In this video, Marc Menninger describes how to analyze the security vulnerabilities found while conducting the assessment. Discover the purpose of the analysis and how to validate the vulnerabilities found during the analysis process.
- Security vulnerabilities found while conducting…the assessment should be analyzed…either during or after the assessment.…The purpose of this analysis is to validate, categorize,…and find the root causes of the vulnerabilities.…Some of the identified vulnerabilities…may be false positives, meaning they appear to be…security problems at first, but after further examination,…they're no longer considered vulnerabilities.…This can happen when patches are applied…but the new version number hasn't been updated.…
The vulnerable service or function is disabled…or a condition or workaround exists…that negates the vulnerability.…It's important to eliminate false positive findings…to prevent resources from being expended…on solving a problem that doesn't exist.…Vulnerabilities can be validated by…running other scanning tools against the systems…with the suspected vulnerabilities…and comparing the results with the original findings.…If they match, there's a good chance…the results are reliable.…
Another validation method is to…
- Cite the three phases of external security assessments.
- Explain the reasons for conducting a log review.
- Explain what network sniffing is and why it’s used.
- Describe when to use a file integrity checking tool.
- Differentiate between active network discovery and passive network discovery.
- Explain how to scan for vulnerabilities.
- Relate the three techniques useful for validating target vulnerabilities.
- Explain the four-stage methodology of conducting penetration tests.
Skill Level Intermediate
1. Overview of Technical Security Assessments
2. Technical Security Assessment Reviews
3. Identify and Analyze Targets
4. Validate Target Vulnerabilities
5. Planning Technical Security Assessments
6. Executing the Technical Security Assessment
7. Post-Testing Activities
Report the results2m 16s
Next steps1m 32s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.