CSE DAY 4 Module 5

Uploaded by

Vikram Singh

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

91 views7 pages

CSE DAY 4 Module 5

Uploaded by

Vikram Singh

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 7

Certified SOC Experts

Day 4: Vulnerability Management

Module 5 and 6
Trainer: Himanshu S
What is Vulnerability?

In cybersecurity, a vulnerability is a weakness in a system or application that can be

exploited by attackers to gain unauthorized access, run malicious code, or steal sensitive
data. Examples of vulnerabilities include SQL injection, buffer overflows, and cross-site
scripting (XSS). They can be found in various infrastructure such as software, network, and
even in physical facilities.
What is Vulnerability Analysis?

Vulnerability analysis is the process of defining, identifying, classifying, and prioritizing

vulnerabilities in computer systems, applications, and network infrastructures. It aims to
uncover weaknesses in a network and recommend appropriate mitigation or remediation
to reduce or remove the risks. Vulnerability assessments can be automated or manual and
often involve the use of automated testing tools, such as network security scanners. The
results of a vulnerability assessment are typically listed in a vulnerability assessment
report, which focuses on providing enterprises with a list of vulnerabilities that need to be
fixed.

Methods to discussed:
Overview:

Vulnerability analysis is an essential component of a comprehensive cybersecurity

strategy. It is the process of identifying, quantifying, and prioritizing vulnerabilities in an
organization's systems, networks, and applications. The overall goal of vulnerability
analysis is to help organizations manage and reduce risk by providing information about
potential threats and weaknesses that could be exploited by attackers.

The process of vulnerability analysis typically includes the following steps:

Asset identification: Identifying the systems, networks, and applications that need to be
protected.
Vulnerability scanning: Using automated tools to scan for known vulnerabilities in the
identified assets.
Vulnerability assessment: Evaluating the severity and potential impact of the identified
vulnerabilities.
Risk assessment: Determining the likelihood and potential impact of an attack on the
organization.
Different type of Vulnerability Issue:

Misconfigurations: These are errors in the configuration of systems, networks, or

applications that can be exploited by attackers. Misconfigured S3 buckets in the cloud are
a common example.
Unsecured APIs: Application programming interfaces (APIs) that are not properly secured
can provide an easy target for attackers to breach.
Unpatched software: Software vendors periodically release updates to patch known
vulnerabilities. Failure to apply these updates can make systems vulnerable to attack.
Zero-day vulnerabilities: These are vulnerabilities that are unknown to the software vendor
and for which there is no patch available.
Weak user credentials: Passwords that are weak, reused, or not changed regularly can be
easily guessed or brute-forced by attackers.
Overly permissive access: Granting employees more access and permissions than
necessary can increase the risk of identity-based threats.
Cloud-based vulnerabilities: Cloud networks follow the shared responsibility model,
meaning that the organization is responsible for securing the operating system,
applications, and data.
Importance of Vulnerability Assessment:

Vulnerability assessment is a crucial aspect of cybersecurity that involves the ongoing

process of identifying, assessing, reporting on, managing, and remediating cyber
vulnerabilities across endpoints, workloads, and systems. A strong vulnerability
management program uses threat intelligence and knowledge of IT and business
operations to prioritize risks and address vulnerabilities as quickly as possible.

The Common Vulnerability Scoring System (CVSS) is a free and open industry standard that
many cybersecurity organizations use to assess and communicate the severity and
characteristics of software vulnerabilities. The CVSS Base Score ranges from 0.0 to 10.0, and
The National Vulnerability Database (NVD) adds a severity rating for CVSS scores. The
CVSS v3.0 scores and associated ratings are as follows:

