This chapter covered the basics of the CVE vulnerability identification system, how to build workflows around discovering WordPress, Ruby on Rails, or Django-related vulnerabilities, and why known vulnerability detection, despite all the caveats, can still be worth integrating into your security practice. You should be moving forward with a better understanding of the role application-specific vulnerabilities play in the security ecosystem and be confident building application-specific testing processes, where appropriate, into Burp-based, script-based, or any number of other workflow strategies.
In the next chapter, we will cover the critical information that should be included in every report, optional information, the importance of including detailed steps to reproduce the bug, and how to write a good attack scenario.
