Introduction Vulnerability assessment and penetration testing.pptx
sami889399
48 views
17 slides
Aug 23, 2024
Slide 1 of 17
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
About This Presentation
Introduction to VA&PT practise
Slide Content
Vulnerability Assessment and Penetration Vulnerability Assessment and Penetration Testing July, 2021
VA & PT main objective and tasks Vulnerability Assessment & Remediation Penetration Testing Risk Assessment
What is vulnerability assessment ? A vulnerability assessment is a systematic review of security weaknesses in an information system (servers, network devices, applications etc...) evaluates if the system is susceptible to any known vulnerabilities assigns severity levels to those vulnerabilities. recommends remediation or mitigation activity.
threats that can be Detected by vulnerability assessment ? SQL injection, XSS and other code injection attacks. Escalation of privileges due to faulty authentication mechanisms. Insecure defaults – software that ships with insecure settings, such as a guessable admin passwords . Insecure ports and services
Vulnerability assessment Process : The security scanning process consists of four steps: testing, analysis, assessment and remediation .
Vulnerability assessment tools 1. Rapid7 InsightVM : is the vulnerability assessment software built for the modern web. InsightVM combines complete ecosystem visibility, an unparalleled understanding of the attacker mind-set, and the agility of security operations so we can act before impact. InsightVM provides a fully available, scalable, and efficient way to collect our mission & business critical assets vulnerability data, turn it into answers, and minimize risk.
Nessus Nessus is one of the most commonly used vulnerability scanner during vulnerability assessment and penetration testing engagements.it is developed and sold by Tenable security company in USA. The tool is free for non-enterprise use: however, for enterprise consumption Nessus professional is most commonly used across many industry as commercial version of Nessus. Advanced detection : can detect more than 56k threats the most in the industry.
Nessus provide High-speed asset discovery Target profiling Configuration auditing Malware detection Sensitive data discovery Discover vulnerabilities on a target system together with recommendations on how to fix and patch the identified vulnerability. It offers mobile device management integration (only Nessus provide this) Daily updates of plugins and integration with patch management vendors . Easily integrated with Metasploit
QVM QRadar Vulnerability Manager (QVM) is a scanning platform that is used to identify, manage, and prioritize the vulnerabilities on networked Information system assets. This Platform is very important to see the Cyber security posture of commercial Bank of Ethiopia using the under listed functionalities. Conduct a Vulnerability Scanning in order to identify all weakness on any CBE information system assets. QVM provides Severity level of vulnerability’s based on CVSS and CVE risk rating. For identified Vulnerability QVM provide recommended Solutions from its fully equipped non-human intervened analytical resources. Generate v ulnerability assessment result .
Penetration testing A penetration test, also known as a pen test, is a simulated cyber attack against your computer system to check for exploitable vulnerabilities. can involve the attempted breaching of any number of application systems, (e.g., application protocol interfaces (APIs), frontend/backend servers) to uncover vulnerabilities, such as unsanitized inputs that are susceptible to code injection attacks .
Cont. There are two pentesing methods: . External testing :- External penetration tests target the assets of a company that are visible on the internet, e.g., the web application itself, the company website, and email and domain name servers (DNS). The goal is to gain access and extract valuable data. . Internal testing:- In an internal test, a tester with access to an application behind its firewall simulates an attack by a malicious insider. This isn’t necessarily simulating a rogue employee. A common starting scenario can be an employee whose credentials were stolen due to a phishing attack.
Penetration testing process Penetration testing
Metasploit ( Pentesing tool) Metasploit Pro is an exploitation and vulnerability validation tool that helps u s divide the penetration testing workflow into manageable sections. Metasploit Pro improves the efficiency of penetration testers by providing unrestricted remote network access and enabling teams to collaborate efficiently .
cont. Metasploit Pro is an exploitation and vulnerability validation tool that helps u s divide the penetration testing workflow into manageable sections. Metasploit Pro improves the efficiency of penetration testers by providing unrestricted remote network access and enabling teams to collaborate efficiently .
Information security Risk assessment An information security risk assessment is to identify gaps in the organization's IT security architecture, as well as review compliance with InfoSec-specific laws, mandates and regulations .
cont. information security risk assessment focuses on three major aspects people, process and technology
17 Thank you !
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 48
- Slides 17
- Age 467 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
33 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
31 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
28 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views