Presentation is loading. Please wait.

Presentation is loading. Please wait.

Vulnerability Analysis Dr. X. Computer system Design Implementation Maintenance Operation.

Published byDamian Greer Modified over 8 years ago

Similar presentations

Presentation on theme: "Vulnerability Analysis Dr. X. Computer system Design Implementation Maintenance Operation."— Presentation transcript:

1 Vulnerability Analysis Dr. X

2 Computer system Design Implementation Maintenance Operation

3 What is a vulnerability?

4 Pen testing Red/tiger team attack Authorized attempt to violate specific contrants Tests Security Controls: procedural, operational, technical

5 Layers External, no access External, with access Internal, with access

6 Flaw hypothesis methodology Information gathering Flaw hypothesis Flaw testing Flaw generalization Flaw elimination

7 Vulnerability classification Intentional Time of flaw Location

8 Intentional

9 Time

10 Location

11 Pen test Port scan Vulnerability scan Why? Prevent data breach Test your security controls Ensure system security Get a baseline Compliance

12 Steps of pen test Establish goal Information gathering Reconnaissance Discovery Port scanning Vulnerability scanning Vulnerability analysis Taking control Exploitation Brute forcing Social engineering Pivoting Reporting Evidence collection Risk analysis Remediation

13 Steps 12 subcategories of the Web Application Penetration Testing Methodology: based on OWASP methodology 1.Introduction and Objectives 2.Information Gathering 3.Configuration and Deploy Management Testing 4.Identity Management Testing 5.Authentication Testing 6.Authorization Testing 7.Session Management Testing 8.Data Validation Testing 9.Error Handling 10.Cryptography 11.Business Logic Testing 12.Client Side Testing

14 Steps Step 1: Introduction and Objectives Step 2:Information gathering Step 3:Vulnerability analysis Step 4:Simulation (Penetrate the system to provide the proof) Step 5:Risk assessment Step 6:Recommendations for reduction or recovery and providing the report

Download ppt "Vulnerability Analysis Dr. X. Computer system Design Implementation Maintenance Operation."

Similar presentations

Driving Factors Security Risk Mgt Controls Compliance.

Driving Factors Security Risk Mgt Controls Compliance.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Penetration Testing Presented by: Elham Hojati Advisor: Dr. Akbar Namin July 2014.

Penetration Testing Presented by: Elham Hojati Advisor: Dr. Akbar Namin July 2014.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
1 Vulnerability Analysis CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 26, 2004.

1 Vulnerability Analysis CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 26, 2004.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
MJ10/07041 Session 10 Accounting, Security Management Adapted from Network Management: Principles and Practice © Mani Subramanian 2000 and solely used.

MJ10/07041 Session 10 Accounting, Security Management Adapted from Network Management: Principles and Practice © Mani Subramanian 2000 and solely used.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
What Causes Software Vulnerabilities? _____________________ ___________ ____________ _______________   flaws in developers own code   flaws resulting.

What Causes Software Vulnerabilities? _____________________ ___________ ____________ _______________   flaws in developers own code   flaws resulting.
Software Security Course Course Outline 2-27-09. Course Overview Introduction to Software Security Common Attacks and Vulnerabilities Overview of Security.

Software Security Course Course Outline Course Overview Introduction to Software Security Common Attacks and Vulnerabilities Overview of Security.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Sam Cook April 18, 2013. Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.

Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.
Ensuring Information Security

Ensuring Information Security
Web Application Testing with AppScan Terry Labach.

Web Application Testing with AppScan Terry Labach.
CMGT400 Intro to Information Assurance and Security (University of Phoenix) Lecture, Week 4 Tom Olzak, MBA, CISSP.

CMGT400 Intro to Information Assurance and Security (University of Phoenix) Lecture, Week 4 Tom Olzak, MBA, CISSP.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
© 2007 Carnegie Mellon University Secure Coding Initiative Jason A. Rafail Monday, May 14 th, 2007.

© 2007 Carnegie Mellon University Secure Coding Initiative Jason A. Rafail Monday, May 14 th, 2007.
Information Systems Security Computer System Life Cycle Security.

Information Systems Security Computer System Life Cycle Security.

Similar presentations

Ads by Google