4 credit/unit hours – Four hours of lecture weekly; one term

This course presents the learner with an introduction to information security vulnerability assessment fundamentals, followed by in-depth coverage of the Vulnerability Assessment Framework. Through a detailed, practical analysis of threat intelligence, modeling, and automation, students will learn the skills necessary to not only use the tools of the trade, but also to implement a transformational security vulnerability assessment program.

Learning Objectives

Upon completion of this course the learner will be able to:

  • Differentiate between vulnerability assessment, management, and mitigation;
  • Employ the Vulnerability Assessment Framework in hands-on examples;
  • Discuss shortfalls of many vulnerability assessment programs;
  • Use industry-standard security tools to carry out a vulnerability assessment; and
  • Use the output of various tools to make recommendations and remediate vulnerabilities

Main Topics

1.0 Methodology, Planning, and Threat Modeling

  • Maximizing Value from Vulnerability Assessments and Programs
  • Setting Up for Success at Scale: Enterprise Architecture and Strategy
  • Developing Transformational Vulnerability Assessment Strategies
  • Performing Enterprise Threat Modelling
  • Generating Compounding Interest from Threat Intelligence and Avoiding Information Overload
  • The Vulnerability Assessment Framework
  • Overview of Comprehensive Network Scanning
  • Compliance Standards and Information Security
  • Team Operations and Collaboration

2.0 Discovery

  • Active and Passive Reconnaissance
  • Identification and Enumeration with DNS
  • DNS Zone Speculation and Dictionary-Enabled Discovery
  • Port Scanning
  • Scanning Large-Scale Environments
  • Commonplace Services
  • Scanning the Network Perimeter and Engaging the DMZ
  • Trade-offs: Speed, Efficiency, Accuracy, and Thoroughness
  • Introduction to PowerShell

3.0 Enhanced Vulnerability Scanning and Automation

  • Assigning a Confidence Value and Validating Exploitative Potential of Vulnerabilities
  • Enhanced Vulnerability Scanning
  • Risk Assessment Matrices and Rating Systems
  • Quantitative Analysis Techniques Applied to Vulnerability Scoring
  • Performing Tailored Risk Calculation to Drive Triage
  • General Purpose vs. Application-Specific Vulnerability Scanning
  • Tuning the Scanner to the Task, the Enterprise, and Tremendous Scale
  • Scan Policies and Compliance Auditing
  • Performing Vulnerability Discovery with Open-Source and Commercial Appliances
  • Scanning with the Nmap Scripting Engine, Nexpose/InsightVM, and Acunetix
  • The Windows Domain: Exchange, SharePoint, and Active Directory
  • Testing for Insecure Cryptographic Implementations Including SSL
  • Assessing VoIP Environments
  • Discovering Vulnerabilities in the Enterprise Backbone: Active Directory, Exchange, and SharePoint
  • Minimizing Supplemental Risk while Conducting Authenticated Scanning through Purposeful Application of Least Privilege
  • Probing for Data Link Liability to Identify Hazards in Wireless Infrastructure, Switches, and VLANs
  • Manual Vulnerability Discovery Automated to Attain Maximal Efficacy

4.0 Vulnerability Validation, Triage, and Data Management

  • Recruiting Disparate Data Sources: Patches, Hotfixes, and Configurations
  • Manual Vulnerability Validation Targeting Enterprise Infrastructure
  • Converting Disparate Datasets into a Central, Normalized, and Relational Knowledge Base
  • Managing Large Repositories of Vulnerability Data
  • Querying the Vulnerability Knowledge Base
  • Evaluating Vulnerability Risk in Custom and Unique Systems, including Web Applications
  • Triage: Assessing the Relative Importance of Vulnerabilities Against Strategic Risk

5.0 Remediation and Reporting

  • Domain Password Auditing
  • Creating and Navigating Vulnerability Prioritization Schemes in Acheron
  • Developing a Web of Network and Host Affiliations
  • Modeling Account Relationships on Active Directory Forests
  • Creating Effective Vulnerability Assessment Reports
  • Transforming Triage Listing into the Vulnerability Remediation Plan