Hands-On Vulnerability Assessment: Protecting Your Organization
Course 589 | 4 Days
Evaluations in the Last 12 Months
You Will Learn How To
- Detect and respond to vulnerabilities and minimize exposure to costly security breaches
- Employ real-world exploits and evaluate their effect on your systems
- Configure vulnerability scanners to identify weaknesses
- Analyze the results of vulnerability scans
- Establish a strategy for vulnerability management
- Configuring scanners
- Port scanning and enumeration
- Scanning infrastructure, servers and desktops
- Exploiting browsers, IDS, SQL and file services
- Investigating and preventing spyware
- Creating custom vulnerability tests
Course 589 Content
- Defining vulnerability, exploit, threat and risk
- Creating a vulnerability report
- Conducting an initial scan
- Common Vulnerabilities and Exposure (CVE) list
Scanning and exploits
- Vulnerability detection methods
- Types of scanners
- Port scanning and OS fingerprinting
- Enumerating targets to test information leakage
- Types of exploits: worm, spyware, backdoor, rootkits, Denial of Service (DoS)
- Deploying exploit frameworks
Analyzing Vulnerabilities and Exploits
Uncovering infrastructure vulnerabilities
- Uncovering switch weaknesses
- Vulnerabilities in Ethereal and Wireshark
- Network management tool attacks
Attacks against analyzers and IDS
- Identifying Snort IDS bypass attacks
- Corrupting memory and causing denial of service
Exposing server vulnerabilities
- Scanning servers: assessing vulnerabilities on your network
- Uploading rogue scripts and file inclusion
- Catching input validation errors
- Performing buffer overflow attacks
- SQL injection
- Cross-site scripting (XSS) and cookie theft
Revealing desktop vulnerabilities
- Scanning for desktop vulnerabilities
- Client buffer overflows
- Silent downloading: spyware and adware
- Attacking design errors
- Identifying browser plugin weaknesses
Configuring Scanners and Generating Reports
Implementing scanner operations and configuration
- Choosing credentials, ports and dangerous tests
- Preventing false negatives
- Creating custom vulnerability tests
- Customizing Nessus scans
- Handling false positives
Creating and interpreting reports
- Filtering and customizing reports
- Interpreting complex reports
- Contrasting the results of different scanners
Assessing Risks in a Changing Environment
Researching alert information
- Using the National Vulnerability Database (NVD) to find relevant vulnerability and patch information
- Evaluating and investigating security alerts and advisories
- Employing the Common Vulnerability Scoring System (CVSS)
Identifying factors that affect risk
- Evaluating the impact of a successful attack
- Determining vulnerability frequency
- Calculating vulnerability severity
- Weighing important risk factors
- Performing a risk assessment
The vulnerability management cycle
- Standardizing scanning with Open Vulnerability Assessment Language (OVAL)
- Patch and configuration management
- Analyzing the vulnerability management process
- Rewards for vulnerability discovery
- Markets for bugs and exploits
- Challenge programs
Who Should AttendSecurity auditors, firewall/IDS personnel, PCI security testers, network managers and those involved in cybersecurity measures and implementation who have experience with network security.
First Day Orientation:
8:00 a.m. - 9:00 a.m.
Standard Class Hours:
9:00 a.m. - 4:30 p.m.
Last Day Class Hours:
9:00 a.m. - 3:30 p.m.
Free Optional Course Exam Last Day:
3:45 p.m. - 4:30 p.m.
Each Class Day:
Upon Request: Informal discussion with instructor about your work-specific projects or areas of special interest:
4:30 p.m. - 5:00 p.m.
More Course Info
What is this course about?
In this course, you run vulnerability* scans and observe exploits* to better secure networks, servers and workstations. You learn to assess the risk to your enterprise from specific vulnerabilities and to continually control your exposure to current security threats. Throughout this course, extensive hands-on exercises provide you with practical experience assessing recent vulnerabilities and analyzing "in the wild"* exploits.
Who will benefit from this course?
This course is valuable for those involved in securing enterprise systems. Typical participants include network and system administrators, technical managers, auditors, developers, computer security personnel, officers with direct involvement in security and those involved in cybersecurity measures and implementation.
What background do I need?
It is assumed that you have a basic understanding of network security and security issues. For example, you should understand:
- TCP/IP networking
- Network security goals and concerns
- The roles of firewalls and intrusion detection systems
Course 468, System and Network Security: A Comprehensive Introduction, provides the necessary background.
What types of vulnerability are covered in this course?
This course focuses on vulnerabilities that affect network infrastructures, servers, and workstations. You explore vulnerabilities introduced by software errors, problems inherent in core network protocols, and risks resulting from insecure system configurations.
Will I learn what methods attackers use to break into systems?
Yes. You learn how attackers conduct reconnaissance, assess system vulnerabilities and deploy exploits.
Will I learn hacking techniques?
Yes. You learn the basics about exploits that lead to denial-of-service (DoS), unauthorized system access, data eavesdropping and other cybersecurity compromises. You learn how servers are "rooted" by privilege escalation and SQL injection. You also conduct directory transversal, buffer overflows and cross-site scripting attacks.
Will I learn how to use vulnerability scanners?
