Cart 0

Vulnerability Assessment Training: Protecting Your Organization
Course 589
4 DAY COURSE

Price:
Course Outline

This Vulnerability Assessment training course teaches you how to minimize costly security breaches and evaluate the risk in your enterprise from an array of vulnerabilities. You will create a network security vulnerability assessment checklist, identifying exposed infrastructure, server, and desktop vulnerabilities. Additionally, you will create and interpret reports, configure vulnerability scanners, detect points of exposure, and ultimately prevent network exploitation.

Vulnerability Assessment Training: Protecting Your Organization Benefits

  • In this course, you will learn how to:

    • Detect and respond to vulnerabilities, and minimize exposure to security breaches
    • Employ real-world exploits and evaluate their effect on your systems
    • Configure vulnerability scanners to identify weaknesses
    • Analyze the results of vulnerability scans
    • Establish an efficient strategy for vulnerability management

  • Prerequisites

    Before taking this course, you should have a basic understanding of network security and security issues at the level of

    • Learning Tree course 468, Information Security Training,

    And you should have an understanding of the following:

    • TCP/IP networking
    • Network security goals and concerns
    • The roles of firewalls and intrusion detection systems

  • Continuing Education Information

    • This course covers multiple domains on the ISC2™ CISSP certification exam
    • If you are interested in achieving the CISSP certification, see CISSP® Training and Certification Prep Course • Course 2058

Vulnerability Assessment Course Outline

Module 1: Fundamentals

Introduction

  • Defining vulnerability, exploit, threat and risk
  • Creating a vulnerability report
  • Conducting an initial scan
  • Common Vulnerabilities and Exposure (CVE) list

Scanning and exploits

  • Vulnerability detection methods
  • Types of scanners
  • Port scanning and OS fingerprinting
  • Enumerating targets to test information leakage
  • Types of exploits: worm, spyware, backdoor, rootkits, Denial of Service (DoS)
  • Deploying exploit frameworks

Module 2: Analyzing Vulnerabilities and Exploits

Uncovering infrastructure vulnerabilities

  • Uncovering switch weaknesses
  • Vulnerabilities in infrastructure support servers
  • Network management tool attacks

Attacks against analyzers and IDS

  • Identifying Snort IDS bypass attacks
  • Corrupting memory and causing Denial of Service

Exposing server vulnerabilities

  • Scanning servers: assessing vulnerabilities on your network
  • Uploading rogue scripts and file inclusion
  • Catching input validation errors
  • Performing buffer overflow attacks
  • SQL injection
  • Cross-Site Scripting (XSS) and cookie theft

Revealing desktop vulnerabilities

  • Scanning for desktop vulnerabilities
  • Client buffer overflows
  • Silent downloading: spyware and adware
  • Identifying design errors

Module 3: Configuring Scanners and Generating Reports

Implementing scanner operations and configuration

  • Choosing credentials, ports and dangerous tests
  • Preventing false negatives
  • Creating custom vulnerability tests
  • Customizing Nessus scans
  • Handling false positives

Creating and interpreting reports

  • Filtering and customizing reports
  • Interpreting complex reports
  • Contrasting the results of different scanners

Module 4: Assessing Risks in a Changing Environment

Researching alert information

  • Using the National Vulnerability Database (NVD) to find relevant vulnerability and patch information
  • Evaluating and investigating security alerts and advisories
  • Employing the Common Vulnerability Scoring System (CVSS)

Identifying factors that affect risk

  • Evaluating the impact of a successful attack
  • Determining vulnerability frequency
  • Calculating vulnerability severity
  • Weighing important risk factors
  • Performing a risk assessment

Module 5: Managing Vulnerabilities

The vulnerability management cycle

  • Standardizing scanning with Open Vulnerability Assessment Language (OVAL)
  • Patch and configuration management
  • Analyzing the vulnerability management process

Vulnerability controversies

  • Rewards for vulnerability discovery
  • Markets for bugs and exploits
  • Challenge programs
Course Dates

For course questions or any customer service inquiry, please contact your Customer Service team at BAHCustomerService@LearningTree.com.

We are excited that Learning Tree now offers a deferred direct bill payment option for Booz Allen employees. The deferred direct bill payment option enables employees to enroll in learning opportunities with no upfront costs. This payment option will require the employee to sign a Family Educational Rights and Privacy Act (FERPA) agreement with Learning Tree to release grades/completion to Booz Allen to satisfy the FlexEd Program completion requirement. Note, Learning Tree may also be used for the FlexEd Program reimbursement payment option.

Attendance Method
Additional Details (optional)

Private Team Training

Interested in this course for your team? Please complete and submit the form below and we will contact you to discuss your needs and budget.