Professional Documents
Culture Documents
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
1
available ways of attack includes changing passwords, removing unnecessary
software and logins, and disabling or removing unnecessary services.
10. Honeynet – A honeynet is a network built with calculated vulnerabilities. Its purpose
is to invite attacks so that an attacker’s activities and methods can be studied, and that
information used to increase network security. A honeynet contains one or more
honeypots. While the primary purpose of a honeynet is to gather information about
attackers’ methods and motives, the decoy network can divert attackers from a real
network and its resources.
11. Honeypot – A honeypot is a computer or computer system intended to mimic targets
of cyberattacks. It can be used to detect attacks or deflect them from a legitimate
target. It can also be used to gain information about how malicious actors operate.
12. Network scanner – A network scanner is a tool used to find and categorize devices
running on a network. The user inputs a range of IP addresses into the tool and the
scanner determines if there is an active device present on each given IP address. One
of the most famous network scanners is Nmap, the Network Mapper.
13. Non-Intrusive Vulnerability Scan – A Non-Intrusive scan tries not to cause any
harm to the target by checking the remote service version, if the vulnerable options
are enabled, and other available information. A nonintrusive scan cannot determine
for sure if a service installed is vulnerable.
14. Penetration testing – It is the practice of testing a computer system, network, or web
application to find security vulnerabilities that an attacker could exploit. It can be
automated with software applications or performed manually. The process involves
analyzing and assessing the target, and reporting back the findings.
15. Port number – A port number is the logical address of each application or process
that uses a network or the Internet to communicate.
16. Port scanner – A port scanner is used for determining which ports on a network are
open. Using a port scanner on a network or server reveals which ports are open and
listening (receiving information), as well as revealing the presence of security devices
such as firewalls.
17. The Common Vulnerability Scoring System (CVSS) – The Common Vulnerability
Scoring System (CVSS) captures the basic characteristics of a vulnerability and
produces a numerical score reflecting its severity. This score can be translated into a
qualitative representation to help organizations assess and prioritize their vulnerability
management processes.
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
2
18. Unauthenticated or Non-Credentialed Vulnerability Scan – An Unauthenticated or
Non-Credentialed Vulnerability scan is vulnerability testing performed without using a
credentialed user.
19. Vulnerability – A vulnerability is a mistake in software code that provides an attacker
with direct access to a system or network. For instance, a vulnerability may allow an
attacker to pose as a system administrator who has full access privileges.
20. Vulnerability Assessment – A vulnerability assessment is the process of defining,
identifying, classifying and prioritizing vulnerabilities in computer systems,
applications, and network infrastructures and providing the necessary knowledge,
awareness, and risk background to the organization being examined.
21. Vulnerability Scan – A vulnerability scan is the inspection of potential points of exploit
on a computer or network to identify possible vulnerabilities.
22. Vulnerability scanner – A vulnerability scan detects and classifies system
weaknesses in computers, networks, and communications equipment and predicts the
effectiveness of countermeasures. The software compares details about the target
attack surface to a database of information about known security holes in services and
ports, anomalies in packet construction, and potential paths to exploitable programs
or scripts and attempts to exploit each vulnerability that is discovered.
23. White box test – White box testing, also known as clear-box, open-box, auxiliary and
logic-driven testing, is a type of testing where testers are given full access to source
code, architecture documentation, and other critical information. Considering the
amount of data available to identify potential points of weakness, it the most time-
consuming type of penetration testing.
References:
1. https://www.itprotoday.com/security/intrusive-vs-nonintrusive-scanning
2. https://whatis.techtarget.com/definition/attack-surface
3. https://www.tripwire.com/state-of-security/vulnerability-management/testing-scan-
credentials-for-more-accurate-vulnerability-assessment/
4. https://whatis.techtarget.com/definition/banner-grabbing
5. https://resources.infosecinstitute.com/what-are-black-box-grey-box-and-white-box-
penetration-testing/
6. https://cve.mitre.org/
7. https://www.gb-advisors.com/cyber-exposure-the-new-approach-in-digital-security/
8. https://securelayer7.net/grey-box-penetration-testing
9. https://www.techopedia.com/definition/24833/hardening
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
3
10. https://searchsecurity.techtarget.com/definition/honeynet
11. https://us.norton.com/internetsecurity-iot-what-is-a-honeypot.html
12. https://study.com/academy/lesson/what-is-a-network-scanner-definition-use.html
13. https://www.oreilly.com/library/view/security-power-tools/9780596009632/ch03.html
14. https://searchsecurity.techtarget.com/definition/penetration-testing
15. https://searchnetworking.techtarget.com/definition/port-number
16. https://www.techopedia.com/definition/13076/port-scanner
17. https://www.first.org/cvss/
18. https://docs.tenable.com/nessusagent/7_1/Content/TraditionalScansUncredentialed.
htm
19. https://www.rapid7.com/fundamentals/vulnerabilities-exploits-threats/
20. https://www.beyondtrust.com/resources/glossary/vulnerability-assessment
21. https://www.beyondtrust.com/resources/glossary/vulnerability-scanning
22. https://searchsoftwarequality.techtarget.com/definition/vulnerability-scanner
23. https://www.whitehatsec.com/glossary/content/white-box-testing
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.