant business impact
Medium: Moderate business impact
Low: Minimal business impact

2.3 Exploitability Assessment

Factors: - Attack complexity - Required privileges - User interaction needed - Network accessibility - Available exploits

Exploitability Levels: 

Easy: Public exploits, no authentication
Moderate: Requires some skill/access
Difficult: Complex, requires insider access

Phase 3: Prioritization

3.1 Risk Scoring

CVSS Scoring: - Base score (0-10) - Temporal score - Environmental score

Custom Risk Score: 

Risk Score = (CVSS Base Score × Exploitability × Asset Criticality) / 10

Where:
- CVSS Base Score: 0-10
- Exploitability: 0.5 (difficult) to 1.5 (easy)
- Asset Criticality: 0.5 (low) to 2.0 (critical)

3.2 Prioritization Matrix

Priority Levels: 

P0 (Critical):
- CVSS 9.0-10.0
- Actively exploited
- Internet-facing critical assets
- SLA: 24 hours

P1 (High):
- CVSS 7.0-8.9
- High exploitability
- Important assets
- SLA: 7 days

P2 (Medium):
- CVSS 4.0-6.9
- Moderate exploitability
- Standard assets
- SLA: 30 days

P3 (Low):
- CVSS 0.1-3.9
- Low exploitability
- Low-value assets
- SLA: 90 days

3.3 Asset-Based Prioritization

Asset Classification: 

critical_assets:
  - Production databases
  - Payment systems
  - Customer data stores
  - Authentication systems

important_assets:
  - Internal applications
  - Development systems
  - Backup systems

standard_assets:
  - Test environments
  - Documentation sites
  - Internal tools

Prioritization Rule: 

Critical Asset + High Severity = P0
Critical Asset + Medium Severity = P1
Important Asset + High Severity = P1
Standard Asset + High Severity = P2

Phase 4: Remediation

4.1 Remediation Planning

Create Remediation Plan: 1. Group related vulnerabilities 2. Identify remediation approach 3. Estimate effort 4. Assign owners 5. Set deadlines

Remediation Approaches: - Patch: Apply vendor patches - Configure: Change settings - Mitigate: Implement controls - Accept: Document accepted risk - Transfer: Use WAF, IPS, etc.

4.2 Remediation Tracking

In Hive: 1. Navigate to vulnerability 2. Click Assign 3. Set: - Owner - Due date - Priority - Status 4. Add remediation notes

Status Workflow: 

New → Assigned → In Progress → Remediated → Verified → Closed

4.3 Remediation Execution

Patch Management: 

# Test patch in dev
# Deploy to staging
# Validate functionality
# Deploy to production
# Verify patch applied

Configuration Changes: 

# Document current config
# Make changes
# Test thoroughly
# Deploy to production
# Verify changes

Compensating Controls: 

# If patching not possible:
# - Implement WAF rules
# - Network segmentation
# - Access controls
# - Monitoring/alerting

Phase 5: Verification

5.1 Retest Vulnerabilities

After Remediation: 

# Retest specific vulnerability
aphids-cli \
  --api-key $API_KEY \
  --runbook retest-specific \
  --target-url https://example.com \
  --vulnerability-id VULN-123

Verification Steps: 1. Attempt to reproduce original finding 2. Verify exploit no longer works 3. Check for bypass techniques 4. Confirm no new issues introduced

5.2 Update Status

In Hive: 1. Navigate to vulnerability 2. Add verification notes 3. Attach retest evidence 4. Update status to "Verified" 5. Close if successful

5.3 Regression Testing

Ensure Fix Persists: - Include in regular scans - Monitor for reintroduction - Track in compliance reports

Phase 6: Reporting

6.1 Vulnerability Reports

Generate Reports: 1. Go to Intelligence → Reporting Engine 2. Select template: - Vulnerability Summary - Detailed Findings - Remediation Status - Trend Analysis 3. Configure date range 4. Generate report

Report Types: - Executive: High-level metrics - Technical: Detailed findings - Compliance: Audit evidence - Trend: Historical analysis

6.2 Key Metrics

Track Metrics: 

Vulnerability Metrics:
- Total open vulnerabilities
- By severity (Critical, High, Medium, Low)
- Mean time to detect (MTTD)
- Mean time to remediate (MTTR)
- Remediation rate
- Vulnerability age
- Reopen rate