0.0 - 3.9: Low

4.0 - 6.9: Medium
7.0 - 8.9: High
9.0 - 10.0: Critical

01 Vulnerability Analysis
No ratings yet
01 Vulnerability Analysis
94 pages
Vulnerability Management - Cyber Security
No ratings yet
Vulnerability Management - Cyber Security
42 pages
Vulnerability Assessment Guide
No ratings yet
Vulnerability Assessment Guide
17 pages
Mse (Vapt)
No ratings yet
Mse (Vapt)
15 pages
Vulnerability Analysis Guide
No ratings yet
Vulnerability Analysis Guide
3 pages
What Is System Vulnerability?: Default Permit
No ratings yet
What Is System Vulnerability?: Default Permit
6 pages
Day 3
No ratings yet
Day 3
33 pages
Vulnerability Testing and Server Client Side Attack
No ratings yet
Vulnerability Testing and Server Client Side Attack
34 pages
Module 4
No ratings yet
Module 4
31 pages
Vulnerability Assessment
No ratings yet
Vulnerability Assessment
4 pages
ISACA WP Vulnerability Assessment 1117
100% (2)
ISACA WP Vulnerability Assessment 1117
17 pages
M2 T4
No ratings yet
M2 T4
12 pages
VAPT Basic - 1
No ratings yet
VAPT Basic - 1
7 pages
Vunerability Assessment
No ratings yet
Vunerability Assessment
24 pages
CH5 Tm359 To Lana
No ratings yet
CH5 Tm359 To Lana
8 pages
Vulnerability Management Explained
No ratings yet
Vulnerability Management Explained
7 pages
Eccouncil Ecihv2 1 2 1 What Is Vulnerability Management
No ratings yet
Eccouncil Ecihv2 1 2 1 What Is Vulnerability Management
4 pages
Chapter 10
No ratings yet
Chapter 10
54 pages
Assesment V - Khurram Zareen
No ratings yet
Assesment V - Khurram Zareen
4 pages
Pen Testing
No ratings yet
Pen Testing
65 pages
02 Comprehensive Vulnerability Assessment and Security Scanning
No ratings yet
02 Comprehensive Vulnerability Assessment and Security Scanning
126 pages
Unit 1
No ratings yet
Unit 1
43 pages
Paper 164
No ratings yet
Paper 164
7 pages
Unit - II Cyber Security
No ratings yet
Unit - II Cyber Security
40 pages
Introduction To Vulnerabilities
No ratings yet
Introduction To Vulnerabilities
19 pages
Vulnerability Assessment
No ratings yet
Vulnerability Assessment
8 pages
Cyber Security2
No ratings yet
Cyber Security2
16 pages
Vulnerability Analysis
No ratings yet
Vulnerability Analysis
15 pages
Vulnerability Assessment
No ratings yet
Vulnerability Assessment
3 pages
Vulnerability Analysis
No ratings yet
Vulnerability Analysis
4 pages
Qualys Foundation
No ratings yet
Qualys Foundation
28 pages
Cso - Unit 5
No ratings yet
Cso - Unit 5
8 pages
An Approach To Vulnerability Management: by Umesh Chavan, CISSP
No ratings yet
An Approach To Vulnerability Management: by Umesh Chavan, CISSP
3 pages
Vulnerability Management
No ratings yet
Vulnerability Management
7 pages
What Is Vulnerability Management
No ratings yet
What Is Vulnerability Management
15 pages
Web Application Security - Unit 4 Notes
No ratings yet
Web Application Security - Unit 4 Notes
143 pages
Vulnerability Assessment Using Nessus Essentials
No ratings yet
Vulnerability Assessment Using Nessus Essentials
24 pages
Threat and Risk and Gaps Assessment
No ratings yet
Threat and Risk and Gaps Assessment
8 pages
6th Unit
No ratings yet
6th Unit
36 pages
CSD4001-Study Material-Midterm
No ratings yet
CSD4001-Study Material-Midterm
63 pages
Cyber Security Vulnerabilities
No ratings yet
Cyber Security Vulnerabilities
9 pages
Vulnerability Management 2
No ratings yet
Vulnerability Management 2
16 pages
Vulnerability Scanning
No ratings yet
Vulnerability Scanning
9 pages
VulScan Datasheet
No ratings yet
VulScan Datasheet
11 pages
Software CVE & CVSS
No ratings yet
Software CVE & CVSS
23 pages
Security Tool for Developers
No ratings yet
Security Tool for Developers
8 pages
Risk and Vulnerabiltiy
No ratings yet
Risk and Vulnerabiltiy
3 pages
Vulnerabilities and Exploits in Cyber Security
No ratings yet
Vulnerabilities and Exploits in Cyber Security
6 pages
Autosploit: A Fully Automated Framework For Evaluating The Exploitability of Security Vulnerabilities
No ratings yet
Autosploit: A Fully Automated Framework For Evaluating The Exploitability of Security Vulnerabilities
