Introduction To

Vulnerability Assessment

Welcome    Why?    Training    Games    ChangeBlog    External Resources    Submit Content


Creators:    Dr. Steve Gosnell, Nate Adams, Jose Cintron, Chriss Koch

License:    Creative Commons: Attribution, Share-Alike


Class Prerequisites: None

Lab Requirements:

- BackTrack Linux VM for familiarization

- Windows VM machine with WebGoat, Nessus, Nmap, Wireshark, and TamperData plugin for Firefox

- Various VM as targets (will be specified in more detail in the future)

Class Textbook: None

Recommended Class Duration: 3 days

Creators Available to Teach In-Person Classes: Yes

Author Comments:

This is a lecture and lab based class giving an introduction to vulnerability assessment of some common common computing technologies.  Instructor-led lab exercises are used to demonstrate specific tools and technologies.

Course Objectives are

- Learning a general methodology for conducting assessments

- Scanning and mapping network topology

- Identifying listening ports/services on hosts

- Fingerprinting operating systems remotely

- Conducting automated vulnerability scans

- Auditing router, switch, and firewall security

- Auditing UNIX and Windows configuration and security

- Performing Web application and associated database security assessments

This class will serve as a prerequisite for later class on vulnerability assessment which dive deeper into specific areas such as Windows VA or web application VA.

Class Materials

(OpenOffice-formatted slides coming soon)

All slides (.zip of .pptx, 474 slides)
All slides (.zip of .pdf, 474 slides)

D1S1_VA_Course_Intro_2012 (40 slides)
D1S2_VA_Terms_Methods_Prep_Obstacles_Pitfalls_2012 (27 slides)
D1S3_VA_Findings_Reports_2012 (16 slides)
D1S4_VA-Tools_2012 (76 slides)
D1S5_VA_Unix_Security_2012 (59 slides)
D2S1_VA_Windows_Security_2012 (23 slides)
D2S2_VA_Network_Security_2012 (126 slides)
D3S1_VA_Applications_Vulnerability_Assessment_2012 (38 slides)
D3S2_VA_Database_Vulnerability_Assessment_2012 (29 slides)
D3S3_VA_Security_Best_Practices_2012 (40 slides)

Revision History:

07-07-2012 - Initial class content upload

If you have used and modified this material, we would appreciate it if you submit your modified version for publishing here, so that all versions can benefit from your changes.