Cyber Security Auditor C VA - Certified Vulnerability Assessor

C VA - Certified Vulnerability Assessor

Location:

Date of Class:

Instructor:

Last Day To Enroll:

2500.00 2,500.00
$2,500.00
PRICE PER USER
$
X
USERS


=
SUBTOTAL
$
  • Course Delivery: Virtual Classroom
  • Duration: 24 
  • Language: English

Chat Live | Contact Us | Toll Free: (888) 360-8764

 

Description

The Certified Vulnerability Assessor course trains students to be proficient in conducting vulnerability assessments by: 1. Teaching the risk associated with information technology and why a vulnerability assessment is crucial to the continuing operations of a business. 2. Preparing students with the tools and knowledge of how to perform a vulnerability assessment. 3. Instructing students on how to summarize and report on their findings from a vulnerability assessment. Learn what vulnerabilities hackers look for when trying to hack into systems. After completing the course, students will be able to sit for the Certified Vulnerability Assessor exam. Upon passing the exam, students will be able to use the CVA certification.


Audience

The CVA is a course on cyber security designed for those who don't know anything about security but need to. We recommend this course for anyone who wants to be secure on the Internet, especially employees at work.

After you complete the CVA course and get certified, we recommend you to further develop your security skill-set by being certified as a CISSO: Certified Information Systems Officer, which will prepare you to advise businesses on security issues and implement solutions.
 

Course Objectives

Students will:

  • Have knowledge to detect security vulnerabilities and risk
  • Have knowledge to accurately report on their findings from examinations
  • Be ready to sit for the CVA Exam
 

Topics Covered

Module 1: Why Vulnerability Assessment

  • Overview
  • What is a Vulnerability Assessment?
  • Vulnerability Assessment Benefits of a Vulnerability Assessment
  • What are Vulnerabilities?
  • Security Vulnerability Life Cycle
  • Compliance and Project Scoping
  • The Project Overview Statement
  • Project Overview Statement
  • Assessing Current Network
  • Concerns Vulnerabilities in Networks
  • More Concerns Network Vulnerability
  • Assessment Methodology
  • Network Vulnerability
  • Assessment Methodology
  • Phase I: Data Collection
  • Phase II: Interviews, Information Reviews, and Hands-On Investigation
  • Phase III: Analysis Analysis cont.
  • Risk Management
  • Why Is Risk Management Difficult?
  • Risk Analysis Objectives
  • Putting Together the Team and Components
  • What Is the Value of an Asset?
  • Examples of Some Vulnerabilities that Are Not Always Obvious
  • Categorizing Risks
  • Some Examples of Types of Losses
  • Different Approaches to Analysis
  • Who Uses What?
  • Qualitative Analysis Steps
  • Quantitative Analysis
  • ALE Values Uses
  • ALE Example
  • ARO Values and Their Meaning
  • ALE Calculation
  • Can a Purely Quantitative Analysis Be Accomplished?
  • Comparing Cost and Benefit
  • Countermeasure Criteria
  • Calculating Cost/Benefit
  • Cost of a Countermeasure
  • Can You Get Rid of All Risk?
  • Management’s Response to Identified Risks
  • Liability of Actions
  • Policy Review (Top-Down)
  • Methodology
  • Definitions
  • Policy Types
  • Policies with Different Goals
  • Industry Best Practice Standards
  • Components that Support the Security Policy
  • Policy Contents
  • When critiquing a policy
  • Technical (Bottom-Up) Methodology
  • Review

Module 2: Vulnerability Types

  • Overview
  • Critical Vulnerabilities
  • Critical Vulnerability Types
  • Buffer OverFlows
  • URL Mappings to Web Applications
  • IIS Directory Traversal
  • Format String Attacks
  • Default Passwords
  • Misconfigurations
  • Known Backdoors
  • Information Leaks
  • Memory Disclosure
  • Network Information
  • Version Information
  • Path Disclosure
  • User Enumeration
  • Denial of Service
  • Best Practices
  • Review

