The activity of a Network Vulnerability Scan can be divided into three phases:
- Discovery
- Port scanning
- Vulnerability scanning
- Title Page
- Copyright and Credits
- About Packt
- Contributors
- Preface
- Introduction to Network Vulnerability Scanning
- Understanding Network Scanning Tools
- Port Scanning
- Vulnerability Scanning
- Configuration Audits
- Report Analysis and Confirmation
- Understanding the Customization and Optimization of Nessus and Nmap
- Network Scanning for IoT, SCADA/ICS
- Vulnerability Management Governance
- Setting Up the Assessment Environment
- Security Assessment Prerequisites
- Target scoping and planning
- Gathering requirements
- Deciding upon the type of vulnerability assessment
- Estimating the resources and deliverables
- Preparing a test plan
- Getting approval and signing NDAs
- Summary
- Information Gathering
- Enumeration and Vulnerability Assessment
- Gaining Network Access
- Assessing Web Application Security
- Privilege Escalation
- Maintaining Access and Clearing Tracks
- Vulnerability Scoring
- Threat Modeling
- Patching and Security Hardening
- Vulnerability Reporting and Metrics
- Importance of reporting
- Type of reports
- Reporting tools
- Collaborative vulnerability management with Faraday v2.6
- Metrics
- Mean time to detect
- Mean time to resolve
- Scanner coverage
- Scan frequency by asset group
- Number of open critical/high vulnerabilities
- Average risk by BU, asset group, and so on
- Number of exceptions granted
- Vulnerability reopen rate
- Percentage of systems with no open high/critical vulnerability
- Vulnerability ageing
- Summary
- Other Books You May Enjoy
Flow of procedures
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.