Vulnerability & Security Management 40hours
Vulnerability management is an essential component of a security program that includes detection, assessments, remediation, and tracking. The majority of assaults that result in data loss are frequently the consequence of the use of known, unpatched vulnerabilities. Vulnerability Management is useful for assets on your network that are not regularly patched. This program will teach you a holistic vulnerability assessment methodology while focusing on challenges encountered in a large enterprise; and you will practice on a full-scale enterprise range chock-full of target machines representative of an enterprise environment, leveraging production-ready tools and a proven testing methodology.
After finishing this course, you will have the right knowledge and skills to create and constantly improve a vulnerability management program that effectively and efficiently discovers and remediates vulnerabilities.
WHY IT IS NEEDED?
- To evaluate network defenders’ capacity to identify and respond to threats.
- Learn to detect and fix vulnerabilities.
- Having a process and policy in place makes it easier to execute frequent and periodic tests.
- Allows for planned investment to safeguard the IT system, resulting in a higher ROI.
- Prioritize high-risk and threat encounters over fake encounters.
Module 1: Introduction to Vulnerability Assessment
- Need for vulnerability assessment
- Types of vulnerability assessment
- Cyber Kill chain
- MITRE ATT&CK Framework
- CVE and CVSS Score: Base score , temporal score
1hr. 10min.
Module 2: Brief Introduction to Different Types of Vulnerabilities
- IP Vulnerabilities
- TCP/IP Vulnerabilities
- ICMP Vulnerabilities
- TCP Session Hijacking
- TCP Vulnerabilities
- UDP Vulnerabilities
2hrs. 27min.
Module 3: Fundamentals of Security
- Identify the difference between cybersecurity vs Information security vs Privacy
- What are the pillars of security?
- Introduction to the essential terminologies in security
- Learning about Hackers and their forms
- Studying about various teams in Cybersecurity
- What are the phases of hacking?
- What is Cyber threat intelligence?
- What do you understand by Security triangle?
- Phases of Security Testing Planning
- Understanding the process of Vulnerability assessment
- Role of Penetration testing
- What is secure code review?
- Security audit
2hrs 1min.
Module 4: Vulnerability Management Life Cycle
- Creating Baseline/Discovery
- Classification
- Risk Assessment
- Reporting
- Remediation
- Verification
Module 5: Security testing launch and execution
- Learn the Different types of Reporting Techniques.
- Considering steps for remediation.
Module 6: Vulnerability Assessment tools
- OpenVAS / OWASP Zap
- Nessus & Nessus Templates
- NMAP
- NIKTO: Web Server Vulnerability Scanner
- QualysGuard
1hr. 10min.
Module 7: Network Vulnerabilities
- Hands-on practice on Open port analysis using NMAP
- Hands-on practice on Man-in-the-middle attack
- White Box network and Black Box vulnerability assessment
- Hands-on Vulnerability assessment using Nessus & Qualys
2hrs. 27min.
Module 8: Security Policy and Controls
- What is a security policy?
- Steps to create and implement security policy.
- Studying about various policy in enterprise
- Introduction to Network security policy & security controls
- Basic principles of Access controls
- Access control system: Administrative, Physical & Technical Access Controls
- What is Discretionary Access Control?
- Where to apply Mandatory Access Control?
- Understanding Role based Access Control.
2hrs 1min.
Pre-Requisite
- Basic understanding of vulnerability.
- Basic Understanding of patch, and configuration management concepts.
Target Audience
- Penetration testers
- Cybersecurity consultants
- IT managers
- Security specialists
- Network server administrators
Duration
- 32 Hours