Vulnerability Assessment Training: Protecting Your Organization

This training course on Vulnerability Assessment instructs participants on minimizing expensive security breaches and assessing risks within their enterprise stemming from various vulnerabilities. Participants will learn to develop a comprehensive checklist for network security vulnerability assessments, pinpointing weaknesses in infrastructure, servers, web applications, and desktops. Moreover, the course covers report creation and interpretation, configuration of vulnerability scanners, identification of vulnerability points, and strategies for preventing network exploitation. Vulnerability Assessment Training: Protecting Your Organization Benefits In this course, you will learn how to: Detect and respond to vulnerabilities, and minimize exposure to security breaches Employ real-world exploits and evaluate their effect on your systems Configure vulnerability scanners to identify weaknesses Analyze the results of vulnerability scans Establish an efficient strategy for vulnerability management Prerequisites Before taking this course, you should have a basic understanding of network security and security issues at the level of Learning Tree course 468, Introduction to Cybersecurity, Learning Tree course 446, CompTIA Security+® Training, And you should have an understanding of the following: TCP/IP networking Network security goals and concerns The roles of firewalls and intrusion detection systems Continuing Education Information This course covers multiple domains on the ISC2™ CISSP certification exam If you are interested in achieving the CISSP certification, see CISSP® Training and Certification Prep Course • Course 2058 Vulnerability Assessment Course Outline Module 1: Fundamentals Introduction Defining vulnerability, exploit, threat and risk Creating a vulnerability report Conducting an initial scan Common Vulnerabilities and Exposure (CVE) list Scanning and exploits Vulnerability detection methods Types of scanners Port scanning and OS fingerprinting Enumerating targets to test information leakage Types of exploits: worm, spyware, backdoor, rootkits, Denial of Service (DoS) Deploying exploit frameworks Module 2: Analyzing Vulnerabilities and Exploits Uncovering infrastructure vulnerabilities Uncovering switch weaknesses Vulnerabilities in infrastructure support servers Network management tool attacks Attacks against analyzers and IDS Identifying Snort IDS bypass attacks Corrupting memory and causing Denial of Service Exposing server vulnerabilities Scanning servers: assessing vulnerabilities on your network Uploading rogue scripts and file inclusion Catching input validation errors Performing buffer overflow attacks SQL injection Cross-Site Scripting (XSS) and cookie theft Revealing desktop vulnerabilities Scanning for desktop vulnerabilities Client buffer overflows Silent downloading: spyware and adware Identify browser privilege escalation vulnerabilities Module 3: Configuring Scanners and Generating Reports Implementing scanner operations and configuration Choosing credentials, ports and dangerous tests Preventing false negatives Creating custom vulnerability tests Customizing Nessus scans Handling false positives Creating and interpreting reports Filtering and customizing reports Interpreting complex reports Contrasting the results of different scanners Module 4: Assessing Risks in a Changing Environment Researching alert information Using the National Vulnerability Database (NVD) to find relevant vulnerability and patch information Evaluating and investigating security alerts and advisories Employing the Common Vulnerability Scoring System (CVSS) Identifying factors that affect risk Evaluating the impact of a successful attack Determining vulnerability frequency Calculating vulnerability severity Weighing important risk factors Performing a risk assessment Module 5: Managing Vulnerabilities The vulnerability management cycle Examine Common Platform Enumeration and how to use it Patch and configuration management Analyzing the vulnerability management process Vulnerability controversies Investigating CPE Baseline management Achieving compliance