A white-box vulnerability assessment is a test conducted with complete knowledge and understanding of the infrastructure, defense mechanisms, and communication channels of the target on which the test is being conducted. This test is specifically intended to simulate insider attacks which are usually performed with full privileges and complete access to the target system. In order to initiate a white-box vulnerability assessment, the target organization shares all details, such as asset inventory, network topology diagrams, and so on, with the VA tester.
- Title Page
- Copyright and Credits
- Packt Upsell
- Contributors
- Preface
- Vulnerability Management Governance
- Setting Up the Assessment Environment
- Security Assessment Prerequisites
- Target scoping and planning
- Gathering requirements
- Deciding upon the type of vulnerability assessment
- Estimating the resources and deliverables
- Preparing a test plan
- Getting approval and signing NDAs
- Summary
- Information Gathering
- Enumeration and Vulnerability Assessment
- Gaining Network Access
- Assessing Web Application Security
- Privilege Escalation
- Maintaining Access and Clearing Tracks
- Vulnerability Scoring
- Threat Modeling
- Patching and Security Hardening
- Vulnerability Reporting and Metrics
- Importance of reporting
- Type of reports
- Reporting tools
- Collaborative vulnerability management with Faraday v2.6
- Metrics
- Mean time to detect
- Mean time to resolve
- Scanner coverage
- Scan frequency by asset group
- Number of open critical/high vulnerabilities
- Average risk by BU, asset group, and so on
- Number of exceptions granted
- Vulnerability reopen rate
- Percentage of systems with no open high/critical vulnerability
- Vulnerability ageing
- Summary
- Other Books You May Enjoy
White-box testing
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.