Preferred method of contact:

Vulnerability Assessment: Protecting Your Organization

COURSE TYPE

Intermediate

Course Number

589

Duration

4 Days

PDF Add to WishList

To minimize costly security breaches, organizations need to evaluate the risk in their enterprise from an array of vulnerabilities. In this training course, you learn how to expose infrastructure, server, and desktop vulnerabilities, create and interpret reports, configure vulnerability scanners, detect points of exposure, and prevent network exploitation.

You Will Learn How To

  • Detect and respond to vulnerabilities, and minimize exposure to security breaches
  • Employ real-world exploits and evaluate their effect on your systems
  • Configure vulnerability scanners to identify weaknesses
  • Analyze the results of vulnerability scans
  • Establish an efficient strategy for vulnerability management

Important Course Information

Requirements:

  • Basic understanding of network security and security issues at the level of:
    • Course 468, System and Network Security Introduction
  • You should have an understand of:
    • TCP/IP networking
    • Network security goals and concerns
    • The roles of firewalls and intrusion detection systems

Certification Preparation:

  • This course covers multiple domains on the (ISC)2 CISSP certification exam
  • If you are interested in achieving the CISSP certification, see Course 2058, Certified Information Systems Security Professional (CISSP) Certification Exam Preparation

Course Outline

  • Fundamentals

Introduction

  • Defining vulnerability, exploit, threat and risk
  • Creating a vulnerability report
  • Conducting an initial scan
  • Common Vulnerabilities and Exposure (CVE) list

Scanning and exploits

  • Vulnerability detection methods
  • Types of scanners
  • Port scanning and OS fingerprinting
  • Enumerating targets to test information leakage
  • Types of exploits: worm, spyware, backdoor, rootkits, Denial of Service (DoS)
  • Deploying exploit frameworks
  • Analyzing Vulnerabilities and Exploits

Uncovering infrastructure vulnerabilities

  • Uncovering switch weaknesses
  • Vulnerabilities in infrastructure support servers
  • Network management tool attacks

Attacks against analyzers and IDS

  • Identifying Snort IDS bypass attacks
  • Corrupting memory and causing Denial of Service

Exposing server vulnerabilities

  • Scanning servers: assessing vulnerabilities on your network
  • Uploading rogue scripts and file inclusion
  • Catching input validation errors
  • Performing buffer overflow attacks
  • SQL injection
  • Cross–Site Scripting (XSS) and cookie theft

Revealing desktop vulnerabilities

  • Scanning for desktop vulnerabilities
  • Client buffer overflows
  • Silent downloading: spyware and adware
  • Identifying design errors
  • Configuring Scanners and Generating Reports

Implementing scanner operations and configuration

  • Choosing credentials, ports and dangerous tests
  • Preventing false negatives
  • Creating custom vulnerability tests
  • Customizing Nessus scans
  • Handling false positives

Creating and interpreting reports

  • Filtering and customizing reports
  • Interpreting complex reports
  • Contrasting the results of different scanners
  • Assessing Risks in a Changing Environment

Researching alert information

  • Using the National Vulnerability Database (NVD) to find relevant vulnerability and patch information
  • Evaluating and investigating security alerts and advisories
  • Employing the Common Vulnerability Scoring System (CVSS)

Identifying factors that affect risk

  • Evaluating the impact of a successful attack
  • Determining vulnerability frequency
  • Calculating vulnerability severity
  • Weighing important risk factors
  • Performing a risk assessment
  • Managing Vulnerabilities

The vulnerability management cycle

  • Standardizing scanning with Open Vulnerability Assessment Language (OVAL)
  • Patch and configuration management
  • Analyzing the vulnerability management process

Vulnerability controversies

  • Rewards for vulnerability discovery
  • Markets for bugs and exploits
  • Challenge programs
Show complete outline
Show Less

Convenient Ways to Attend This Instructor-Led Course

Hassle-Free Enrolment: No advance payment required to reserve your seat.
Tuition due 30 days after you attend your course.