15 pages
Vulnerabilty Tools, Assessment and Their Exploitation at Unit Level
100% (1)
Vulnerabilty Tools, Assessment and Their Exploitation at Unit Level
18 pages
How To VA Step-By-step
No ratings yet
How To VA Step-By-step
18 pages
Day2va 121130175145 Phpapp01
No ratings yet
Day2va 121130175145 Phpapp01
24 pages
Lec7 + Lec 8 Merge Threat Vul Expliot Identification 2025
No ratings yet
Lec7 + Lec 8 Merge Threat Vul Expliot Identification 2025
85 pages
Unit 4
No ratings yet
Unit 4
65 pages
CEHv10 Module 05 Vulnerability Analysis PDF
No ratings yet
CEHv10 Module 05 Vulnerability Analysis PDF
55 pages
Unit 2 Question Answer
No ratings yet
Unit 2 Question Answer
8 pages
Vulnerability Management Lifecycle Guide
No ratings yet
Vulnerability Management Lifecycle Guide
19 pages
7.1.2.4 Packet Tracer - Configuring VPNs (Optional) Instructions
No ratings yet
7.1.2.4 Packet Tracer - Configuring VPNs (Optional) Instructions
6 pages
Module 01 Introduction To Penetration Testing
No ratings yet
Module 01 Introduction To Penetration Testing
30 pages
Case Study
No ratings yet
Case Study
1 page
Pooja Aadhar
No ratings yet
Pooja Aadhar
1 page
Zero Trust Testing CheckList
No ratings yet
Zero Trust Testing CheckList
1 page
RansomHub Ransomware
No ratings yet
RansomHub Ransomware
3 pages
A Changing Payments Ecosystem Neff 2016 Annual Report
No ratings yet
A Changing Payments Ecosystem Neff 2016 Annual Report
94 pages
Akun Premium (Sfile
No ratings yet
Akun Premium (Sfile
3 pages
First 100 Days As A CIO
100% (10)
First 100 Days As A CIO
36 pages
Kali Linux Web Penetration Testing Cookbook Sample Chapter PDF
100% (1)
Kali Linux Web Penetration Testing Cookbook Sample Chapter PDF
31 pages
3.2 Introduction-to-Identity-Theft-and-Social-Engineering
No ratings yet
3.2 Introduction-to-Identity-Theft-and-Social-Engineering
10 pages
Module - 1 Notes: Transport Level Security: Web Security Considerations, Secure Sockets Layer, Transport
No ratings yet
Module - 1 Notes: Transport Level Security: Web Security Considerations, Secure Sockets Layer, Transport
45 pages
H12 711 ENU V13.02 HCIA Security Dumps Sept. 2021 PDF
No ratings yet
H12 711 ENU V13.02 HCIA Security Dumps Sept. 2021 PDF
57 pages
Understanding Wireless Lan Security
No ratings yet
Understanding Wireless Lan Security
18 pages
Concur SAML Guide
No ratings yet
Concur SAML Guide
32 pages
CISSP Exam Outline English April 2021 PDF
No ratings yet
CISSP Exam Outline English April 2021 PDF
16 pages
Create Free Tier AWS Account, Create IAM User and Set CloudWatch Alarm For Billing
No ratings yet
Create Free Tier AWS Account, Create IAM User and Set CloudWatch Alarm For Billing
14 pages
TW Report Sensible Defaults Ebook
No ratings yet
TW Report Sensible Defaults Ebook
33 pages
40WNDoc - Prospectus 23-24 FINAL 8th June 2023
No ratings yet
40WNDoc - Prospectus 23-24 FINAL 8th June 2023
48 pages
CCNP Security 300-715 SISE Exam Questions
No ratings yet
CCNP Security 300-715 SISE Exam Questions
23 pages
IBM Format - Jayant Singh - AWS - AZURE - Resume
No ratings yet
IBM Format - Jayant Singh - AWS - AZURE - Resume
3 pages
Transcript Ep. 11 v.4 Trick (4.18)
No ratings yet
Transcript Ep. 11 v.4 Trick (4.18)
15 pages
IEP RevoU Sept23 NEXT - RezaMalikiAkbar - IoTCyberSec
No ratings yet
IEP RevoU Sept23 NEXT - RezaMalikiAkbar - IoTCyberSec
35 pages
Lecture Seven Risk Management and Ethics
No ratings yet
Lecture Seven Risk Management and Ethics
24 pages
RM ICA 2 Poster - Aung Soe Myo Oo
No ratings yet
RM ICA 2 Poster - Aung Soe Myo Oo
1 page
Digital Empowerment
No ratings yet
Digital Empowerment
20 pages
D4 h4ck4 t00lz D4 h4ck4 t00lz D4 h4ck4 t00lz D4 h4ck4 t00lz: Trojanz
No ratings yet
D4 h4ck4 t00lz D4 h4ck4 t00lz D4 h4ck4 t00lz D4 h4ck4 t00lz: Trojanz
2 pages
Online Cyber Security Course
100% (2)
Online Cyber Security Course
15 pages
Am Fundamentals
No ratings yet
Am Fundamentals
19 pages
5G Radio Access Network
50% (2)
5G Radio Access Network
317 pages