Module 3: Assessing the Network

  • Overview
  • Network Security Assessment Platform
  • Virtualization Software
  • Operating Systems
  • Exploitation Frameworks
  • Internet Host and Network Enumeration
  • Google and Query Operators
  • Google (cont.)
  • Domain Name Registration
  • WHOIS
  • WHOIS Output
  • BGP Querying
  • DNS Databases
  • Using Nslookup
  • Dig for Unix/Linux
  • Web Server Crawling
  • Automating Enumeration
  • SMTP Probing
  • SMTP Probing cont.
  • NMAP: Is the Host on-line
  • ICMP Disabled?
  • NMAP TCP Connect Scan
  • Querying Web & Newsgroup Search
  • Engines Footprinting tools
  • Blogs & Forums
  • Google Groups/USENET
  • Google Hacking
  • TCP Connect Port Scan
  • Nmap (cont.)
  • Tool Practice: TCP
  • Half-open & Ping Scan
  • Half-open Scan
  • Firewalled Ports
  • NMAP Service Version Detection
  • Additional NMAP Scans
  • NMAP UDP Scans
  • UDP Port Scan
  • Null Sessions
  • Syntax for a Null Session
  • SMB Null Sessions & Hardcoded Named Pipes
  • Windows Networking Services Countermeasures
  • Review

Module 4: Assessing Web Servers & Applications

  • Web Servers
  • Fingerprinting Accessible Web Servers
  • Identifying and Assessing
  • Reverse Proxy
  • Mechanisms Proxy
  • Mechanisms
  • Identifying Subsystems and Enabled Components
  • Basic Web Server Crawling
  • Web Application Technologies Overview
  • Web Application Profiling
  • HTML Sifting and Analysis
  • Active Backend Database
  • Technology Assessment
  • Why SQL "Injection"?
  • Web Application Attack Strategies
  • Web Application Vulnerabilities
  • Authentication Issues
  • Parameter Modification
  • SQL Injection: Enumeration
  • SQL Extended Stored Procedures
  • Shutting Down SQL Server
  • Direct Attacks
  • SQL Connection Properties
  • Attacking Database Servers
  • Obtaining Sensitive Information
  • URL Mappings to Web Applications
  • Query String
  • Changing URL Login Parameters
  • URL Login Parameters Cont.
  • IIS Directory Traversal
  • Cross-Site Scripting  (XSS)
  • Web Security Checklist
  • Review

Module 5: Assessing Remote & VPN Services

  • Assessing Remote & VPN Services
  • Remote Information Services
  • Retrieving DNS Service Version Information
  • DNS Zone Transfers
  • Forward DNS
  • Grinding Finger Auth
  • NTP
  • SNMP
  • Default Community Strings
  • LDAP
  • rwho
  • RPC rusers
  • Remote Maintenance Services
  • FTP
  • SSH
  • Telnet
  • X Windows
  • Citrix
  • Microsoft Remote
  • Desktop Protocol
  • VNC
  • Assessing IP VPN Services
  • Microsoft PPTP
  • SSL VPNs
  • REVIEW

Module 6: Vulnerability Assessment Tools

  • Vulnerability Scanners
  • Nessus
  • Qualys Guard
  • Tool: LANguard
  • Microsoft Baseline Analyzer
  • MBSA Scan Report
  • SAINT - Sample Report
  • Tool: Retina
  • Dealing with Assessment Results
  • Patch Management Options
  • Review


Module 7: Output Analysis

  • Overview
  • Staying Abreast: Security Alerts
  • Vulnerability Research Sites
  • Nessus
  • SAINT
  • SAINT Reports
  • GFI Languard
  • GFI Reports
  • MBSA
  • MBSA Reports
  • Review
 

Prerequisites

  • An interest in security
  • Basic Computer Experience
 

Subject Matter Expert

360training, powered by QuickStart brings a quarter-century of keeping pace with the ever-evolving IT industry. You will find that experience reflected in every course, and every training modality we offer. We train more than 11,000 IT professionals and developers annually, and 97% of them say they are very glad they chose us.
 

Additional Information

Student Workbook, Student Exam Prep Guide, C)VA Exam

Got questions? Contact us below or call 877-881-2235

Why Choose 360training.com?

  • Fast and easy courses completion
  • Get an education faster than at traditional colleges!
  • 100% online - No classroom attendance required.
  • Unlimited 24x7 online customer support
  • Over 500,000+ certified nationwide.