Description
4 credit/unit hours – Four hours of lecture weekly; one term
This course presents the learner with an introduction to information security vulnerability assessment fundamentals, followed by in-depth coverage of the Vulnerability Assessment Framework. Through a detailed, practical analysis of threat intelligence, modeling, and automation, students will learn the skills necessary to not only use the tools of the trade, but also to implement a transformational security vulnerability assessment program.
Learning Objectives
Upon completion of this course the learner will be able to:
- Differentiate between vulnerability assessment, management, and mitigation;
- Employ the Vulnerability Assessment Framework in hands-on examples;
- Discuss shortfalls of many vulnerability assessment programs;
- Use industry-standard security tools to carry out a vulnerability assessment; and
- Use the output of various tools to make recommendations and remediate vulnerabilities
Main Topics
1.0 Methodology, Planning, and Threat Modeling
- Maximizing Value from Vulnerability Assessments and Programs
- Setting Up for Success at Scale: Enterprise Architecture and Strategy
- Developing Transformational Vulnerability Assessment Strategies
- Performing Enterprise Threat Modelling
- Generating Compounding Interest from Threat Intelligence and Avoiding Information Overload
- The Vulnerability Assessment Framework
- Overview of Comprehensive Network Scanning
- Compliance Standards and Information Security
- Team Operations and Collaboration
2.0 Discovery
- Active and Passive Reconnaissance
- Identification and Enumeration with DNS
- DNS Zone Speculation and Dictionary-Enabled Discovery
- Port Scanning
- Scanning Large-Scale Environments
- Commonplace Services
- Scanning the Network Perimeter and Engaging the DMZ
- Trade-offs: Speed, Efficiency, Accuracy, and Thoroughness
- Introduction to PowerShell
3.0 Enhanced Vulnerability Scanning and Automation
- Assigning a Confidence Value and Validating Exploitative Potential of Vulnerabilities
- Enhanced Vulnerability Scanning
- Risk Assessment Matrices and Rating Systems
- Quantitative Analysis Techniques Applied to Vulnerability Scoring
- Performing Tailored Risk Calculation to Drive Triage
- General Purpose vs. Application-Specific Vulnerability Scanning
- Tuning the Scanner to the Task, the Enterprise, and Tremendous Scale
- Scan Policies and Compliance Auditing
- Performing Vulnerability Discovery with Open-Source and Commercial Appliances
- Scanning with the Nmap Scripting Engine, Nexpose/InsightVM, and Acunetix
- The Windows Domain: Exchange, SharePoint, and Active Directory
- Testing for Insecure Cryptographic Implementations Including SSL
- Assessing VoIP Environments
- Discovering Vulnerabilities in the Enterprise Backbone: Active Directory, Exchange, and SharePoint
- Minimizing Supplemental Risk while Conducting Authenticated Scanning through Purposeful Application of Least Privilege
- Probing for Data Link Liability to Identify Hazards in Wireless Infrastructure, Switches, and VLANs
- Manual Vulnerability Discovery Automated to Attain Maximal Efficacy
4.0 Vulnerability Validation, Triage, and Data Management
- Recruiting Disparate Data Sources: Patches, Hotfixes, and Configurations
- Manual Vulnerability Validation Targeting Enterprise Infrastructure
- Converting Disparate Datasets into a Central, Normalized, and Relational Knowledge Base
- Managing Large Repositories of Vulnerability Data
- Querying the Vulnerability Knowledge Base
- Evaluating Vulnerability Risk in Custom and Unique Systems, including Web Applications
- Triage: Assessing the Relative Importance of Vulnerabilities Against Strategic Risk
5.0 Remediation and Reporting
- Domain Password Auditing
- Creating and Navigating Vulnerability Prioritization Schemes in Acheron
- Developing a Web of Network and Host Affiliations
- Modeling Account Relationships on Active Directory Forests
- Creating Effective Vulnerability Assessment Reports
- Transforming Triage Listing into the Vulnerability Remediation Plan