Vulnerability Analysis Overview

00:00

hello and welcome to the penetration testing execution standard discussion.

00:07

Today we're going to be doing the overview of the vulnerability analysis section of Pee tests and what we're getting ready to get into. So let's jump right in

00:17

our first area that we're going to be looking at will be vulnerability testing. We're going to briefly cover what vulnerability testing is some examples of fall types and, overall, the vulnerability testing goals. Now, a lot of times, clients will confuse vulnerability testing for penetration testing.

00:33

Always remember, the key difference here is that we're looking to see if there are vulnerabilities. Where is with pen testing were exploiting those vulnerabilities

00:42

within the active testing section. We're going to look at what active testing is. We're going to review some automated methods general vulnerability scanners, banner grabbing Web applications, scanners and obvious cation.

00:54

Then we'll get into passive testing and what that involves. We're going to look at meta data analysis as well as traffic monitoring,

01:00

and then we'll get into validation what that is. Correlation between tools and using multiple tools to validate vulnerabilities, manual testing and protocol specific testing, and then attack and manage such a CZ. The creation of attack trees, isolated lab testing and visual confirmation on vulnerabilities.

01:19

We'll move on over into research, where we'll look at public research information, exploit database and framework modules, hardening guides and common miss configurations, private research identifying potential avenues in vectors and disassembly and code analysis.

01:34

All of this will come together to give us an idea of how vulnerability analysis should be conducted

01:40

based on the penetration testing execution standard. With that in mind, I want to thank you for your time,