In today’s complex security landscape, it is not enough for infosec teams to set firewall rules and IDSs and hope for the best. Organizations need to have a clear understanding of their threat landscape, what data and systems they’re protecting, where the data resides, which assets are most valuable, and how to fine tune defensive controls as the threats and the company’s focus change. To make this all happen, security professionals must continually test and assess their network and applications through a combination of manual and automated techniques to ensure controls are working properly and delivering actionable alerts. The old adage, “You cannot manage what you do not measure” is truer now than ever.

In this two-day class, attendees will learn and practice hands-on, real-world assessment techniques. From working with vulnerability scanners to ensuring compliance to industry standards, attendees will explore the techniques and procedures followed by effective security professionals. Some of the highlights will include learning how to weed out false positives and catch false negatives, mapping the network and assets using the map to identify system vulnerabilities and testing authorizations and permissions. At the completion of this course, security professionals will be able to ensure a comprehensive ongoing security assessment practice for their organization.

​

HANDS-ON
Prerequisite: None
Advanced Preparation: None
Learning Level: Basic
Field: Information Technology
Delivery Method: Group-Live

Who Should Attend

Information security professionals of all levels, IT auditors with knowledge of cybersecurity

CPEs: 16
INSTRUCTOR: Mary Siero
LEVEL: Basic
Tuition: $1,795

What You Will Learn

1. Introduction
• Standards and Guidelines
- PCI
- HIPAA
- OWASP
- Other

2. Testing Methodology Overview

3. Test Lab and Class Targets

4. Preparation
• integrating within the business/development processes
• scoping the assessment
• gathering the data
• ensuring permissions
• preventing issues while assessing

5. Network Assessments
• mapping network and systems assets
• realtime detection of assets
• integrating with monitoring systems
• scanning for assets

6. Testing Systems and Services
• automated techniques for finding vulnerabilities
• Nessus and OpenVAS usage and tuning
• building custom scripts for testing the systems

7. Evaluating Assessments Results
• determining and removing false positives
• tuning your testing techniques to prevent false negatives
• assessing an organization’s results based on industry standards

8. Application Assessments
• mapping applications and systems assets
• realtime detection of assets
• integrating with monitoring systems
• scanning for assets
• working within developer SDLC processes
• assessing Cloudbased systems

9. Testing Systems and Services
• automated techniques for finding vulnerabilities
• performing application assessments against business applications
• performing assessments against web services

10. Evaluating Assessments Results
• determining and removing false positives
• tuning your testing techniques to prevent false negatives
• assessing an organization’s results based

11. Student Real-World Scavenger Hunt Challenge