Mitigation and Verification

Improve Security Posture Software Development Life Cycle (SDLC) The requirement phase is used to capture all requirements from the customer and create the proper documentation.


Vulnerability Response

Vulnerability Reports This document usually contains the following information: Vulnerability Type Severity System Explanation Walkthrough Recommendation Using a Standard template Vulnerability Severity common Vulnerability Scoring System Verison 3.


Discovery Methodlogies

Static Application Security Testing (SAST) Static Application Security Testing (SAST) is a tool used to analyze application source code or compiled code to help identify possible security vulnerabilities.


Common Web Application Vulnerabilities

Injection Best Practice Use Parameterized Queries - This is the best method in preventing SQL Injection because all variables are limited to the data type.


Top Security Failures

Top Security Failures Exposed Services: Anonymous access to Access Server with FTP Server. Unnecessary Accounts, Excessive Permissions: Guest accounts enabled with access to company file servers.


Monitoring and Detection

Packet Flow via OSI Layers The sender uses an FTP client like PuTTY to enter a remote host to connect. This happens at the application level.


Identity Access Management

Firewall Best Practices Establish access based on the organization’s needs and priorities. Determine who can get access. From where they can access.


Infrastructure Security Assessment

Key Questions What is the importance of knowing what assets we have in our infrastructure? What system and third-party software are running in our assets?


Auditing

Understanding around locating those trails on the affected systems build a complete image of the infection along with a timeline of events.


Authorization

Linux Groups Linux Users Linux being a multi-user system, it can be used to create users in order to define the access levels and permission boundaries.


1 of 2 Next Page