• Classroom
  • Online, Instructor-Led
  • Online, Self-Paced
Course Description

The Assessing Network Vulnerabilities course teaches participants how to exploit and run vulnerability scans to better secure networks, servers and workstations. In the course, candidates will learn how to

  • Assess the risk to your systems from vulnerabilities and exploits
  • Employ exploits to validate system defenses
  • Conduct vulnerability scans of your networks, servers and workstations
  • Integrate advisories and alerts into your security practices and procedures
  • Respond to evolving risk levels by prioritizing your defensive resources
  • Manage an ongoing vulnerability assessment process

Learning Objectives

  • Introduction to Network Vulnerability Assessments
    • Focus of the Vulnerability Assessment
    • Vulnerability Assessment Legal Landscape
    • Vulnerability Assessments and Risk Management
    • Assessment Methodologies and Planning
    • Difference Between Vulnerability Assessments and Penetration Testing
  • Network Vulnerability Testing Methodologies
    • The Open Source Security Testing Methodology (OSSTMM)
    • The Information Systems Security Assessment Framework (ISSAF)
    • The NIST Guideline on Network Security Testing (SP 800-115)
  • Information Security Testing Techniques - Phases in Network Vulnerability Assessments
    • Passive and Active
    • DEMO: Passive and Active Gathering/Scanning
    • White-Box and Black-Box Approach
    • Blue Team and Red Team
  • Footprinting and Information Gathering
    • Discreet Information Gathering
    • Acquiring target information (Passive Reconnaissance)
    • Scanning and enumerating resources (Active Reconnaissance)
    • Network Mapping
    • Operating System and Services banner grabbing
    • Operating System and Services Fingerprinting
    • Hands-On Exercise
  • Conducting the Assessment
    • Assessment Methodology
    • External Assessments and Tools
    • Internal Assessments and Tools
    • Application Assessments
    • Assessment Exercises ? Internal and External
  • Results Analysis and Reporting
    • Vulnerability Analysis
    • Common Errors During Vulnerability Analysis
    • Vulnerability Assessment Reporting
  • Vulnerability Remediation
    • Strategies for Vulnerability Remediation
    • Tools for Remediation
    • Hands-On Exercises with Remediation Tools CAPSTONE Exercise

Framework Connections


If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.