| Карточка | Таблица | RUSMARC | |
|
|
Rahalkar, Sagar. Network vulnerability assessment: identify security loopholes in your network's infrastructure / Sagar Rahalkar. — 1 online resource (1 volume) : illustrations — <URL:http://elib.fa.ru/ebsco/1883885.pdf>.Дата создания записи: 03.10.2018 Тематика: COMPUTER SCIENCE / General; Computer networks — Security measures — Evaluation.; Computer network protocols — Security measures — Evaluation. Коллекции: EBSCO Разрешенные действия: –
Действие 'Прочитать' будет доступно, если вы выполните вход в систему или будете работать с сайтом на компьютере в другой сети
Действие 'Загрузить' будет доступно, если вы выполните вход в систему или будете работать с сайтом на компьютере в другой сети
Группа: Анонимные пользователи Сеть: Интернет |
Права на использование объекта хранения
| Место доступа | Группа пользователей | Действие | ||||
|---|---|---|---|---|---|---|
| Локальная сеть Финуниверситета | Все |
|
||||
| Интернет | Читатели |
|
||||
|
Интернет | Анонимные пользователи |
Оглавление
- Cover
- Title Page
- Copyright and Credits
- Packt Upsell
- Contributors
- Table of Contents
- Preface
- Chapter 1: Vulnerability Management Governance
- Security basics
- The CIA triad
- Confidentiality
- Integrity
- Availability
- Identification
- Authentication
- Authorization
- Auditing
- Accounting
- Non–repudiation
- Vulnerability
- Threats
- Exposure
- Risk
- Safeguards
- Attack vectors
- The CIA triad
- Understanding the need for security assessments
- Types of security tests
- Security testing
- Vulnerability assessment versus penetration testing
- Security assessment
- Security audit
- Types of security tests
- Business drivers for vulnerability management
- Regulatory compliance
- Satisfying customer demands
- Response to some fraud/incident
- Gaining a competitive edge
- Safeguarding/protecting critical infrastructures
- Calculating ROIs
- Setting up the context
- Bottom-up
- Top-down
- Policy versus procedure versus standard versus guideline
- Vulnerability assessment policy template
- Penetration testing standards
- Penetration testing lifecycle
- Industry standards
- Open Web Application Security Project testing guide
- Benefits of the framework
- Penetration testing execution standard
- Benefits of the framework
- Open Web Application Security Project testing guide
- Summary
- Exercises
- Security basics
- Chapter 2: Setting Up the Assessment Environment
- Setting up a Kali virtual machine
- Basics of Kali Linux
- Environment configuration and setup
- Web server
- Secure Shell (SSH)
- File Transfer Protocol (FTP)
- Software management
- List of tools to be used during assessment
- Summary
- Chapter 3: Security Assessment Prerequisites
- Target scoping and planning
- Gathering requirements
- Preparing a detailed checklist of test requirements
- Suitable time frame and testing hours
- Identifying stakeholders
- Deciding upon the type of vulnerability assessment
- Types of vulnerability assessment
- Types of vulnerability assessment based on the location
- External vulnerability assessment
- Internal vulnerability assessment
- Based on knowledge about environment/infrastructure
- Black-box testing
- White-box testing
- Gray-box testing
- Announced and unannounced testing
- Automated testing
- Authenticated and unauthenticated scans
- Agentless and agent-based scans
- Manual testing
- Types of vulnerability assessment based on the location
- Types of vulnerability assessment
- Estimating the resources and deliverables
- Preparing a test plan
- Getting approval and signing NDAs
- Confidentiality and nondisclosure agreements
- Summary
- Chapter 4: Information Gathering
- What is information gathering?
- Importance of information gathering
- Passive information gathering
- Reverse IP lookup
- Site report
- Site archive and way-back
- Site metadata
- Looking for vulnerable systems using Shodan
- Advanced information gathering using Maltego
- theHarvester
- Active information gathering
- Active information gathering with SPARTA
- Recon-ng
- Dmitry
- Summary
- What is information gathering?
