Practical Vulnerability Management
A Strategic Approach to Managing Cyber Risk
(Sprache: Englisch)
Practical Vulnerability Management shows you how to weed out system security weaknesses and squash cyber threats in their tracks.
Bugs: they're everywhere. Software, firmware, hardware -- they all have them. Bugs even live in the cloud. And when one of...
Bugs: they're everywhere. Software, firmware, hardware -- they all have them. Bugs even live in the cloud. And when one of...
lieferbar
versandkostenfrei
Buch (Kartoniert)
Fr. 36.90
inkl. MwSt.
- Kreditkarte, Paypal, Rechnungskauf
- 30 Tage Widerrufsrecht
Produktdetails
Produktinformationen zu „Practical Vulnerability Management “
Klappentext zu „Practical Vulnerability Management “
Practical Vulnerability Management shows you how to weed out system security weaknesses and squash cyber threats in their tracks.Bugs: they're everywhere. Software, firmware, hardware -- they all have them. Bugs even live in the cloud. And when one of these bugs is leveraged to wreak havoc or steal sensitive information, a company's prized technology assets suddenly become serious liabilities.
Fortunately, exploitable security weaknesses are entirely preventable; you just have to find them before the bad guys do. Practical Vulnerability Management will help you achieve this goal on a budget, with a proactive process for detecting bugs and squashing the threat they pose.
The book starts by introducing the practice of vulnerability management, its tools and components, and detailing the ways it improves an enterprise's overall security posture. Then it's time to get your hands dirty! As the content shifts from conceptual to practical, you're guided through creating a vulnerability-management system from the ground up, using open-source software.
Along the way, you'll learn how to:
• Generate accurate and usable vulnerability intelligence
• Scan your networked systems to identify and assess bugs and vulnerabilities
• Prioritize and respond to various security risks
• Automate scans, data analysis, reporting, and other repetitive tasks
• Customize the provided scripts to adapt them to your own needs
Playing whack-a-bug won't cut it against today's advanced adversaries. Use this book to set up, maintain, and enhance an effective vulnerability management system, and ensure your organization is always a step ahead of hacks and attacks.
Lese-Probe zu „Practical Vulnerability Management “
INTRODUCTIONIt s human nature to pay attention to the problems that are big and flashy, attracting lots of interest, such as advanced persistent threat (APT) groups state-sponsored attackers. APT-linked attackers have compromised major retailers, financial institutions, and even government networks. But when we focus all of our attention on APTs and other headline-generating activity, we miss basic issues. Even though you have new firewalls protecting your system and powerful traffic-monitoring devices, if you don t keep up with the bread and butter of your security responsibilities, you re leaving many chinks in your system s armor. Neglecting the basics, like keeping your systems updated, can lead to serious consequences.
Consider this example: suppose you re an information security manager at a medium-sized e-commerce business. You ve set up firewalls to block incoming traffic except for traffic to internet-facing services on systems in your demilitarized zone (DMZ). You ve turned on egress filtering to block unauthorized exit traffic. An antivirus is on the endpoints, and you ve hardened your servers. You believe your system is safe.
But an old web service is running on an outdated version of Tomcat on a Linux server in the DMZ. It s a relic from an ill-advised foray into selling some of your company s valuable proprietary data to selected business partners. The initiative failed, but because you made some sales, you had a contractual obligation to keep that server up for another year. At the end of the year, the project was quietly shuttered, but the server is still running. Everyone has forgotten about it. But someone on the outside notices it. An attack comes in from a compromised server in Moldova, and your unpatched Tomcat server is vulnerable to a five-year-old Java issue. Now the attacker has a foothold in your network, and all your protections couldn t stop it. Where did you fail?
This guide demonstrates the value of strong
... mehr
information security fundamentals. These are the most important components of a successful information security program. Unfortunately, they re regularly neglected in favor of sexier topics, such as traffic analysis and automated malware sandboxing. Don t get me wrong; these are great advances in the state of the art of information security. But without a strong grasp of the fundamentals, investment in more advanced tools and techniques is futile.
Who This Book Is For
This book is for security practitioners tasked with defending their organization on a small budget and looking for ways to replicate functionality from commercially available vulnerability management tools. If you re familiar with vulnerability management as a process, you ll have a head start. To build your own vulnerability management system, you should be familiar with Linux and database concepts and have some experience in a programming language like Python. The scripts in this book are written in Python, but you can functionally re-create them in whichever modern scripting or programming language you prefer.
Back to Basics
You can consider a number of security topics as foundational, such as authentication management, network design, and asset management. Although these elements might not be exciting or interesting for an analyst to work on, they re of critical importance.
Vulnerability management is one of the foundational concepts of information security. A perfectly written and configured software package doesn t exist. Bugs are an inevitable part of software, and many bugs have security implications. Dealing with these software vulnerabilities is a perennial issue in information security; the practice of vulnerability management is required for a baseline level of security that can serve as a trus
Who This Book Is For
This book is for security practitioners tasked with defending their organization on a small budget and looking for ways to replicate functionality from commercially available vulnerability management tools. If you re familiar with vulnerability management as a process, you ll have a head start. To build your own vulnerability management system, you should be familiar with Linux and database concepts and have some experience in a programming language like Python. The scripts in this book are written in Python, but you can functionally re-create them in whichever modern scripting or programming language you prefer.
Back to Basics
You can consider a number of security topics as foundational, such as authentication management, network design, and asset management. Although these elements might not be exciting or interesting for an analyst to work on, they re of critical importance.
Vulnerability management is one of the foundational concepts of information security. A perfectly written and configured software package doesn t exist. Bugs are an inevitable part of software, and many bugs have security implications. Dealing with these software vulnerabilities is a perennial issue in information security; the practice of vulnerability management is required for a baseline level of security that can serve as a trus
... weniger
Inhaltsverzeichnis zu „Practical Vulnerability Management “
IntroductionPart I: Vulnerability Management Basics
Chapter 1: Basic Concepts
Chapter 2: Sources of Information
Chapter 3: Vulnerability Scanners
Chapter 4: Automating Vulnerability Management
Chapter 5: Vulnerability Management Outcomes
Chapter 6: Vulnerability Management and Organizational Priorities
Part II: Hands-on Vulnerability Management
Chapter 7: Setting Up Your Environment
Chapter 8: Using the Data Collection Tools
Chapter 9: Getting Your Data into Usable Format
Chapter 10: Maintaining the Database
Chapter 11: Generating Asset and Vulnerability Reports
Chapter 12: Automating Scans and Reporting
Chapter 13: Advanced Reporting
Chapter 14: Advanced Topics
Chapter 15. Conclusion
Index
Autoren-Porträt von Andrew Magnusson
Andrew Magnusson
Bibliographische Angaben
- Autor: Andrew Magnusson
- 2020, 192 Seiten, Masse: 18 x 23,1 cm, Kartoniert (TB), Englisch
- Verlag: No Starch Press
- ISBN-10: 1593279884
- ISBN-13: 9781593279882
- Erscheinungsdatum: 29.10.2020
Sprache:
Englisch
Pressezitat
"An easy read and offers comprehensive solutions to keeping an organization secure and always prepared for possible attacks." Helga Labus, Help Net Security
Kommentar zu "Practical Vulnerability Management"
0 Gebrauchte Artikel zu „Practical Vulnerability Management“
Zustand | Preis | Porto | Zahlung | Verkäufer | Rating |
---|
Schreiben Sie einen Kommentar zu "Practical Vulnerability Management".
Kommentar verfassen