Please enable JavaScript.
Coggle requires JavaScript to display documents.
Assessment Tools and Techniques - Coggle Diagram
Assessment Tools and Techniques
Vulnerability Assessments and Pentests
Penetration testing
Find ways to bypass security controls
Find ways to remove or disable controls
Exploit vulnerabilities to prove threat exists
Vulnerability assessment
In-depth analysis of security systems and policies
Generally “passive” techniques
Discover vulnerabilities without exploiting them
Identify lack of security controls / misconfigurations
Security Assessment Techniques
Determine a methodology and scope eg NIST SP 800-115
Testing
Examining
Interviewing
Scope
External threats, insider threats, software vulnerabilities
Require different approaches and skill sets
Other methodologies
Open Source Security Testing
Certified Ethical Hacker
GIAC
Offensive Security
Establishing a Methodology
“No holds barred” or rules and restrictions
Identify only or identify and exploit
Attack profile
Black box (blind)
White box (full disclosure)
Grey box (somewhere between – to model insider threat agents for instance)
Environment and disclosure
Vulnerability Scanners
Software configured with list of known exploits / vulnerabilities
Active or passive detection
Host / OS or web application
Standards-based reporting
Intrusive versus non-intrusive scanning
Credentialed versus non-credentialed scanning
Identifying lack of controls and misconfigurations
Interpreting scan results
Honeypots and Honeynets
Analyze and identify attacks
Act as decoys
Low interaction
High interaction