This book will take readers from the discovery of vulnerabilities and the creation of the corresponding exploits, through a complete security assessment, all the way through deploying patches against these vulnerabilities to protect their networks.
This is unique in that it details both the management and technical skill and tools required to develop an effective vulnerability management system. Business case studies and real world vulnerabilities are used through the book. It starts by introducing the reader to the concepts of a vulnerability management system. Readers will be provided detailed timelines of exploit development, vendors’ time to patch, and corporate path installations. Next, the differences between security assessment s and penetration tests will be clearly explained along with best practices for conducting both. Next, several case studies from different industries will illustrate the effectiveness of varying vulnerability assessment methodologies. The next several chapters will define the steps of a vulnerability assessment including: defining objectives, identifying and classifying assets, defining rules of engagement, scanning hosts, and identifying operating systems and applications. The next several chapters provide detailed instructions and examples for differentiating vulnerabilities from configuration problems, validating vulnerabilities through penetration testing. The last section of the book provides best practices for vulnerability management and remediation.
* Unique coverage detailing both the management and technical skill and tools required to develop an effective vulnerability management system
* Vulnerability management is rated the #2 most pressing concern for security professionals in a poll conducted by Information Security Magazine
* Covers in the detail the vulnerability management lifecycle from discovery through patch.
The target audience for this book consists of information security professionals and system administrators responsible for the security of their networks. Networks of any and all types are now being exploited by malicious hackers, which means this book is relevant for all IT professionals regardless off what type of network they are running.