In the Classroom

Live, Online

Private Team Training

In the Classroom — OR — Live, Online

Tuition — Standard: $3285   Government: $2890

Nov 14 - 17 (4 Days)
9:00 AM - 4:30 PM EST
Rockville, MD / Online (AnyWare) Rockville, MD / Online (AnyWare) Reserve Your Seat

How would you like to attend?

Live, Online
In-Class

Dec 5 - 8 (4 Days)
9:00 AM - 4:30 PM EST
Online (AnyWare) Online (AnyWare) Reserve Your Seat

How would you like to attend?

Live, Online

Jan 2 - 5 (4 Days)
9:00 AM - 4:30 PM EST
Ottawa / Online (AnyWare) Ottawa / Online (AnyWare) Reserve Your Seat

How would you like to attend?

Live, Online
In-Class

Jan 16 - 19 (4 Days)
9:00 AM - 4:30 PM EST
Alexandria, VA / Online (AnyWare) Alexandria, VA / Online (AnyWare) Reserve Your Seat

How would you like to attend?

Live, Online
In-Class

Feb 13 - 16 (4 Days)
9:00 AM - 4:30 PM EST
Herndon, VA / Online (AnyWare) Herndon, VA / Online (AnyWare) Reserve Your Seat

How would you like to attend?

Live, Online
In-Class

Mar 27 - 30 (4 Days)
9:00 AM - 4:30 PM EDT
Rockville, MD / Online (AnyWare) Rockville, MD / Online (AnyWare) Reserve Your Seat

How would you like to attend?

Live, Online
In-Class

May 29 - Jun 1 (4 Days)
9:00 AM - 4:30 PM EDT
Online (AnyWare) Online (AnyWare) Reserve Your Seat

How would you like to attend?

Live, Online

Jul 17 - 20 (4 Days)
9:00 AM - 4:30 PM EDT
Alexandria, VA / Online (AnyWare) Alexandria, VA / Online (AnyWare) Reserve Your Seat

How would you like to attend?

Live, Online
In-Class

Aug 14 - 17 (4 Days)
9:00 AM - 4:30 PM EDT
Herndon, VA / Online (AnyWare) Herndon, VA / Online (AnyWare) Reserve Your Seat

How would you like to attend?

Live, Online
In-Class

Guaranteed to Run

Show all dates
Show fewer dates

Private Team Training

Enroling at least 3 people in this course? Consider bringing this (or any course that can be custom designed) to your preferred location as a private team training.

For details, call 1-888-843-8733 or Click here »

Tuition

Standard

Government

In Classroom or
Online

Standard

$3285

Government

$2890

Private Team Training

Contact Us »

Course Tuition Includes:

After-Course Instructor Coaching
When you return to work, you are entitled to schedule a free coaching session with your instructor for help and guidance as you apply your new skills.

Free Course Exam
You can take your Learning Tree course exam on the last day of your course or online at any time after class and receive a Certificate of Achievement with the designation "Awarded with Distinction."

Prev
Next

Training Hours

Standard Course Hours: 9:00 am – 4:30 pm
*Informal discussion with instructor about your projects or areas of special interest: 4:30 pm – 5:30 pm

FREE Online Course Exam (if applicable) – Last Day: 3:30 pm – 4:30 pm
By successfully completing your FREE online course exam, you will:

  • Have a record of your growth and learning results
  • Bring proof of your progress back to your organization
  • Earn credits toward industry certifications (if applicable)

Enhance Your Credentials with Professional Certification

Learning Tree's comprehensive training and exam preparation guarantees that you will gain the knowledge and confidence to achieve professional certification and advance your career.

This course is approved by CompTIA for continuing education units (CEUs). For additional information and to confirm which courses are eligible towards your CompTIA certification, click here.

“I had worked with some of the technologies before on my own just to get an understanding of them, but the Learning Tree Courses really helped tie up a lot of loose ends and expose certain aspects that I wasn’t aware of.”

- G. Watts, Systems & Support Manager
Coface UK

Prev
Next
Chat Now

Please Choose a Language

Canada - English

Canada - Français