Yes! You learn in detail the use and configuration of ISS Internet Scanner, eEye Retina Scanner, and the popular scanner, Nessus.
Will I learn how to hack?
No. In this course, you observe an array of exploits to demonstrate how attacks work, so that scanners can be used more effectively. The overall goal of the course is to discover vulnerabilities and prevent hacking.
Will this course help me prepare for the CISSP Certification examination?
Yes, this course helps you prepare for multiple domains on the CISSP Certification exam. For more information, please refer to the CISSP Q&A.
Does this course provide me with (ISC)2 continuing professional education (CPE) credits?
Yes! Learning Tree, in agreement with (ISC)2, is a recognized "Trusted CPE Provider." This course provides you with 23 "A-level" CPE credits toward maintaining your CISSP Certification. Please see the CISSP Q&A for more information on the continuing education requirements of (ISC)2.
Exploit: - a program or technique that takes advantage of a vulnerability in software that can be used for breaking security or otherwise attacking a host.
Vulnerability: - a flaw or weakness in a system's design, implementation or operation and management that can be exploited to violate the system's security.
In the Wild: - a live exploit in active use. In the Wild does not refer to in-lab testing or discovery.
How much time is devoted to each topic?
Content Hours Fundamentals 3.0 Analyzing vulnerabilities and exploits 8.0 Configuring scanners and generating reports 6.0 Assessing risks in a changing environment 3.0 Managing vulnerabilities 3.0
Times, including the workshops, are estimates; exact times may vary according to the needs of each class.
What kinds of hands-on exercises are in the course?
Approximately 40 percent of class time is spent on hands-on exercises. The exercises are designed to give you hands-on experience assessing vulnerabilities and analyzing attack methods and exploit scenarios. You configure and run several powerful vulnerability scanners and compare the reports generated by various types of scans. In addition, you execute many exploits and observe their operation, assess impact and learn how the vulnerability may be detected.
I'm attending this course from work using AnyWare - Learning Tree's web-based remote attendance platform. How will that impact what I learn?
You will participate fully in the course and acquire the same knowledge and skills as your classmates who participate in the classroom. You will have the same course materials, be able to easily communicate back and forth and ask questions of your instructors and peers, and you will control an in-classroom workstation dedicated entirely to you. Your instructor will be able to see exactly what you're doing and can interactively offer concrete help.
Are the tools based on UNIX/Linux or Windows platforms?
Both UNIX/Linux and Windows-based tools are used throughout the course. Exercises are performed using Red Hat Linux and Windows XP/2003.
Will I learn defensive measures in this course?
You learn general defenses for a wide range of vulnerabilities and exploits. This course helps you determine how to prioritize your defensive efforts so that the most severe risks may be addressed early. You see how proactive measures can prevent many attacks. This course does not provide detailed steps for configuring Web servers, firewalls, or Intrusion Detection Systems (IDS). These topics are covered in other courses within the security curriculum, such as Course 940, Securing Web Applications, Services and Servers: Hands-On.
How is this course different from Course 537?
Course 537, Penetration Testing: Tools and Techniques, focuses on learning and practicing a hacking methodology useful for testing network security. It involves intelligence gathering, scanning and exploitation of systems and networks. While Course 589 focuses on detection and remediation of vulnerabilities for your organization, Course 537 concentrates on exploitation and hacking techniques in a case study form.
How does this course relate to other Learning Tree courses?
- 537, Penetration Testing: Tools and Techniques enables you to deploy ethical hacking to expose weaknesses in your organization and select countermeasures
- 940, Securing Web Applications, Services and Servers: Hands-On provides in-depth, hands-on experience securing Web-based applications and host servers within your organization
Many Learning Tree courses provide college credit and industry continuing education credits. You can also earn a Learning Tree Professional Certification in your area of expertise and prepare for popular industry certifications. See below for continuing professional development credits associated with this course.
This course qualifies for 2 semester hours of college credit as certified by the American Council on Education's College Credit Recommendation Service (ACE CREDIT). Read More... This course qualifies for 23 CPE credits from the National Association of State Boards of Accountancy CPE program. Read More...
4-Day Tuition New Attendee Returning Attendee Notes Commercial $2,810 $2,530
Click here for multi-course savings plans.
Tuition payment is not required at time of enrollment.
Government $2,499 $2,249
Guaranteed to Run Course Events
Course events marked with this green check icon are absolutely Guaranteed to Run.
NOTE: Guaranteed to Run course events are added twice weekly, please check back here for updates.
Tuition & Savings Plans
Take advantage of our Multi-Course Tuition Savings Plans. Learn more »
Enroll Today – Risk Free!
Call 1-800-843-8733 or enroll online by selecting your date above.
- No advanced payment required.
- No fees for cancellation or rescheduling, ever.
- Take up to 30 days after your course date to pay.
- Satisfaction guaranteed – or you pay no tuition.
You can bring this course on-site to your organization
Bring Learning Tree Training to your workplace with our On-Site Training Solution. Learn more ».
"I've taken many courses with Learning Tree so I know what I'm talking about when I say the courses are really, really good. You get effective, practical knowledge that you can start using immediately."
– G. Grosfeld
Federal Aviation Administration