SecurITyCerts dot Org

       Navigating Security Certifications

CISSP Acronym Edge: CISSP Study & Review Guide December 2016+

Main CISSP Acronym Edge Index

Domain 6: Security Assessment and Testing

Get a PDF of The CISSP Acronym Edge: CISSP Study & Review Guide -  signup below & I'll send it to you.

Security Assessment - A "Holistic Big Picture" review of security, though technical security testing, security process review, and security audits.

Server Side Attacks – An attack initiated against a listening service by an attacker.

Client Side Attacks – An attack initiated by the victim/client, often by clicking on a link on the web or in an email.

Host Discovery – Determining which IP addresses in the network have live system. Techniques include ARP scans, passive listening, ICMP Sweeps, IPv6 neighbor discovery and many more.

Port Scanning – Scanning TCP and UDP ports on one or more hosts to determine which are open. Nmap is a common port scanning tool.

Service Fingerprinting – Determining which services are running on specific ports, as opposed to determining the service by the port number, which may be wrong. For example, a user may attempt to “hide” an unauthorized service by placing it on the HTTP port, port 80. Service fingerprinting will figure out what that service is.

OS Fingerprinting – Determining what OS exists at an IP address. Accomplished by sending a variety of packets and examining the replies. Nmap and Xprobe3 are common tools.

Vulnerability Scanners – Tools which scan over the network looking for known vulnerabilities. These go way beyond simple port scans. Examples include Nessus, Qualys, SAINT, and many more.

Penetration Testing – A proactive detective measure whose goals are to find exploitable vulnerabilities before an adversary can. Penetration testers attempt to “break in” within a carefully defined scope.

Fuzzing – Automated stress testing, commonly used to find potential vulnerabilities.

Get a PDF of The CISSP Acronym Edge: CISSP Study & Review Guide -  signup below & I'll send it to you.

We respect your email privacy