Module 2: Data Organization in Vulnerability Response Flashcards
What is the community-developed list of common software security weaknesses which serves as a common language, a measuring stick for software security tools, and as a baseline for weakness identification, mitigation, and prevention efforts?
Common Weakness Enumeration (CWE)
Where are common Vulnerabilties and Exposures CVE-ID records downloaded from?
National Vulnerability Database (NVD)
When VR matches vulnerabilities with items in your environment, what type of record is created?
Vulnerable Item
When scanners pass the data into ServiceNow, what is used to identify the Configuration Item affected by a particular vulnerability?
CI Lookup rules
T/F: Vulnerable Items and Remediation Tasks follow the same process flow
True
What is the Vulnerable Item table name?
[sn_vul_vulnerable_item]
A Vulnerable Item (VIT) is the Vulnerability as it relates to a specific ________________________.
Configuration Item (CI)
T/F: A VIT can exist without a specific Configuration Item.
False
What are distinct occurrences of vulnerabilities as reported by the scanners of third-party integrations?
Detections
What are vulnerabilities on custom software applications scanned throughout the application’s development life cycle?
Application vulnerabilities
What three user groups does Application Vulnerability Response use?
App-Sec Manager
Application Security Champion
Developer
T/F: ServiceNow’s Application Vulnerability Response application focuses on DAST and SAST.
True
What is SAST?
Static Application Security Testing
What is DAST?
Dynamic Application Security Testing
What is the scanned application table?
[sn_vul_app_scanned_application]