- Chapter 5: Enumeration and Vulnerability Assessment
- What is enumeration?
- Enumerating services
- HTTP
- FTP
- SMTP
- SMB
- DNS
- SSH
- VNC
- Using Nmap scripts
- http-methods
- smb-os-discovery
- http-sitemap-generator
- mysql-info
- Vulnerability assessments using OpenVAS
- Summary
- Chapter 6: Gaining Network Access
- Gaining remote access
- Direct access
- Target behind router
- Cracking passwords
- Identifying hashes
- Cracking Windows passwords
- Password profiling
- Password cracking with Hydra
- Creating backdoors using Backdoor Factory
- Exploiting remote services using Metasploit
- Exploiting vsftpd
- Exploiting Tomcat
- Hacking embedded devices using RouterSploit
- Social engineering using SET
- Summary
- Gaining remote access
- Chapter 7: Assessing Web Application Security
- Importance of web application security testing
- Application profiling
- Common web application security testing tools
- Authentication
- Credentials over a secure channel
- Authentication error messages
- Password policy
- Method for submitting credentials
- OWASP mapping
- Authorization
- OWASP mapping
- Session management
- Cookie checks
- Cross-Site Request Forgery
- OWASP mapping
- Input validation
- OWASP mapping
- Security misconfiguration
- OWASP mapping
- Business logic flaws
- Testing for business logic flaws
- Auditing and logging
- OWASP mapping
- Cryptography
- OWASP mapping
- Testing tools
- OWASP ZAP
- Burp Suite
- Summary
- Chapter 8: Privilege Escalation
- What is privilege escalation?
- Horizontal versus vertical privilege escalation
- Horizontal privilege escalation
- Vertical privilege escalation
- Privilege escalation on Windows
- Privilege escalation on Linux
- Summary
- Chapter 9: Maintaining Access and Clearing Tracks
- Maintaining access
- Clearing tracks and trails
- Anti-forensics
- Summary
- Chapter 10: Vulnerability Scoring
- Requirements for vulnerability scoring
- Vulnerability scoring using CVSS
- Base metric group
- Exploitability metrics
- Attack vector
- Attack complexity
- Privileges required
- User interaction
- Exploitability metrics
- Scope
- Impact metrics
- Confidentiality impact
- Integrity impact
- Availability impact
- Impact metrics
- Temporal metric group
- Exploit code maturity
- Remediation level
- Report confidence
- Base metric group
- CVSS calculator
- Summary
- Chapter 11: Threat Modeling
- What is threat modeling?
- Benefits of threat modeling
- Threat modeling terminology
- How to model threats?
- Threat modeling techniques
- STRIDE
- DREAD
- Threat modeling tools
- Microsoft Threat Modeling Tool
- SeaSponge
- Summary
- Chapter 12: Patching and Security Hardening
- Defining patching?
- Patch enumeration
- Windows patch enumeration
- Linux patch enumeration
- Security hardening and secure configuration reviews
- Using CIS benchmarks
- Summary
- Chapter 13: Vulnerability Reporting and Metric
s
- Importance of reporting
- Type of reports
- Executive reports
- Detailed technical reports
- Reporting tools
- Dradis
- KeepNote
- Collaborative vulnerability management with Faraday v2.6
- Metrics
- Mean time to detect
- Mean time to resolve
- Scanner coverage
- Scan frequency by asset group
- Number of open critical/high vulnerabilities
- Average risk by BU, asset group, and so on
- Number of exceptions granted
- Vulnerability reopen rate
- Percentage of systems with no open high/critical vulnerability
- Vulnerability ageing
- Summary
- Other Books You May Enjoy
- Index
Статистика использования
|
|
Количество обращений: 0
За последние 30 дней: 0 Подробная статистика |