CompTIA Cybersecurity Analyst+ (CySA+) (CS0-003) Cert Prep: 2 Vulnerability Management

Overview

Learn the detailed information you need to prepare for the Vulnerability Management domain of the Cybersecurity Analyst+ (CySA+) exam.

Syllabus

Introduction

Vulnerability management
What you need to know
Study resources

1. Creating a Vulnerability Management Program

What is vulnerability management?
Identify scan targets
Scan frequency

2. Network Mapping

Network scanning
Install Nmap on Windows
Install Nmap on macOS
Run and interpret a simple Nmap scan
Host discovery with Nmap
Operate system fingerprinting
Service version detection

3. Configuring and Executing Vulnerability Scans

Security baseline scanning
Scan configuration
Scan perspective
Scanner maintenance
Vulnerability scanning tools
Passive vulnerability scanning

4. Analyzing Scan Results

SCAP
CVSS
Interpret CVSS scores
Analyze scan reports
Correlate scan results

5. Common Vulnerabilities

Server vulnerabilities
Endpoint vulnerabilities
Network vulnerabilities

6. Software Security Issues

OWASP Top 10
Prevent SQL injection
Understand cross-site scripting
Request forgery
Privilege escalation
Directory traversal
File inclusion
Overflow attacks
Cookies and attachments
Session hijacking
Race conditions
Memory vulnerabilities
Code execution attacks
Data poisoning
Third-party code
Interception proxies

7. Specialized Technology Vulnerabilities

Industrial control systems
Internet of Things
Embedded systems

8. More Cybersecurity Tools

Exploitation frameworks
Cloud auditing tools
Debuggers
Open-source reconnaissance
Control frameworks

9. Software Development Lifecycle

Software platforms
Development methodologies
Maturity models
Change management

10. Secure Coding Practices

Input validation
Parameterized queries
Authentication and session management issues
Output encoding
Error and exception handling
Code signing
Database security
Data de-identification
Data obfuscation

11. Software Quality Assurance

Software testing
Code security tests
Fuzzing
Reverse engineering software
Reverse engineering hardware

12. Threat Modeling

Threat research
Identify threats
Understand attacks
Threat modeling
Attack surface management
Bug bounty

13. Security Governance

Align security with the business
Organizational processes
Security roles and responsibilities
Security control selection

14. Risk Management

Risk assessment
Quantitative risk assessment
Risk treatment options
Risk management frameworks
Risk visibility and reporting

Conclusion

Continue your studies

Taught by

Mike Chapple

Reviews

4.8 rating at LinkedIn Learning based on 175 ratings

Start your review of CompTIA Cybersecurity Analyst+ (CySA+) (CS0-003) Cert Prep: 2 Vulnerability Management

Taught by

CompTIA CySA+ (CS0-002)

TOTAL: CompTIA CySA+ Cybersecurity Analyst (CS0-003)

CompTIA CySA+ Certification

CompTIA CySA+ (CS0-003) Complete Course & Practice Exam

Pentesting Fundamentals for Beginners

CompTIA CySA+ (CS0-002) Complete Course & Practice Exam

110+ Hours of Free LinkedIn Learning Courses with Free Certification

Never Stop Learning.