Using Exploit Exposure

With Nexpose Exploit Exposure™, you can now use the application to target specific vulnerabilities for exploits using the Metasploit exploit framework. Verifying vulnerabilities through exploits helps you to focus remediation tasks on the most critical gaps in security.

For each discovered vulnerability, the application indicates whether there is an associated exploit and the required skill level for that exploit. If a Metasploit exploit is available, the console displays the  ™ icon and a link to a Metasploit module that provides detailed exploit information.

Why exploit your own vulnerabilities?

On a logistical level, exploits can provide critical access to operating systems, services, and applications for penetration testing.

Also, exploits can afford better visibility into network security, which has important implications for different stakeholders within your organization:

• Penetration testers and security consultants use exploits as compelling proof that security flaws truly exist in a given environment, eliminating any question of a false positive. Also, the data they collect during exploits can provide a great deal of insight into the seriousness of the vulnerabilities.
• Senior managers demand accurate security data that they can act on with confidence. False positives can cause them to allocate security resources where they are not needed. On the other hand, if they refrain from taking action on reported vulnerabilities, they may expose the organization to serious breaches. Managers also want metrics to help them determine whether or not security consultants and vulnerability management tools are good investments.
• System administrators who view vulnerability data for remediation purposes want to be able to verify vulnerabilities quickly. Exploits provide the fastest proof.