1.7 Techniques used in security assessments Flashcards
Intelligence fusion
This combines information from threat feeds, security advisories and bulletins and other sources
Threat feeds
These are intended to provide up to date detail about threats in a way that your organization can leverage.
Advisorie and bulletins
This is part of threat hunting
maneuver
this is part of threat hunting
False positives
When a scanner reports a vulnerability that doesnt exist
false negatives
When a vulnerability scanner reports an inaccurate report
log reviews
These are from servers, applications etc, that might contain information about possible attempts to exploit detected vulnerabilities
credentialed vs. non credentialed
Credentialed scan can check whether the update is installed on the system before reporting a vulnerability
application
These are commonly used as part of the software development process to identify common security vulnerabilities
web application
Specialized tools used to examine the security of web applications. They test for SQL injections, XSS etc.
network
Vulnerability scan that runs over a network, probing the system from a distance
common vulnerabilities and exposures (CVE)
Provides a standard nomenclature for describing security-related software flaws
common vulnerability scoring system (CVSS)
Provides a standardized approach for measuring and describing the severity of security related software flaws
Syslog/Security information and event management (SIEM)
Systems that correlate log entries from multiple sources and provide actionable intelligence
Packet Capture
The ability to capture and analyze raw packet data from network traffic can be useful for incident analysis
