Introduction To

Vulnerability Assessment

Welcome    Why?    Training    Games    ChangeBlog    External Resources    Submit Content

 

Creators:    Dr. Steve Gosnell, Nate Adams, Jose Cintron, Chriss Koch


License:    Creative Commons: Attribution, Share-Alike

(http://creativecommons.org/licenses/by-sa/3.0/)


Class Prerequisites: None


Lab Requirements:

- BackTrack Linux VM for familiarization

- Windows VM machine with WebGoat, Nessus, Nmap, Wireshark, and TamperData plugin for Firefox

- Various VM as targets (will be specified in more detail in the future)


Class Textbook: None


Recommended Class Duration: 3 days


Creators Available to Teach In-Person Classes: Yes


Author Comments:


This is a lecture and lab based class giving an introduction to vulnerability assessment of some common common computing technologies.  Instructor-led lab exercises are used to demonstrate specific tools and technologies.


Course Objectives are

- Learning a general methodology for conducting assessments

- Scanning and mapping network topology

- Identifying listening ports/services on hosts

- Fingerprinting operating systems remotely

- Conducting automated vulnerability scans

- Auditing router, switch, and firewall security

- Auditing UNIX and Windows configuration and security

- Performing Web application and associated database security assessments


This class will serve as a prerequisite for later class on vulnerability assessment which dive deeper into specific areas such as Windows VA or web application VA.



Class Materials

(OpenOffice-formatted slides coming soon)


All slides (.zip of .pptx, 474 slides)
All slides (.zip of .pdf, 474 slides)


D1S1_VA_Course_Intro_2012 (40 slides)
D1S2_VA_Terms_Methods_Prep_Obstacles_Pitfalls_2012 (27 slides)
D1S3_VA_Findings_Reports_2012 (16 slides)
D1S4_VA-Tools_2012 (76 slides)
D1S5_VA_Unix_Security_2012 (59 slides)
D2S1_VA_Windows_Security_2012 (23 slides)
D2S2_VA_Network_Security_2012 (126 slides)
D3S1_VA_Applications_Vulnerability_Assessment_2012 (38 slides)
D3S2_VA_Database_Vulnerability_Assessment_2012 (29 slides)
D3S3_VA_Security_Best_Practices_2012 (40 slides)




Revision History:


07-07-2012 - Initial class content upload


If you have used and modified this material, we would appreciate it if you submit your modified version for publishing here, so that all versions can benefit from your changes.