Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Title Page
Copyright and Credits
Network Vulnerability Assessment
Packt Upsell
Why subscribe?
PacktPub.com
Contributors
About the author
About the reviewer
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Reviews
Disclaimer
Vulnerability Management Governance
Security basics
The CIA triad
Confidentiality
Integrity
Availability
Identification
Authentication
Authorization
Auditing
Accounting
Non–repudiation
Vulnerability
Threats
Exposure
Risk
Safeguards
Attack vectors
Understanding the need for security assessments
Types of security tests
Security testing
Vulnerability assessment versus penetration testing
Security assessment
Security audit
Business drivers for vulnerability management
Regulatory compliance
Satisfying customer demands
Response to some fraud/incident
Gaining a competitive edge
Safeguarding/protecting critical infrastructures
Calculating ROIs
Setting up the context
Bottom-up
Top-down
Policy versus procedure versus standard versus guideline
Vulnerability assessment policy template
Penetration testing standards
Penetration testing lifecycle
Industry standards
Open Web Application Security Project testing guide
Benefits of the framework
Penetration testing execution standard
Benefits of the framework
Summary
Exercises
Setting Up the Assessment Environment
Setting up a Kali virtual machine
Basics of Kali Linux
Environment configuration and setup
Web server
Secure Shell (SSH)
File Transfer Protocol (FTP)
Software management
List of tools to be used during assessment
Summary
Security Assessment Prerequisites
Target scoping and planning
Gathering requirements
Preparing a detailed checklist of test requirements
Suitable time frame and testing hours
Identifying stakeholders
Deciding upon the type of vulnerability assessment
Types of vulnerability assessment
Types of vulnerability assessment based on the location
External vulnerability assessment
Internal vulnerability assessment
Based on knowledge about environment/infrastructure
Black-box testing
White-box testing
Gray-box testing
Announced and unannounced testing
Automated testing
Authenticated and unauthenticated scans
Agentless and agent-based scans
Manual testing
Estimating the resources and deliverables
Preparing a test plan
Getting approval and signing NDAs
Confidentiality and nondisclosure agreements
Summary
Information Gathering
What is information gathering?
Importance of information gathering
Passive information gathering
Reverse IP lookup
Site report
Site archive and way-back
Site metadata
Looking for vulnerable systems using Shodan
Advanced information gathering using Maltego
theHarvester
Active information gathering
Active information gathering with SPARTA
Recon-ng
Dmitry
Summary
Enumeration and Vulnerability Assessment
What is enumeration?
Enumerating services
HTTP
FTP
SMTP
SMB
DNS
SSH
VNC
Using Nmap scripts
http-methods
smb-os-discovery
http-sitemap-generator
mysql-info
Vulnerability assessments using OpenVAS
Summary
Gaining Network Access
Gaining remote access
Direct access
Target behind router
Cracking passwords
Identifying hashes
Cracking Windows passwords
Password profiling
Password cracking with Hydra
Creating backdoors using Backdoor Factory
Exploiting remote services using Metasploit
Exploiting vsftpd
Exploiting Tomcat
Hacking embedded devices using RouterSploit
Social engineering using SET
Summary
Assessing Web Application Security
Importance of web application security testing
Application profiling
Common web application security testing tools
Authentication
Credentials over a secure channel
Authentication error messages
Password policy
Method for submitting credentials
OWASP mapping
Authorization
OWASP mapping
Session management
Cookie checks
Cross-Site Request Forgery
OWASP mapping
Input validation
OWASP mapping
Security misconfiguration
OWASP mapping
Business logic flaws
Testing for business logic flaws
Auditing and logging
OWASP mapping
Cryptography
OWASP mapping
Testing tools
OWASP ZAP
Burp Suite
Summary
Privilege Escalation
What is privilege escalation?
Horizontal versus vertical privilege escalation
Horizontal privilege escalation
Vertical privilege escalation
Privilege escalation on Windows
Privilege escalation on Linux
Summary
Maintaining Access and Clearing Tracks
Maintaining access
Clearing tracks and trails
Anti-forensics
Summary
Vulnerability Scoring
Requirements for vulnerability scoring
Vulnerability scoring using CVSS
Base metric group
Exploitability metrics
Attack vector
Attack complexity
Privileges required
User interaction
Scope
Impact metrics
Confidentiality impact
Integrity impact
Availability impact
Temporal metric group
Exploit code maturity
Remediation level
Report confidence
CVSS calculator
Summary
Threat Modeling
What is threat modeling?
Benefits of threat modeling
Threat modeling terminology
How to model threats?
Threat modeling techniques
STRIDE
DREAD
Threat modeling tools
Microsoft Threat Modeling Tool
SeaSponge
Summary
Patching and Security Hardening
Defining patching?
Patch enumeration
Windows patch enumeration
Linux patch enumeration
Security hardening and secure configuration reviews
Using CIS benchmarks
Summary
Vulnerability Reporting and Metrics
Importance of reporting
Type of reports
Executive reports
Detailed technical reports
Reporting tools
Dradis
KeepNote
Collaborative vulnerability management with Faraday v2.6
Metrics
Mean time to detect
Mean time to resolve
Scanner coverage
Scan frequency by asset group
Number of open critical/high vulnerabilities
Average risk by BU, asset group, and so on
Number of exceptions granted
Vulnerability reopen rate
Percentage of systems with no open high/critical vulnerability
Vulnerability ageing
Summary
Other Books You May Enjoy
Leave a review - let other readers know what you think
← Prev
Back
Next →
← Prev
Back
Next →