4013 Threat Management Secure Anchor Consulting by Secure Anchor Consulting instant download after payment.

SEC401.3: Vulnerability Management and Response
Overview
On Day 3, our focus shifts to the various areas of our environment where vulnerabilities manifest. We will begin with an overall discussion of exactly what constitutes a vulnerability, and how to best implement a proper vulnerability assessment program. Penetration testing is often discussed in concert with vulnerability assessment, even though vulnerability assessment and penetration testing are quite distinct from each other.
In concluding our discussion of vulnerability assessments, we next move on to a proper and distinct discussion on what penetration testing is, and how best to leverage its benefits. Because vulnerabilities represent weaknesses that allow adversaries to manifest, a discussion of vulnerabilities would be incomplete without a serious discussion of modern attack methodologies based on real-world examples of real-world compromise. Of all the potential areas for vulnerabilities to manifest in our environment, web applications represent, perhaps, one of the most substantial areas of potential vulnerability and consequential risk. The extensive nature of the vulnerabilities that can manifest with ease from web applications dictate that we focus the attention of an entire module on web application security concepts. While it is true that vulnerabilities allow adversaries to manifest (perhaps with great ease), it is impossible for adversaries to remain entirely hidden - post-compromise. By leveraging the logging capacity of our hardware and software, we can more easily detect the adversary in a reduced period of time. How we achieve such a capacity is the subject of our penultimate module: Security Operations and Log Management. Last, and not least, we will need to have a plan of action for a proper response to the compromise of our environment. The methodology of an appropriate incident response is the subject of our final module of Day 3.