03 Vulnerability Mgmt And Response Flashcards
The description and analysis of vulnerabilities in a system
Vulnerability assessment
An assessment of the adequacy of security controls and the evaluation of compliance
Security audit
The ongoing repeatable processes for identifying, remediating, or accepting risk
Vulnerability management
these testers actively exploit identified vulnerabilities to eliminate the possibility of false positives and provide critical insight into risk.
Penetration testers
A language and scoring system used to convey vulnerability severity and determine urgency.
CVSS - common vulnerability scoring system, five category
Process of testing involving the modeling of techniques used by real-world attackers to find vulnerabilities under controlled circumstances.
Penetration testing
this technique changes the way malware, a payload, or other code looks at a low level in order to evade signature detection.
Ghostwriting
This phase of pen testing discovers what ports are open, what services are associated with what ports, and the application version numbers.
Scanning and enumeration
Three types of pen testing
External, internal, web application
This is a working project to document all public command and control frameworks in a single place.
C2 matrix
These are tools that if a vulnerability exists will exploit the system.
Exploitation frameworks
A piece of malware that’s goal is to subvert user land and kernel detective controls to provide ongoing access.
Rootkit