Chapter 1, Vulnerability Management Governance, is about understanding the essentials of vulnerability management program from a governance perspective and introducing the reader to some absolute basic security terminology and the essential prerequisites for initiating a security assessment.
Chapter 2, Setting Up the Assessment Environment, will introduce various methods and techniques for setting up a comprehensive vulnerability assessment and penetration testing environment.
Chapter 3, Security Assessment Prerequisites, is about knowing the prerequisites of security assessment. We will learn what all planning and scoping are required along with documentation to perform a successful security assessment.
Chapter 4, Information Gathering, is about learning various tools and techniques for gathering information about the target system. We will learn to apply various techniques and use multiple tools to effectively gather as much information as possible about the targets in scope. The information gathered from this stage would be used as input to the next stage.
Chapter 5, Enumeration and Vulnerability Assessment, is about exploring various tools and techniques for enumerating the targets in scope and performing a vulnerability assessment on them.
Chapter 6, Gaining Network Access, is about getting insights on how to gain access to a compromised system using various techniques and covert channels.
Chapter 7, Assessing Web Application Security, is about learning various aspects of web application security.
Chapter 8, Privilege Escalation, is about knowing various concepts related to privilege escalation. The reader would get familiar with various privilege escalation concepts along with practical techniques of escalating privileges on compromised Windows and Linux systems.
Chapter 9, Maintaining Access and Clearing Tracks, is about maintaining access on the compromised system and cleaning up tracks using anti-forensic techniques. We will learn to make persistent backdoors on the compromised system and use Metasploit's anti-forensic abilities to clear the penetration trails
Chapter 10, Vulnerability Scoring, is about understanding the importance of correct vulnerability scoring. We will understand the need of standard vulnerability scoring and gain hands-on knowledge on scoring vulnerabilities using CVSS.
Chapter 11, Threat Modeling, is about understanding and preparing threat models. We will understand the essential concepts of threat modeling and gain practical knowledge on using various tools for threat modeling.
Chapter 12, Patching and Security Hardening, is about understanding various aspects of patching and security hardening. We will understand the importance of patching along with practical techniques of enumerating patch levels on target systems and developing secure configuration guidelines for hardening the security of the infrastructure.
Chapter 13, Vulnerability Reporting and Metrics, is about exploring various metrics which could be built around the vulnerability management program. The reader would be able to understand the importance, design and implement metrics to measure the success of the organizational vulnerability management program.
