Explain Vulnerability Management

---

Goals

• Describe the importance of vulnerability management
• Explain security concerns associated with general and application-specific vulnerabilities
• Summarize vulnerability scanning techniques
• Explain vulnerability analysis concepts

Device and OS Vulnerabilities

• Operating System Vulnerabilities
• Vulnerability Types
  • Legacy and End-of-Life (EOL) Systems
  • Firmware Vulnerabilities
  • Virtualization Vulnerabilities
• Zero-Day Vulnerabilities
• Misconfiguration Vulnerabilities
• Cryptographic Vulnerabilities
• Sideloading, Rooting, and Jailbreaking

Application and Cloud Vulnerabilities

• Application Vulnerabilities
• Evaluation Scope
• Web Application Attacks
• Cloud-Based Application Attacks
  • Cloud Access Security Broker (CASB)
• Supply Chain Vulnerabilities

Vulnerability Identification Methods

• Vulnerability Scanner
• Types of Vulnerability Scans
  • Non-credentialed Scans
  • Credentialed Scans
  • Application Scanning
  • Package Monitoring
• Threat Feeds
  • Threat Intelligence Research
  • Information-Sharing Organizations
  • Open-source Intelligence (OSINT)
• Deep and Dark Web

Other Vulnerability Assessment Methods

• Penetration Testing
• Types of Penetration Tests
• Bug Bounty
• Auditing

Vulnerability Analysis and Remediation

• Vulnerability Feed
• Common Vulnerabilities and Exposures (CVE)
• Common Vulnerability Scoring System (CVSS)
• False Positives, False Negatives, and Log Review
• Vulnerability Analysis
• Vulnerability Response and Remediation