CVA: Certified Vulnerability Assessor Training in Surprise

Enroll in or hire us to teach our CVA: Certified Vulnerability Assessor class in Surprise, Arizona by calling us @303.377.6176. Like all HSG classes, CVA: Certified Vulnerability Assessor may be offered either onsite or via instructor led virtual training. Consider looking at our public training schedule to see if it is scheduled: Public Training Classes
Provided there are enough attendees, CVA: Certified Vulnerability Assessor may be taught at one of our local training facilities.
We offer private customized training for groups of 3 or more attendees.

Course Description

 
The Certified Vulnerability Assessor training help students understand the importance of vulnerability assessments by providing intricate knowledge and skills in the Vulnerability Assessment arena. The CVA course provides foundational knowledge of general VA tools as well as popular exploits an IT engineer should be familiar with.
Course Length: 3 Days
Course Tuition: $2290 (US)

Prerequisites

Basic networking understanding

Course Outline

 

Module 1 – Why Vulnerability Assessment

  • Overview
  • What is a Vulnerability Assessment?
  • Vulnerability Assessment
  • Benefits of a
  • Vulnerability Assessment
  • What are Vulnerabilities?
  • Security Vulnerability Life Cycle
  • Compliance and Project Scoping
  • The Project Overview Statement
  • Project Overview Statement
  • Assessing Current Network Concerns
  • Vulnerabilities in Networks
  • More Concerns
  • Network Vulnerability
  • Assessment Methodology
  • Network Vulnerability
  • Assessment Methodology
  • Phase I: Data Collection
  • Phase II: Interviews, Information Reviews, and Hands-On Investigation
  • Phase III: Analysis
  • Analysis cont.
  • Risk Management
  • Why Is Risk Management Difficult?
  • Risk Analysis Objectives
  • Putting Together the Team and Components
  • What Is the Value of an Asset?
  • Examples of Some Vulnerabilities that Are
  • Not Always Obvious
  • Categorizing Risks
  • Some Examples of Types of Losses
  • Different Approaches to Analysis
  • Who Uses What?
  • Qualitative Analysis Steps
  • Quantitative Analysis
  • ALE Values Uses
  • ALE Example
  • ARO Values and Their Meaning
  • ALE Calculation
  • Can a Purely Quantitative Analysis Be Accomplished?
  • Comparing Cost and Benefit
  • Countermeasure Criteria
  • Calculating Cost/Benefit
  • Cost of a Countermeasure
  • Can You Get Rid of All Risk?
  • Management’s Response to Identified Risks
  • Liability of Actions
  • Policy Review (Top-Down) Methodology
  • Definitions
  • Policy Types
  • Policies with Different Goals
  • Industry Best Practice Standards
  • Components that Support the Security Policy
  • Policy Contents
  • When critiquing a policy
  • Technical (Bottom-Up) Methodology
  • Review

Module 2 – Vulnerability Types

  • Overview
  • Critical Vulnerabilities
  • Critical Vulnerability Types
  • Buffer OverFlows
  • URL Mappings
  • to Web Applications
  • IIS Directory Traversal
  • Format String Attacks
  • Default Passwords
  • Misconfigurations
  • Known Backdoors
  • Information Leaks
  • Memory Disclosure
  • Network Information
  • Version Information
  • Path Disclosure
  • User Enumeration
  • Denial of Service
  • Best Practices
  • Review
  • Lab

Module 3 – Assessing the Network

  • Overview
  • Network Security Assessment Platform
  • Virtualization Software
  • Operating Systems
  • Exploitation Frameworks
  • Internet Host and Network Enumeration
  • Querying Web & Newsgroup Search Engines
  • Footprinting tools
  • Blogs & Forums
  • Google Groups/USENET
  • Google Hacking
  • Google and Query Operators
  • Google (cont.)
  • Domain Name Registration
  • WHOIS
  • WHOIS Output
  • BGP Querying
  • DNS Databases
  • Using Nslookup
  • Dig for Unix / Linux
  • Web Server Crawling
  • Automating Enumeration
  • SMTP Probing
  • SMTP Probing cont.
  • NMAP: Is the Host on-line
  • ICMP Disabled?
  • NMAP TCP Connect Scan
  • TCP Connect Port Scan
  • Nmap (cont.)
  • Tool Practice : TCP
  • half-open & Ping Scan
  • Half-open Scan
  • Firewalled Ports
  • NMAP Service Version Detection
  • Additional NMAP Scans
  • NMAP UDP Scans
  • UDP Port Scan
  • Null Sessions
  • Syntax for a Null Session
  • SMB Null Sessions &
  • Hardcoded Named Pipes
  • Windows Networking Services Countermeasures
  • Review

Module 4 – Assessing Web Servers

  • Web Servers
  • Fingerprinting Accessible Web Servers
  • Identifying and Assessing
  • Reverse Proxy Mechanisms
  • Proxy Mechanisms
  • Identifying Subsystems
  • and Enabled Components
  • Basic Web Server Crawling
  • Web Application Technologies Overview
  • Web Application Profiling
  • HTML Sifting and Analysis
  • Active Backend Database Technology Assessment
  • Why SQL “Injection”?
  • Web Application Attack Strategies
  • Web Application Vulnerabilities
  • Authentication Issues
  • Parameter Modification
  • SQL Injection: Enumeration
  • SQL Extended Stored Procedures
  • Shutting Down SQL Server
  • Direct Attacks
  • SQL Connection Properties
  • Attacking Database Servers
  • Obtaining Sensitive Information
  • URL Mappings to Web Applications
  • Query String
  • Changing URL Login Parameters
  • URL Login Parameters Cont.
  • IIS Directory Traversal
  • Cross-Site Scripting (XSS)
  • Web Security Checklist
  • Review

Module 5 – Assessing Remote VPN Services

  • Assessing Remote & VPN Services
  • Remote Information Services
  • Retrieving DNS Service Version Information
  • DNS Zone Transfers
  • Forward DNS Grinding
  • Finger
  • Auth
  • NTP
  • SNMP
  • Default Community Strings
  • LDAP
  • rwho
  • RPC rusers
  • Remote Maintenance Services
  • FTP
  • SSH
  • Telnet
  • X Windows
  • Citrix
  • Microsoft Remote
  • Desktop Protocol
  • VNC
  • Assessing IP VPN Services
  • Microsoft PPTP
  • SSL VPNs
  • REVIEW

Module 6 – Vulnerability Tools of the Trade

  • Vulnerability Scanners
  • Nessus
  • SAINT – Sample Report
  • Tool: Retina
  • Qualys Guard
  • Tool: LANguard
  • Microsoft Baseline Analyzer
  • MBSA Scan Report
  • Dealing with Assessment Results
  • Patch Management Options
  • Review

Module 7 – Output Analysis

  • Overview
  • Staying Abreast: Security Alerts
  • Vulnerability Research Sites
  • Nessus
  • SAINT
  • SAINT Reports
  • GFI Languard
  • GFI Reports
  • MBSA
  • MBSA Reports
  • Review

Interesting Reads Take a class with us and receive a book of your choosing for 50% off MSRP.