Vulnerability Assessment Training
Level: Intermediate
Course #: 589
Course info - Prices, Enrollment
Key Features of this Vulnerability Assessment Training:
After-course instructor coaching benefit
You Will Learn How To:
Detect and respond to vulnerabilities, and minimize exposure to security breaches
Employ real-world exploits and evaluate their effect on your systems
Configure vulnerability scanners to identify weaknesses
Analyze the results of vulnerability scans
Establish an efficient strategy for vulnerability management
Goals Live, Instructor-Led -Live, Online Training
10-day instructor-led training course
One-on-one after course instructor coaching
Important Vulnerability Assessment Course Information
Requirements
Basic understanding of network security and security issues at the level of:
You should have an understand of:
TCP/IP networking
Network security goals and concerns
The roles of firewalls and intrusion detection systems
Certification Preparation
This course covers multiple domains on the (ISC)2 CISSP certification exam
If you are interested in achieving the CISSP certification, see {course and number: 2058}
Vulnerability Assessment Course Outline
Fundamentals
Introduction
Defining vulnerability, exploit, threat and risk
Creating a vulnerability report
Conducting an initial scan
Common Vulnerabilities and Exposure (CVE) list
Scanning and exploits
Vulnerability detection methods Types of scanners
Port scanning and OS fingerprinting
Enumerating targets to test information leakage
Types of exploits: worm, spyware, backdoor, rootkits, Denial of Service (DoS) Deploying exploit frameworks
Analyzing Vulnerabilities and Exploits
Uncovering infrastructure vulnerabilities
Uncovering switch weaknesses
Vulnerabilities in infrastructure support servers
Network management tool attacks
Attacks against analyzers and IDS
Identifying Snort IDS bypass attacks
Corrupting memory and causing Denial of Service
Exposing server vulnerabilities
Scanning servers: assessing vulnerabilities on your network
Uploading rogue scripts and file inclusion
Catching input validation errors
Performing buffer overflow attacks
SQL injection
Cross–Site Scripting (XSS) and cookie theft
Revealing desktop vulnerabilities
Scanning for desktop vulnerabilities
Client buffer overflows
Silent downloading: spyware and adware
Identifying design errors
Configuring Scanners and Generating Reports
Implementing scanner operations and configuration
Choosing credentials, ports and dangerous tests
Preventing false negatives
Creating custom vulnerability tests
Customizing Nessus scans
Handling false positives
Creating and interpreting reports
Filtering and customizing reports
Interpreting complex reports
Contrasting the results of different scanners
Assessing Risks in a Changing Environment
Researching alert information
Using the National Vulnerability Database (NVD) to find relevant vulnerability and patch information
Evaluating and investigating security alerts and advisories
Employing the Common Vulnerability Scoring System (CVSS)
Identifying factors that affect risk
Evaluating the impact of a successful attack
Determining vulnerability frequency
Calculating vulnerability severity
Weighing important risk factors
Performing a risk assessment
Managing Vulnerabilities
The vulnerability management cycle
Standardizing scanning with Open Vulnerability Assessment Language (OVAL)
Patch and configuration management
Analyzing the vulnerability management process
Vulnerability controversies
Rewards for vulnerability discovery
Markets for bugs and exploits
Challenge programs