Domain 4
4.3 Vulnerability Management
Explain various activities associated with vulnerability management.
0% Complete

Identification methods are the internal and external processes used to discover vulnerabilities, verify identities, and gather intelligence regarding a system's security posture.
Intelligence and Information Gathering - OSINT (Open-Source Intelligence): The practice of collecting information from publicly available sources such as social media, domain registries, and government records. - Threat Hunting: A proactive, manual search through networks to detect bypasses of existing security controls. - Digital Certificates: Identification documents used in a Public Key Infrastructure (PKI) where a Certificate Authority (CA) verifies a user’s identity through documents like passports or licenses before issuing a certificate.
Vulnerability Assessments and Scans - Vulnerability Scans: Passive tools that identify known weaknesses, missing patches, or misconfigurations without actively exploiting them. - Static Analysis (SAST): Examining source code or compiled binaries without executing the program to find security flaws. - Dynamic Analysis (DAST): Testing an application while it is running to identify issues like memory leaks or runtime errors. - Credentialed vs. Non-credentialed: A credentialed scan uses administrative logins to see deep system configurations, while a non-credentialed scan views the network from the perspective of an outside hacker.
Penetration Testing - Active Reconnaissance: Directly interacting with a target system (e.g., port scanning) to gather data. - Exploitation: The phase where a tester attempts to bypass security controls to gain unauthorized access or escalate privileges. - Pen Test Teams: Red Teams act as the attacker, Blue Teams act as the defender, and Purple Teams facilitate communication between both to improve overall security.
Cryptanalysis and Attacks - Cryptanalysis: The process of attempting to decrypt ciphertext into plaintext without authorized access to the original encryption keys. - Adversarial AI: Using machine learning to automate attacks, bypass filters, or "poison" a system’s training data to cause misclassification. - Social Engineering: Exploiting human psychology through tactics like urgency, authority, or intimidation to bypass technical identification controls.
Identification vs. AAA - Identification: Claiming an identity (e.g., entering a username). - Authentication: Proving that identity (e.g., providing a password or certificate). - Authorization: Determining what actions an identified user is permitted to perform. - Accounting: Recording and auditing the actions performed by the user.
Quick recall - SAST: Code is "at rest" (static). - DAST: Code is "in motion" (dynamic). - Passive: Scanning that does not disrupt services. - Active: Testing that involves direct engagement or exploitation. - CA: The entity that validates identity for PKI certificates. - OSINT: Information gathering via Google, LinkedIn, or DNS records.