Linked e-resources
Details
Table of Contents
Intro; Table of Contents; About the Authors; About the Technical Reviewer; Acknowledgments; Preface; Introduction; Chapter 1: The Attack Chain; Chapter 2: The Vulnerability Landscape; Vulnerabilities; Configurations; Exploits; False Positives; False Negatives; Malware; Social Engineering; Phishing; Curiosity Killed the Cat; Nothing Bad Will Happen; Did You Know They Removed Gullible from the Dictionary?; It Can't Happen to Me; How to Determine if Your Email Is a Phishing Attack; Ransomware; Insider Threats; External Threats; Vulnerability Disclosure; Chapter 3: Threat Intelligence
Chapter 4: Credential Asset RisksChapter 5: Vulnerability Assessment; Active Vulnerability Scanning; Passive Scanners; Intrusive Vulnerability Scanning; Nonintrusive Scanning; Vulnerability Scanning Limitations and Shortcomings; Chapter 6: Configuration Assessment; Regulations; Frameworks; Benchmarks; Configuration Assessment Tools; SCAP; Chapter 7: Risk Measurement; CVE; CVSS; STIG; OVAL; IAVA; Chapter 8: Vulnerability States; Vulnerability Risk Based on State; The Three Vulnerability States; Active Vulnerabilities; Dormant Vulnerabilities; Carrier Vulnerabilities; State Prioritization
Chapter 9: Vulnerability AuthoritiesChapter 10: Penetration Testing; Chapter 11: Remediation; Microsoft; Apple; Cisco; Google; Oracle; Red Hat; Adobe; Open Source; Everyone Else; Chapter 12: The Vulnerability Management Program; Design; Develop; Deploy; Operate; Maturity; Maturity Categories; Descriptions; Chapter 13: Vulnerability Management Design; Crawl, Walk, Run, Sprint; Implement for Today, But Plan for Tomorrow; It's All About Business Value; Chapter 14: Vulnerability Management Development; Vulnerability Management Scope; Operating Systems; Client Applications; Web Applications
Network DevicesDatabases; Flat File Databases; Hypervisors; IaaS and PaaS; Mobile Devices; IoT; Industrial Control Systems (ICS) and SCADA; DevOps; Docker and Containers; Code Review; Tool Selection; The Vulnerability Management Process; Assessment; Measure; Remediation; Rinse and Repeat {Cycle}; End of Life; Common Vulnerability Lifecycle Mistakes; Mistake 1: Disjointed Vulnerability Management; Solution; Mistake 2: Relying on Remote Assessment Alone; Solution; Mistake 3: Unprotected Zero-Day Vulnerabilities; Solution; Mistake 4: Decentralized Visibility; Solution
Mistake 5: Compliance at the Expense of SecuritySolution; Common Challenges; Aging Infrastructure; Depth and Breadth of the Program; Building the Plan; Step 1: What to Assess?; Step 2: Assessment Configuration; Step 3: Assessment Frequency; Step 4: Establish Ownership; Step 5: Data and Risk Prioritization; Step 6: Reporting; Step 7: Remediation Management; Step 8: Verification and Measurements; Step 9: Third-Party Integration; Chapter 15: Vulnerability Management Deployment; Approach 1: Critical and High-Risk Vulnerabilities Only; Approach 2: Statistical Sampling
Chapter 4: Credential Asset RisksChapter 5: Vulnerability Assessment; Active Vulnerability Scanning; Passive Scanners; Intrusive Vulnerability Scanning; Nonintrusive Scanning; Vulnerability Scanning Limitations and Shortcomings; Chapter 6: Configuration Assessment; Regulations; Frameworks; Benchmarks; Configuration Assessment Tools; SCAP; Chapter 7: Risk Measurement; CVE; CVSS; STIG; OVAL; IAVA; Chapter 8: Vulnerability States; Vulnerability Risk Based on State; The Three Vulnerability States; Active Vulnerabilities; Dormant Vulnerabilities; Carrier Vulnerabilities; State Prioritization
Chapter 9: Vulnerability AuthoritiesChapter 10: Penetration Testing; Chapter 11: Remediation; Microsoft; Apple; Cisco; Google; Oracle; Red Hat; Adobe; Open Source; Everyone Else; Chapter 12: The Vulnerability Management Program; Design; Develop; Deploy; Operate; Maturity; Maturity Categories; Descriptions; Chapter 13: Vulnerability Management Design; Crawl, Walk, Run, Sprint; Implement for Today, But Plan for Tomorrow; It's All About Business Value; Chapter 14: Vulnerability Management Development; Vulnerability Management Scope; Operating Systems; Client Applications; Web Applications
Network DevicesDatabases; Flat File Databases; Hypervisors; IaaS and PaaS; Mobile Devices; IoT; Industrial Control Systems (ICS) and SCADA; DevOps; Docker and Containers; Code Review; Tool Selection; The Vulnerability Management Process; Assessment; Measure; Remediation; Rinse and Repeat {Cycle}; End of Life; Common Vulnerability Lifecycle Mistakes; Mistake 1: Disjointed Vulnerability Management; Solution; Mistake 2: Relying on Remote Assessment Alone; Solution; Mistake 3: Unprotected Zero-Day Vulnerabilities; Solution; Mistake 4: Decentralized Visibility; Solution
Mistake 5: Compliance at the Expense of SecuritySolution; Common Challenges; Aging Infrastructure; Depth and Breadth of the Program; Building the Plan; Step 1: What to Assess?; Step 2: Assessment Configuration; Step 3: Assessment Frequency; Step 4: Establish Ownership; Step 5: Data and Risk Prioritization; Step 6: Reporting; Step 7: Remediation Management; Step 8: Verification and Measurements; Step 9: Third-Party Integration; Chapter 15: Vulnerability Management Deployment; Approach 1: Critical and High-Risk Vulnerabilities Only; Approach 2: Statistical Sampling