Vulnerability Assessment Training

Level: Intermediate
Course #: 589
Course info - Prices, Enrollment

Key Features of this Vulnerability Assessment Training:

After-course instructor coaching benefit

You Will Learn How To:

Detect and respond to vulnerabilities, and minimize exposure to security breaches

Employ real-world exploits and evaluate their effect on your systems

Configure vulnerability scanners to identify weaknesses

Analyze the results of vulnerability scans

Establish an efficient strategy for vulnerability management

Goals Live, Instructor-Led -Live, Online Training

10-day instructor-led training course

One-on-one after course instructor coaching

Important Vulnerability Assessment Course Information


Basic understanding of network security and security issues at the level of:

You should have an understand of:

TCP/IP networking

Network security goals and concerns

The roles of firewalls and intrusion detection systems

Certification Preparation

This course covers multiple domains on the (ISC)2 CISSP certification exam

If you are interested in achieving the CISSP certification, see {course and number: 2058}

Vulnerability Assessment Course Outline



Defining vulnerability, exploit, threat and risk

Creating a vulnerability report

Conducting an initial scan

Common Vulnerabilities and Exposure (CVE) list

Scanning and exploits

Vulnerability detection methods Types of scanners

Port scanning and OS fingerprinting

Enumerating targets to test information leakage

Types of exploits: worm, spyware, backdoor, rootkits, Denial of Service (DoS) Deploying exploit frameworks

Analyzing Vulnerabilities and Exploits

Uncovering infrastructure vulnerabilities

Uncovering switch weaknesses

Vulnerabilities in infrastructure support servers

Network management tool attacks

Attacks against analyzers and IDS

Identifying Snort IDS bypass attacks

Corrupting memory and causing Denial of Service

Exposing server vulnerabilities

Scanning servers: assessing vulnerabilities on your network

Uploading rogue scripts and file inclusion

Catching input validation errors

Performing buffer overflow attacks

SQL injection

Cross–Site Scripting (XSS) and cookie theft

Revealing desktop vulnerabilities

Scanning for desktop vulnerabilities

Client buffer overflows

Silent downloading: spyware and adware

Identifying design errors

Configuring Scanners and Generating Reports

Implementing scanner operations and configuration

Choosing credentials, ports and dangerous tests

Preventing false negatives

Creating custom vulnerability tests

Customizing Nessus scans

Handling false positives

Creating and interpreting reports

Filtering and customizing reports

Interpreting complex reports

Contrasting the results of different scanners

Assessing Risks in a Changing Environment

Researching alert information

Using the National Vulnerability Database (NVD) to find relevant vulnerability and patch information

Evaluating and investigating security alerts and advisories

Employing the Common Vulnerability Scoring System (CVSS)

Identifying factors that affect risk

Evaluating the impact of a successful attack

Determining vulnerability frequency

Calculating vulnerability severity

Weighing important risk factors

Performing a risk assessment

Managing Vulnerabilities

The vulnerability management cycle

Standardizing scanning with Open Vulnerability Assessment Language (OVAL)

Patch and configuration management

Analyzing the vulnerability management process

Vulnerability controversies

Rewards for vulnerability discovery

Markets for bugs and exploits

Challenge programs

Course info - Prices, Enrollment