CompTIA Cybersecurity Analyst+ (CySA+) (CS0-003): 2 Vulnerability Management

سرفصل های دوره

As cybersecurity threats become more sophisticated and pervasive, the need for IT professionals with security analytics expertise has grown exponentially. Earning the CompTIA Cybersecurity Analyst (CySA+) certification demonstrates a proficiency in tackling cybersecurity threats using a behavioral analytics-based approach. In this course—the second installment in the CompTIA Cybersecurity Analyst+ CySA+ (CS0-003) certification prep series, instructor Mike Chapple covers the topics covered in the Vulnerability Management domain of the exam. Mike shows how to design a vulnerability management program and configure and execute vulnerability scans. He also covers vulnerability remediation workflows, overcoming barriers to vulnerability scans, and analyzing the results of scans.

01 - Introduction

01 - Vulnerability management

02 - What you need to know

03 - Study resources

02 - 1. Creating a Vulnerability Management Program

01 - What is vulnerability management

02 - Identify scan targets

03 - Scan frequency

03 - 2. Network Mapping

01 - Network scanning

02 - Install Nmap on Windows

03 - Install Nmap on macOS

04 - Run and interpret a simple Nmap scan

05 - Host discovery with Nmap

06 - Operate system fingerprinting

07 - Service version detection

04 - 3. Configuring and Executing Vulnerability Scans

01 - Security baseline scanning

02 - Scan configuration

03 - Scan perspective

04 - Scanner maintenance

05 - Vulnerability scanning tools

06 - Passive vulnerability scanning

05 - 4. Analyzing Scan Results

01 - SCAP

02 - CVSS

03 - Interpret CVSS scores

04 - Analyze scan reports

05 - Correlate scan results

06 - 5. Common Vulnerabilities

01 - Server vulnerabilities

02 - Endpoint vulnerabilities

03 - Network vulnerabilities

07 - 6. Software Security Issues

01 - OWASP Top 10

02 - Prevent SQL injection

03 - Understand cross-site scripting

04 - Request forgery

05 - Privilege escalation

06 - Directory traversal

07 - File inclusion

08 - Overflow attacks

09 - Cookies and attachments

10 - Session hijacking

11 - Race conditions

12 - Memory vulnerabilities

13 - Code execution attacks

14 - Data poisoning

15 - Third-party code

16 - Interception proxies

08 - 7. Specialized Technology Vulnerabilities

01 - Industrial control systems

02 - Internet of Things

03 - Embedded systems

09 - 8. More Cybersecurity Tools

01 - Exploitation frameworks

02 - Cloud auditing tools

03 - Debuggers

04 - Open-source reconnaissance

05 - Control frameworks

10 - 9. Software Development Lifecycle

01 - Software platforms

02 - Development methodologies

03 - Maturity models

04 - Change management

11 - 10. Secure Coding Practices

01 - Input validation

02 - Parameterized queries

03 - Authentication and session management issues

04 - Output encoding

05 - Error and exception handling

06 - Code signing

07 - Database security

08 - Data de-identification

09 - Data obfuscation

12 - 11. Software Quality Assurance

01 - Software testing

02 - Code security tests

03 - Fuzzing

04 - Reverse engineering software

05 - Reverse engineering hardware

13 - 12. Threat Modeling

01 - Threat research

02 - Identify threats

03 - Understand attacks

04 - Threat modeling

05 - Attack surface management

06 - Bug bounty

14 - 13. Security Governance

01 - Align security with the business

02 - Organizational processes

03 - Security roles and responsibilities

04 - Security control selection

15 - 14. Risk Management

01 - Risk assessment

02 - Quantitative risk assessment

03 - Risk treatment options

04 - Risk management frameworks

05 - Risk visibility and reporting

16 - Conclusion

01 - Continue your studies

45,900 تومان

خرید اشتراک افزودن به سبد خرید

خرید دانلودی فوری

در این روش نیاز به افزودن محصول به سبد خرید و تکمیل اطلاعات نیست و شما پس از وارد کردن ایمیل خود و طی کردن مراحل پرداخت لینک های دریافت محصولات را در ایمیل خود دریافت خواهید کرد.

تولید کننده: LinkedIn Learning (Lynda)