Maxtrain.com - info@maxtrain.com - 513-322-8888 - 866-595-6863
Certified Vulnerability Assessor
Description
Certified Vulnerability Assessor Introduction:
The Certified Vulnerability Assessor (CVA) program is an intensive 3-day instructor-led training course tailored for individuals with a foundational understanding of networking principles. It is specifically designed to benefit a wide range of professionals, including information system owners, analysts, ethical hackers, ISSOs (Information Systems Security Officers), cyber security managers, and IT engineers.
This course places a strong emphasis on the pivotal role of vulnerability assessments in modern cybersecurity practices. Participants will gain specialized knowledge and skills in vulnerability assessment, equipping them with the capabilities to proficiently identify and mitigate security vulnerabilities.
Moreover, the CVA program goes beyond theoretical concepts, providing practical insights on how to apply vulnerability assessment principles in real-world scenarios.
By mastering vulnerability assessment techniques, participants contribute to enhancing overall security measures and play a crucial role in preventing potential security breaches. Join us on this transformative journey to bolster your cybersecurity expertise and contribute to a safer digital landscape.
Prerequsites
- Basic networking understanding
Audience
- Information System Owners
- Analysts
- Ethical Hackers
- ISSO’s
- Cyber Security Managers
- IT Engineer
Certified Vulnerability Assessor Course Outline
Why Vulnerability Assessment?
- Overview of Vulnerability Assessment
- Benefits and Importance of Vulnerability Assessment
- Understanding Vulnerabilities
- Security Vulnerability Life Cycle
- Compliance and Project Scoping
- Vulnerability Assessment Methodology
- Risk Management
- Risk Analysis Objectives
Vulnerability Types
- Overview of Vulnerability Types
- Critical Vulnerabilities and Types
- Buffer Overflows
- URL Mappings to Web Applications
- IIS Directory Traversal
- Format String Attacks
- Default Passwords
- Misconfigurations
- Known Backdoors
- Information Leaks
- Memory Disclosure
- Denial of Service
- Best Practices
Assessing the Network
- Network Security Assessment Platform
- Virtualization Software
- Operating Systems
- Internet Host and Network Enumeration
- Footprinting Tools
- Google Hacking
- Domain Name Registration
- WHOIS and BGP Querying
- DNS Databases
- Web Server Crawling
- Automating Enumeration
- SMTP Probing
- NMAP Scanning Techniques
- Null Sessions
- Windows Networking Services
- Policy Review Methodology
- Technical (Bottom-Up) Methodology
Assessing Web Servers
- Fingerprinting Accessible Web Servers
- Identifying and Assessing Reverse Proxy Mechanisms
- Web Application Profiling
- Active Backend Database Technology Assessment
- SQL Injection
- Cross-Site Scripting (XSS)
- Web Security Checklist
Assessing Remote VPN Services
- Remote Information Services
- Assessing IP VPN Services
- Microsoft PPTP and SSL VPNs
Vulnerability Tools of the Trade
- Vulnerability Scanners (Nessus, SAINT, Retina, Qualys Guard, LANguard, MBSA)
- Dealing with Assessment Results
- Patch Management Options
Output Analysis
- Staying Abreast: Security Alerts
- Vulnerability Research Sites
- Nessus, SAINT, GFI Languard, MBSA
- Review and Recap
$3000.00
|
3 Days Course |