0 - Introduction - JA Smith

- Vulnerability assessments look for vulnerabilities in networks without simulating cyber attacks - All companies should perform vulnerability assessments every so often - Penetration tests, depending on their type (i.e., black, gray, white), evaluate the security of different assets and the impact of the issues present in the environment - Pentests may include manual and automated tactics to assess an organization's security posture - Often, pentests give a better idea of how secure a company's assets are from a testing perspective because it is a simulated cyber attack to see if and how the network can be penetrated ![[images/Pasted image 20251028152917.png]] - Other types of security assessments - Security audit - may be mandated by a govt ageny or industry association (e.g., PCI-DSS) - Bug bounty - Red team assessment - Purple team assessment # Vulnerability Assessment 8 Steps: 1) conduct risk identification and analysis 2) develop vuln scanning policies 3) identify scan types 4) configure scan 5) perform scan 6) evaluate and consider possible risks 7) interpret scan results 8) create remediation and mitigation plan - Vuln + Threat = Risk - Asset Mgmt - Asset inventory including IT, operational tech, physical assets, SW assets, mobile assets, and dev assets - App and system inventory (including data assets) - On-prem stored data - Cloud-stored data - SaaS stored data - On-prem networking and security devices: routers, switches, FWs, IDS/IPS # Assessment Standards - Compliance standards - PCI-DSS - HIPAA - FISMA - ISO 27001 - Pentesting standards - Legal contract with rules of engagement and guidelines - Penetration Testing Execution Standard (PTES) can be applied to pentests - pre-engagement interactions - intel gathering - threat modeling - vuln - analysis - exploitation - post-exploitation - reporting - Open Source Security Testing Methodology Manual (OSSTMM) is another set of guidelines pentesters can use to ensure they're doing their jobs properly, which is grouped into different pentesting areas: - human security - physical security - wireless comms - telecomms - data networks - NIST Cybersecurity Framework - Broken into 4 phases: - planning - discovery - attack - reporting - OWASP (open web app security project) is a go-to for defining testing standards and classifying risks to web applications