Vulnerability Analysis Dr. X. Computer system Design Implementation Maintenance Operation.

Slides:



Advertisements
Similar presentations
Driving Factors Security Risk Mgt Controls Compliance.
Advertisements

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Penetration Testing Presented by: Elham Hojati Advisor: Dr. Akbar Namin July 2014.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
1 Vulnerability Analysis CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 26, 2004.
Network Security Testing Techniques Presented By:- Sachin Vador.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
MJ10/07041 Session 10 Accounting, Security Management Adapted from Network Management: Principles and Practice © Mani Subramanian 2000 and solely used.
Stephen S. Yau CSE , Fall Security Strategies.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
What Causes Software Vulnerabilities? _____________________ ___________ ____________ _______________   flaws in developers own code   flaws resulting.
Software Security Course Course Outline Course Overview Introduction to Software Security Common Attacks and Vulnerabilities Overview of Security.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.
Ensuring Information Security
Web Application Testing with AppScan Terry Labach.
CMGT400 Intro to Information Assurance and Security (University of Phoenix) Lecture, Week 4 Tom Olzak, MBA, CISSP.
SEC835 Database and Web application security Information Security Architecture.
© 2007 Carnegie Mellon University Secure Coding Initiative Jason A. Rafail Monday, May 14 th, 2007.
Information Systems Security Computer System Life Cycle Security.
A Framework for Automated Web Application Security Evaluation
 Computer security policy ◦ Defines the goals and elements of an organization's computer systems  Definition can be ◦ Highly formal ◦ Informal  Security.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 4 Finding Network Vulnerabilities By Whitman, Mattord, & Austin© 2008 Course Technology.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 1.
Prepared by: Dinesh Bajracharya Nepal Security and Control.
Security Architecture
Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration.
7-Oct-15 System Auditing. AUDITING Auditing is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic.
Information Systems Security Operations Security Domain #9.
IS Network and Telecommunications Risks Chapter Six.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Engineering Essential Characteristics Security Engineering Process Overview.
APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.
Vulnerability Analysis Stefanie Wilcox. Vulnerabilities zHardware zSoftware zData.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Application Security in a cyber security program
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Slide 1 Security Engineering. Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To.
Chapter 23: Vulnerability Analysis Dr. Wayne Summers Department of Computer Science Columbus State University
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
Incident Response Christian Seifert IMT st October 2007.
Risk Assessments in Many Flavors George J. Dolicker, CISA, CISSP.
Department of Computer Science Introduction to Information Security Chapter 7 Activity Security Assessment Semester 1.
CSCE 548 Secure Software Development Penetration Testing.
Vulnerability Analysis
Penetration Testing in Financial Institutions
Penetration Testing: Concepts,Attacks and Defence Stratagies
Security Policies.
Critical Security Controls
Penetration Testing Presented by: Elham Hojati
Security Testing Methods
Chap 20. Vulnerability Analysis
Secure Software Confidentiality Integrity Data Security Authentication
Capabilities Matrix Access and Authentication
Security Policies.
Penetration Testing Presented by: Elham Hojati
Introduction to the Federal Defense Acquisition Regulation
^ About the.
Security Engineering.
OWASP Secure Coding Practices Quick Reference Guide
Validating Your Information Security Program (ISP 3 of 3)
Getting benefits of OWASP ASVS at initial phases
Chapter 23: Vulnerability Analysis
IS4680 Security Auditing for Compliance
IBM GTS Storage Security and Compliance overview.
Chris Romano Andrew Shepardson IA 456
Ethical Hacking ‘Ethical hacking’ is the branch of computer science that involves cybersecurity and preventing cyberattacks. Ethical hackers are not malicious.
Albeado - Enabling Smart Energy
Presentation transcript:

Vulnerability Analysis Dr. X

Computer system Design Implementation Maintenance Operation

What is a vulnerability?

Pen testing Red/tiger team attack Authorized attempt to violate specific contrants Tests Security Controls: procedural, operational, technical

Layers External, no access External, with access Internal, with access

Flaw hypothesis methodology Information gathering Flaw hypothesis Flaw testing Flaw generalization Flaw elimination

Vulnerability classification Intentional Time of flaw Location

Intentional

Time

Location

Pen test Port scan Vulnerability scan Why? Prevent data breach Test your security controls Ensure system security Get a baseline Compliance

Steps of pen test Establish goal Information gathering Reconnaissance Discovery Port scanning Vulnerability scanning Vulnerability analysis Taking control Exploitation Brute forcing Social engineering Pivoting Reporting Evidence collection Risk analysis Remediation

Steps 12 subcategories of the Web Application Penetration Testing Methodology: based on OWASP methodology 1.Introduction and Objectives 2.Information Gathering 3.Configuration and Deploy Management Testing 4.Identity Management Testing 5.Authentication Testing 6.Authorization Testing 7.Session Management Testing 8.Data Validation Testing 9.Error Handling 10.Cryptography 11.Business Logic Testing 12.Client Side Testing

Steps Step 1: Introduction and Objectives Step 2:Information gathering Step 3:Vulnerability analysis Step 4:Simulation (Penetrate the system to provide the proof) Step 5:Risk assessment Step 6:Recommendations for reduction or recovery and providing the report

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.