Review key vulnerability management tools and processes as you study for the CompTIA Cybersecurity Analyst (CySA+) exam. This course will prepare you for exam CS0-002.
Overview
Syllabus
Introduction
- Vulnerability management
- What you need to know
- Study resources
- What is vulnerability management?
- Identify scan targets
- Scan frequency
- Scan configuration
- Scan perspective
- Scanner maintenance
- Vulnerability scanning tools
- Passive vulnerability scanning
- Report scan results
- Prioritize remediation
- Create a remediation workflow
- Barriers to vulnerability remediation
- SCAP (Security Content Automation Protocol)
- CVSS (Common Vulnerability Scoring System)
- Interpreting CVSS scores
- Analyzing scan reports
- Correlating scan results
- Server vulnerabilities
- Endpoint vulnerabilities
- Network vulnerabilities
- Virutalization vulnerabilities
- OWASP (Open Web Application Security Project)
- Preventing SQL injection
- Understanding cross-site scripting
- Privilege escalation
- Directory traversal
- Race conditions
- Dereferencing NULL pointers
- Third-party code
- Interception proxies
- Industrial control systems
- Internet of Things
- Embedded systems
- Password attacks
- Password spraying and credential stuffing
- Impersonation attacks
- Session hijacking
- Eavesdropping attacks
- Next steps
Taught by
Mike Chapple