Call : (+91) 968636 4243
Mail : info@EncartaLabs.com
EncartaLabs

Vulnerability Assessment

( Duration: 4 Days )

In Vulnerability Assessment training course, you will learn to configure vulnerability scanners to detect points of exposure and prevent network exploitation. You acquire the knowledge to assess the risk to your enterprise from an array of vulnerabilities and to minimize costly security breaches.

By attending Vulnerability Assessment workshop, delegates will learn to:

  • Detect and respond to vulnerabilities and minimize exposure to security breaches
  • Employ real-world exploits and evaluate their effect on Participants systems
  • Configure vulnerability scanners to identify weaknesses
  • Analyze the results of vulnerability scans
  • Establish an intelligent strategy for vulnerability management

This Vulnerability Assessment class is ideal for Security auditors, firewall/IDS personnels, PCI security testers, network managers and those involved in cyber security measures and implementation who have experience with network security.

COURSE AGENDA

1

Fundamentals

  • Introduction
    • Defining vulnerability, exploit, threat and risk
    • Creating a vulnerability report
    • Conducting an initial scan
    • Common Vulnerabilities and Exposure (CVE) list
  • Scanning and exploits
    • Vulnerability detection methods
    • Types of scanners
    • Port scanning and OS fingerprinting
    • Enumerating targets to test information leakage
    • Types of exploits: worm, spyware, backdoor, rootkits, Denial of Service (DoS)
    • Deploying exploit frameworks
2

Analyzing Vulnerabilities and Exploits

  • Uncovering infrastructure vulnerabilities
    • Uncovering switch weaknesses
    • Vulnerabilities in Ethereal and Wireshark
    • Network management tool attacks
  • Attacks against analyzers and IDS
    • Identifying Snort IDS bypass attacks
    • Corrupting memory and causing denial of service
  • Exposing server vulnerabilities
    • Scanning servers: assessing vulnerabilities on your network
    • Uploading rogue scripts and file inclusion
    • Catching input validation errors
    • Performing buffer overflow attacks
    • SQL injection
    • Cross-site scripting (XSS) and cookie theft
  • Revealing desktop vulnerabilities
    • Scanning for desktop vulnerabilities
    • Client buffer overflows
    • Silent downloading: spyware and adware
    • Attacking design errors
3

Configuring Scanners and Generating Reports

  • Implementing scanner operations and configuration
    • Choosing credentials, ports and dangerous tests
    • Preventing false negatives
    • Creating custom vulnerability tests
    • Customizing Nessus scans
    • Handling false positives
  • Creating and interpreting reports
    • Filtering and customizing reports
    • Interpreting complex reports
    • Contrasting the results of different scanners
4

Assessing Risks in a Changing Environment

  • Researching alert information
    • Using the National Vulnerability Database (NVD) to find relevant vulnerability and patch information
    • Evaluating and investigating security alerts and advisories
    • Employing the Common Vulnerability Scoring System (CVSS)
  • Identifying factors that affect risk
    • Evaluating the impact of a successful attack
    • Determining vulnerability frequency
    • Calculating vulnerability severity
    • Weighing important risk factors
    • Performing a risk assessment
5

Managing Vulnerabilities

  • The vulnerability management cycle
    • Standardizing scanning with Open Vulnerability Assessment Language (OVAL)
    • Patch and configuration management
    • Analyzing the vulnerability management process
  • Vulnerability controversies
    • Rewards for vulnerability discovery
    • Markets for bugs and exploits
    • Challenge programs

Encarta Labs Advantage

  • One Stop Corporate Training Solution Providers for over 6,000 various courses on a variety of subjects
  • All courses are delivered by Industry Veterans
  • Get jumpstarted from newbie to production ready in a matter of few days
  • Trained more than 50,000 Corporate executives across the Globe
  • All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting https://www.encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop/online training for a group of 10+ candidates.

Top
Notice
X