In this period, data and information became the most important things to be protected in the organization. Unfortunately, based on SANS 2017 [2], not only small but also large-scale organizations suffered from the incident. That phenomenon happened because of increasing vulnerability, which was not handled carefully. On the other hand, exposed vulnerability increases the risk of assets such as data and information so it needs to be fixed as soon as possible. As a security engineer team in the organization, doing vulnerability identification took time and some time produced many false positives. This paper proposed a solution to decrease false positive in vulnerability identification result and fasten its process by integrating vulnerability identification tool as an exploit kit. In the end, our solution can reduce vulnerability identification time by 50% for two targets and increase vulnerability identification certainty by using manual analysis and proof of concept feature.
展开▼