C)VA: Certified Vulnerability Assessor

The vendor-neutral Certified Vulnerability Assessor certification course helps students understand the importance of vulnerability assessments by providing intricate knowledge and skills in the Vulnerability Assessment arena. The CVA course provides foundational knowledge of general VA tools as well as popular exploits an IT engineer should be familiar with. The C)VA is a fundamental cybersecurity certification course that focuses on vulnerability assessments. The CVA course focuses on foundational information such as the importance of a Vulnerability Assessment and how it can help an engineer prevent serious break-ins to your organization.

Retail Price: $2,500.00

Next Date: 05/06/2024

Course Days: 3


Enroll in Next Date

Request Custom Course


Who Should Attend

  • Information System Owners
  • Analysts
  • Ethical Hackers
  • ISSO’s
  • Cyber Security Managers
  • IT Engineer

 

Prerequisites:

Basic networking understanding

 


Module 1 -Why Vulnerability Assessment?
  • Overview
  • What is a Vulnerability Assessment?
  • Vulnerability Assessment
  • Benefits of a Vulnerability Assessment
  • What are Vulnerabilities?
  • Security Vulnerability Life Cycle
  • Compliance and Project Scoping
  • The Project Overview Statement Project Overview Statement
  • Assessing Current Network Concerns
  • Vulnerabilities in Networks
  • More Concerns
  • Network Vulnerability
  • Assessment Methodology
  • Network Vulnerability
  • Assessment Methodology
  • Phase I: Data Collection
  • Phase II: Interviews, Information Reviews, and Hands-On Investigation
  • Phase III: Analysis
  • Analysis cont.
  • Risk Management
  • Why Is Risk Management Difficult?
  • Risk Analysis Objectives
  • Putting Together the Team and Components
  • What Is the Value of an Asset?
  • Examples of Some Vulnerabilities that Are Not Always Obvious
  • Categorizing Risks
  • Some Examples of Types of Losses
  • Different Approaches to Analysis Who Uses What?
  • Qualitative Analysis Steps
  • Quantitative Analysis
  • ALE Values Uses
  • ALE Example
  • ARO Values and Their Meaning
  • ALE Calculation
  • Can a Purely Quantitative Analysis Be Accomplished?
  • Comparing Cost and Benefit
  • Countermeasure Criteria Calculating Cost/Benefit
  • Cost of a Countermeasure
  • Can You Get Rid of All Risk?
  • Management’s Response to Identified Risks
  • Liability of ActionsPolicy Review (Top-Down) Methodology
  • Definitions
  • Policy Types
  • Policies with Different Goals
  • Industry Best Practice Standards
  • Components that Support the Security Policy
  • Policy ContentsWhen critiquing a policyTechnical (Bottom-Up) Methodology
  • Review
Module 2 -Vulnerability Types
  • Overview
  • Critical Vulnerabilities
  • Critical Vulnerability Types
  • Buffer OverFlows
  • URL Mappings to Web Applications IIS Directory Traversal
  • Format String Attacks
  • Default Passwords
  • Misconfigurations
  • Known Backdoors
  • Information Leaks
  • Memory Disclosure
  • Network Information
  • Version Information
  • Path Disclosure
  • User Enumeration
  • Denial of Service
  • Best Practices
  • Review
Module3 -Assessing the Network
  • Overview
  • Network Security Assessment Platform
  • Virtualization Software
  • Operating Systems
  • Exploitation Frameworks
  • Internet Host and Network Enumeration
  • Querying Web & Newsgroup Search Engines
  • Footprinting tools
  • Blogs & Forums
  • Google Groups/USENET
  • Google Hacking
  • Google and Query Operators
  • Google (cont.)
  • Domain Name Registration
  • WHOIS
  • WHOIS Output
  • BGP Querying
  • DNS Databases
  • Using Nslookup
  • Dig for Unix / Linux
  • Web Server Crawling
  • Automating Enumeration
  • SMTP Probing
  • SMTP Probing cont.
  • NMAP: Is the Host on-line
  • ICMP Disabled?
  • NMAP TCP Connect Scan
  • TCP Connect Port Scan
  • Nmap (cont.)
  • Tool Practice: TCP
  • half-open & Ping Scan
  • Half-open Scan
  • Firewalled Ports
  • NMAP Service Version Detection
  • Additional NMAP Scans
  • NMAP UDP Scans
  • UDP Port ScanNull Sessions
  • Syntax for a Null Session
  • SMB Null Sessions & Hardcoded Named Pipes
  • Windows Networking Services Countermeasures
  • Review
Module 4 -Assessing Web Servers
  • Web Servers
  • Fingerprinting Accessible
  • Web Servers
  • Identifying and Assessing Reverse Proxy Mechanisms
  • Proxy Mechanisms
  • Identifying Subsystems and Enabled Components
  • Basic Web Server Crawling
  • Web Application Technologies Overview
  • Web Application Profiling
  • HTML Sifting and Analysis
  • Active Backend Database Technology Assessment
  • Why SQL “Injection”?
  • Web Application Attack Strategies
  • Web Application Vulnerabilities
  • Authentication Issues
  • Parameter Modification
  • SQL Injection: Enumeration
  • SQL Extended Stored Procedures
  • Shutting Down SQL Server
  • Direct Attacks
  • SQL Connection Properties
  • Attacking Database Servers
  • Obtaining Sensitive Information
  • URL Mappings to Web Applications
  • Query String
  • Changing URL Login Parameters
  • URL Login Parameters Cont.
  • IIS Directory Traversal
  • Cross-Site Scripting (XSS)
  • Web Security Checklist
  • Review
Module 5 -Assessing Remote VPN Services
  • Assessing Remote & VPN Services
  • Remote Information Services
  • Retrieving DNS Service Version Information
  • DNS Zone Transfers
  • Forward DNS Grinding
  • Finger
  • Auth
  • NTP
  • SNMP
  • Default Community Strings
  • LDAP
  • rwho
  • RPC rusers
  • Remote Maintenance Services
  • FTP
  • SSH
  • Telnet
  • X Windows
  • Citrix
  • Microsoft Remote
  • Desktop Protocol
  • VNC
  • Assessing IP VPN Services
  • Microsoft PPTP
  • SSL VPNs
  • REVIEW
Module 6 -Vulnerability Tools of the Trade
  • Vulnerability Scanners
  • Nessus
  • SAINT –Sample Report
  • Tool: Retina
  • Qualys Guard
  • Tool: LANguard
  • Microsoft Baseline Analyzer
  • MBSA Scan Report
  • Dealing with Assessment Results
  • Patch Management Options
  • Review
Module 7 –Output Analysis
  • Overview
  • Staying Abreast: Security Alerts
  • Vulnerability Research Sites
  • Nessus
  • SAINT
  • SAINT Reports
  • GFI Languard
  • GFI Reports
  • MBSA
  • MBSA Reports
  • Review
Course Dates Course Times (EST) Delivery Mode GTR
5/6/2024 - 5/8/2024 9:00 AM - 5:00 PM Virtual Enroll
12/9/2024 - 12/11/2024 9:00 AM - 5:00 PM Virtual Enroll