Training – Vulnerability Management

Vulnerability Management (3 Submodules)

Vulnerabilities, in software and sometimes even in hardware, are open gates attackers can utilize to gain access to private systems and networks. Worse, they have become a fact IT managers and administrators have to deal with, ever accompanied by the concern that a single critical vulnerability has been overlooked that will later be exploited.

Submodule 1

Vulnerability Management addresses this problem with a systematic approach to make this a reliable and reoccurring process. This module gives an overview of standards, details how to distribute security advisories among your constituency and how to plan and roll out patches in your organization.

  • 1. Vulnerability Management Process and Standards

    (slides) (recording)
    The task of dealing with Vulnerabilities in Software, and sometimes even in Hardware, has gone from an ad hoc, emergency activity to a continuous, planned task that has become one of the building blocks of reliable, secure systems and networks.

    This webinar will give an overview of the existing standards and will cover some of the key elements, like CVE and CVSS, in depth, that will be referenced throughout the coming webinars on vulnerability management.

  • 2. Vulnerability Information – How to gather and distribute security advisories to your constituency

    (slides) (recording)
    Before one can address with vulnerabilities, one needs to be aware of them: their existence, their consequences, and what to do about them. While CSIRTs and PSIRTs take care of the initial steps in researching and publishing information, the task of actually forwarding this information to the administrators responsible for vulnerable systems, is something that every organisation has to deal with themselves.

    This webinar will show how this task can be dealt with and what information should be included in a security advisory.

  • 3. Patch Management – How to roll out and track security fixes to your systems

    (slides) (recording)
    ‘Patching’ is the name given to the process of replacing vulnerable software with a corrected version. However, the sheer number of patches that has to be applied constantly has led to the requirement to automate and track the application of patches.

    This webinar will give an overview of the process of applying patches and what tools can be used to automate the task.

Submodule 2

Scanning for vulnerabilities in your organisations network is considered one of the key aspects of vulnerability management. In this three-webinar sub-module, different scanning and testing approaches are covered. From scanning the system inside-out or from the outside to simulating actual attacks (pentesting), the attendees will be taken through the introductory steps of conducting and supervising scans and pentests.

  • 1. Looking into the Network – How to scan local systems for vulnerabilities and misconfigurations

    (slides) (recording)
    Today’s systems are so complex that it’s almost impossible to run a system without vulnerabilities and misconfigurations. And although there are plenty of benchmarks, baselines, and hardening guides available, it is difficult to apply them to the local environment.

    This webinar will introduce some of the most useful frameworks and tools for local vulnerability scanning.

  • 2. Network Vulnerability Scanning – Looking from afar

    (slides) (recording)
    In order to stay ahead of the threats to a large infrastructure, it is crucial to maintain a clear picture of whether there are vulnerabilities in the components deployed and, if so, which ones. Scanning systems through the network is one way of gaining insight into this issue.

    This webinar will provide an introduction to the concepts of network scanning, its benefits, and its drawbacks, as well as offer some practical examples.

  • 3. Penetration Tests – How does your network stand up against real attacks?

    (slides) (recording)
    No matter how much scanning for vulnerabilities and security process evaluating is done, one question remains: is this really enough against real attacks? Short of experiencing an attack in real life, penetration tests try to answer this question by conducting attacks in a controlled manner.

    This webinar will give managers and administrators an introduction to the standards and workflow of penetration tests to help in planning and supervising penetration tests carried out on their networks.

Submodule 3

Looking for vulnerabilities in existing systems and services has become a common practice, however, vulnerability scanning covers only software packages from established sources and only those vulnerabilities that are already known. But what about vulnerabilities you don’t know about yet? What about software that is developed in-house. This sub-module will give an introduction into the topics of code audits and vulnerability disclosure, covering two main aspects of vulnerability management for software that you are responsible for. Concluding will be an introduction into Breach and attack simulation, a relatively new approach to assess the risks and consequences of existing vulnerabilities in your network.

  • 1. Code Audits

    (slides) (recording)
    Software without bugs or vulnerabilities doesn’t exist. If your organization runs software development teams they will likely have heard of things like secure software development lifecycles and the like.

    This webinar will introduce some basic concepts as well as tools that help developers finding bugs before the software goes into production.

  • 2. Vulnerability Disclosure

    (slides) (recording)
    So you have found vulnerabilities in other people’s code. Or other people have found vulnerabilities in your code. Either way: How to handle the situation? In the long run, trying to keep information about the vulnerability under wraps is unlikely to work.

    In this module, we will cover some aspects and strategies of how to approach this issue.

  • 3. Breach and Attack Simulation – Matching attacker behaviour with vulnerabilities

    (slides) (recording)
    Breach and Attack Simulation (BAS) is a relatively new approach to vulnerability assessment that goes beyond simple scoring of vulnerabilities by also taking the modus operandi of adversaries into account.

    This webinar will give an introduction into the topic and present some open source tools to do BAS.

Skip to content