Trend Metrics:
- New vulnerabilities per month
- Closed vulnerabilities per month
- Net change
- Backlog size
- SLA compliance

6.3 Stakeholder Communication

Regular Updates: - Daily: Critical vulnerability alerts - Weekly: Status updates to security team - Monthly: Metrics to management - Quarterly: Executive briefings

Communication Template: 

## Vulnerability Management Update - [Month]

### Summary
- Total Vulnerabilities: 45 (-5 from last month)
- Critical: 2 (-1)
- High: 8 (-3)
- Medium: 20 (-1)
- Low: 15 (0)

### This Month
- Discovered: 12 new vulnerabilities
- Remediated: 17 vulnerabilities
- MTTR: 15 days (target: 30 days)
- SLA Compliance: 95%

### Top Priorities
1. [VULN-123] SQL Injection - Due: [Date]
2. [VULN-456] XSS - Due: [Date]
3. [VULN-789] Outdated Library - Due: [Date]

### Challenges
- Waiting for vendor patch for [Issue]
- Resource constraints for [Project]

Best Practices

Process

✅ Automate Discovery: Regular automated scans
✅ Validate Everything: Eliminate false positives
✅ Prioritize Wisely: Risk-based approach
✅ Track Diligently: Use a system (Hive!)
✅ Communicate Clearly: Keep stakeholders informed
✅ Measure Progress: Track metrics
✅ Continuous Improvement: Refine process

Technical

✅ Defense in Depth: Multiple layers of security
✅ Patch Quickly: Especially critical vulnerabilities
✅ Test Thoroughly: Before production deployment
✅ Document Everything: Decisions and actions
✅ Monitor Continuously: Detect reintroduction

Common Challenges

Challenge 1: Too Many Vulnerabilities

Solution: - Focus on critical/high first - Group related vulnerabilities - Implement compensating controls - Accept low-risk findings - Automate remediation where possible

Challenge 2: Slow Remediation

Solution: - Streamline approval process - Automate patching - Improve testing procedures - Increase resources - Use compensating controls

Challenge 3: False Positives

Solution: - Improve scan configuration - Validate all findings - Tune detection rules - Whitelist known safe items - Use multiple tools

Challenge 4: Lack of Resources

Solution: - Prioritize ruthlessly - Automate everything possible - Use managed services - Outsource where appropriate - Focus on high-impact items

Integration with SDLC

Development Phase

Shift Left: - Static code analysis - Dependency scanning - IDE security plugins - Pre-commit hooks

Build Phase

CI/CD Integration: 

# Example GitHub Actions
- name: Security Scan
  run: |
    aphids-cli \
      --api-key ${{ secrets.API_KEY }} \
      --runbook ci-security-scan \
      --target-url ${{ env.STAGING_URL }}

Deployment Phase

Pre-Deployment: - Scan staging environment - Verify no critical vulnerabilities - Check compliance - Approve deployment

Production Phase

Continuous Monitoring: - Regular scans - Runtime protection - Anomaly detection - Incident response

Compliance Considerations

PCI DSS

Requirements: - Quarterly vulnerability scans - Remediate critical vulnerabilities - Maintain scan evidence - ASV scans for external IPs

Hive Support: - Automated quarterly scans - Remediation tracking - Compliance reports - Audit trail

HIPAA

Requirements: - Regular vulnerability assessments - Risk analysis - Remediation tracking - Documentation

Hive Support: - Scheduled assessments - Risk scoring - Remediation workflow - Audit reports

SOC 2

Requirements: - Vulnerability management process - Regular assessments - Remediation tracking - Evidence collection

Hive Support: - Documented process - Automated scans - Tracking system - Audit reports

Checklist

Monthly Tasks

  • Review all new vulnerabilities
  • Validate findings
  • Assign priorities
  • Update remediation status
  • Generate monthly report
  • Review metrics
  • Communicate updates

Quarterly Tasks

  • Review vulnerability trends
  • Assess process effectiveness
  • Update risk scores
  • Review SLA compliance
  • Executive briefing
  • Compliance reporting
  • Process improvements

Annual Tasks

  • Full program review
  • Update policies
  • Review tool effectiveness
  • Benchmark against industry
  • Update risk appetite
  • Budget planning
  • Training and awareness

Next: Penetration Testing | Continuous Monitoring