Being able to identify security loopholes has become critical to many businesses. That's where learning network security assessment becomes very important. This book will not only show you how to find out the system vulnerabilities but also help you build a network security threat model.
Cover Title Page Copyright and Credits Packt Upsell Contributors Table of Contents Preface Chapter 1: Vulnerability Management Governance Security basics The CIA triad Confidentiality Integrity Availability Identification Authentication Authorization Auditing Accounting Non-repudiation Vulnerability Threats Exposure Risk Safeguards Attack vectors Understanding the need for security assessments Types of security tests Security testing Vulnerability assessment versus penetration testing Security assessment Security audit Business drivers for vulnerability management Regulatory compliance Satisfying customer demands Response to some fraud/incident Gaining a competitive edge Safeguarding/protecting critical infrastructures Calculating ROIs Setting up the context Bottom-up Top-down Policy versus procedure versus standard versus guideline Vulnerability assessment policy template Penetration testing standards Penetration testing lifecycle Industry standards Open Web Application Security Project testing guide Benefits of the framework Penetration testing execution standard Benefits of the framework Summary Exercises Chapter 2: Setting Up the Assessment Environment Setting up a Kali virtual machine Basics of Kali Linux Environment configuration and setup Web server Secure Shell (SSH) File Transfer Protocol (FTP) Software management List of tools to be used during assessment Summary Chapter 3: Security Assessment Prerequisites Target scoping and planning Gathering requirements Preparing a detailed checklist of test requirements Suitable time frame and testing hours Identifying stakeholders Deciding upon the type of vulnerability assessment. Types of vulnerability assessment Types of vulnerability assessment based on the location External vulnerability assessment Internal vulnerability assessment Based on knowledge about environment/infrastructure Black-box testing White-box testing Gray-box testing Announced and unannounced testing Automated testing Authenticated and unauthenticated scans Agentless and agent-based scans Manual testing Estimating the resources and deliverables Preparing a test plan Getting approval and signing NDAs Confidentiality and nondisclosure agreements Summary Chapter 4: Information Gathering What is information gathering? Importance of information gathering Passive information gathering Reverse IP lookup Site report Site archive and way-back Site metadata Looking for vulnerable systems using Shodan Advanced information gathering using Maltego theHarvester Active information gathering Active information gathering with SPARTA Recon-ng Dmitry Summary Chapter 5: Enumeration and Vulnerability Assessment What is enumeration? Enumerating services HTTP FTP SMTP SMB DNS SSH VNC Using Nmap scripts http-methods smb-os-discovery http-sitemap-generator mysql-info Vulnerability assessments using OpenVAS Summary Chapter 6: Gaining Network Access Gaining remote access Direct access Target behind router Cracking passwords Identifying hashes Cracking Windows passwords Password profiling Password cracking with Hydra Creating backdoors using Backdoor Factory Exploiting remote services using Metasploit Exploiting vsftpd Exploiting Tomcat Hacking embedded devices using RouterSploit Social engineering using SET Summary Chapter 7: Assessing Web Application Security. Importance of web application security testing Application profiling Common web application security testing tools Authentication Credentials over a secure channel Authentication error messages Password policy Method for submitting credentials OWASP mapping Authorization OWASP mapping Session management Cookie checks Cross-Site Request Forgery OWASP mapping Input validation OWASP mapping Security misconfiguration OWASP mapping Business logic flaws Testing for business logic flaws Auditing and logging OWASP mapping Cryptography OWASP mapping Testing tools OWASP ZAP Burp Suite Summary Chapter 8: Privilege Escalation What is privilege escalation? Horizontal versus vertical privilege escalation Horizontal privilege escalation Vertical privilege escalation Privilege escalation on Windows Privilege escalation on Linux Summary Chapter 9: Maintaining Access and Clearing Tracks Maintaining access Clearing tracks and trails Anti-forensics Summary Chapter 10: Vulnerability Scoring Requirements for vulnerability scoring Vulnerability scoring using CVSS Base metric group Exploitability metrics Attack vector Attack complexity Privileges required User interaction Scope Impact metrics Confidentiality impact Integrity impact Availability impact Temporal metric group Exploit code maturity Remediation level Report confidence CVSS calculator Summary Chapter 11: Threat Modeling What is threat modeling? Benefits of threat modeling Threat modeling terminology How to model threats? Threat modeling techniques STRIDE DREAD Threat modeling tools Microsoft Threat Modeling Tool SeaSponge Summary Chapter 12: Patching and Security Hardening Defining patching?. Patch enumeration Windows patch enumeration Linux patch enumeration Security hardening and secure configuration reviews Using CIS benchmarks Summary Chapter 13: Vulnerability Reporting and Metric s Importance of reporting Type of reports Executive reports Detailed technical reports Reporting tools Dradis KeepNote Collaborative vulnerability management with Faraday v2.6 Metrics Mean time to detect Mean time to resolve Scanner coverage Scan frequency by asset group Number of open critical/high vulnerabilities Average risk by BU, asset group, and so on Number of exceptions granted Vulnerability reopen rate Percentage of systems with no open high/critical vulnerability Vulnerability ageing Summary Other Books You May Enjoy Index.
Description based on publisher supplied metadata and other sources.
Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2021. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.