4.1 Vulnerability management
📘CompTIA Security+ (SY0-701)
Validation: Rescanning, Audit, Verification
In vulnerability management, validation is the process used to make sure that vulnerabilities you’ve found are real and that the actions you took to fix them actually worked. Think of it as a “double-check” step to make sure nothing is missed or broken.
Validation is critical because just finding a vulnerability is not enough; you need to confirm it exists and that it’s fixed after remediation.
1. Rescanning
What it is:
Rescanning means running vulnerability scans again after you’ve applied fixes, patches, or changes.
Purpose:
- To confirm that previously identified vulnerabilities are actually fixed.
- To detect any new vulnerabilities that might have appeared after changes.
How it works in IT:
- A company scans a server and finds that an old version of a web application has a vulnerability.
- They apply a security patch to update the application.
- A rescan is performed to ensure the patch fixed the vulnerability and the system is secure.
Key Points for Exam:
- Rescans are often automated in vulnerability management tools.
- It ensures that patching, configuration changes, or other remediation steps are successful.
- Without rescanning, you cannot confirm that your remediation worked.
2. Audit
What it is:
An audit is a structured review or inspection to ensure systems and processes comply with security policies, standards, or best practices.
Purpose:
- To provide a formal, documented check of your systems.
- To ensure vulnerabilities are being properly tracked, fixed, and managed.
How it works in IT:
- Security teams check server logs, patch history, and vulnerability scan reports.
- They verify that all critical vulnerabilities have been remediated according to company policy.
- Audits can be internal (done by the IT/security team) or external (done by third-party auditors).
Key Points for Exam:
- Audits verify that policies and processes around vulnerability management are being followed.
- They are not just about finding vulnerabilities but about ensuring compliance and proper documentation.
3. Verification
What it is:
Verification is the act of confirming that remediation steps actually solved the problem. It’s the “proof” part of validation.
Purpose:
- To ensure the fixes you applied really work.
- To avoid situations where vulnerabilities appear to be fixed but still exist due to errors or misconfigurations.
How it works in IT:
- If a web server was vulnerable because of an outdated SSL/TLS configuration, the admin updates the configuration.
- Verification involves checking that the server now uses secure protocols and passes security scans.
- Verification may include reviewing scan results, testing access, or checking logs.
Key Points for Exam:
- Verification is often done after rescanning and auditing.
- It confirms that remediation is complete and effective.
- It’s a key step to reduce false positives, ensuring you don’t report a vulnerability as fixed when it’s not.
Summary Table
| Step | Purpose | IT Example |
|---|---|---|
| Rescanning | Confirm vulnerabilities are fixed | Run a vulnerability scanner on a patched web server |
| Audit | Ensure processes and policies are followed | Review logs and patch history to confirm compliance |
| Verification | Confirm fixes actually work | Check updated SSL/TLS config on a server after patching |
Exam Tips
- Remember that validation = making sure the fix worked.
- Rescanning is automated and happens after remediation.
- Audit is a formal check, often with documentation and reporting.
- Verification is the proof that remediation solved the problem.
- All three work together to ensure vulnerabilities are correctly managed and that security is improved.
In simple terms, think of it like this:
- You find a problem → fix it → check it really worked → audit it to make sure all procedures were followed.
