From the course: CompTIA Cybersecurity Analyst (CySA+) (CS0-003) Cert Prep
Join today to access over 24,700 courses taught by industry experts.
Vulnerability metrics
From the course: CompTIA Cybersecurity Analyst (CySA+) (CS0-003) Cert Prep
Vulnerability metrics
- [Instructor] When it comes to measuring the effectiveness of your vulnerability management program, there are four important things that CompTIA wants you to know as you prepare for the CySA+ exam. First, you should monitor trends in vulnerabilities. Are the same vulnerabilities arising over and over again? Is your ability to detect and quickly remediate vulnerabilities improving over time? Keep an eye on the metrics that demonstrate the health of your vulnerability management program. Second, how are you performing against lists of common vulnerabilities, such as the OWASP Top 10 list? Are developers and system administrators improving their skills over time or are they making the same mistakes repeatedly? Third, do you pay particular attention to critical vulnerabilities and zero-day threats? You want to be sure that you're taking the most important issues and addressing them as quickly as possible. Finally, are you meeting all the service-level objectives that you define for your…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
(Locked)
Identification, authentication, authorization, and accounting3m 34s
-
(Locked)
Usernames and access cards3m 23s
-
(Locked)
Biometrics2m 42s
-
(Locked)
Authentication factors4m 25s
-
(Locked)
Multifactor authentication2m 35s
-
(Locked)
Something you have4m 24s
-
(Locked)
Password authentication protocols3m 10s
-
(Locked)
Single sign-on and federation3m 9s
-
(Locked)
Passwordless authentication1m 48s
-
(Locked)
Privileged access management2m 31s
-
(Locked)
Cloud access security brokers5m 15s
-
(Locked)
-
-
(Locked)
OWASP Top 105m 36s
-
(Locked)
Prevent SQL injection4m 25s
-
(Locked)
Understand cross-site scripting4m 46s
-
(Locked)
Request forgery4m 8s
-
(Locked)
Privilege escalation1m 56s
-
(Locked)
Directory traversal3m 6s
-
(Locked)
File inclusion1m 46s
-
(Locked)
Overflow attacks3m 21s
-
(Locked)
Cookies and attachments4m 6s
-
(Locked)
Session hijacking4m 8s
-
(Locked)
Race conditions2m 13s
-
(Locked)
Memory vulnerabilities3m 34s
-
(Locked)
Code execution attacks2m 43s
-
(Locked)
Data poisoning55s
-
(Locked)
Third-party code3m 38s
-
(Locked)
Interception proxies5m 22s
-
(Locked)
-
-
(Locked)
Input validation2m 41s
-
(Locked)
Parameterized queries3m
-
(Locked)
Authentication and session management issues1m 49s
-
(Locked)
Output encoding3m 13s
-
(Locked)
Error and exception handling3m
-
(Locked)
Code signing2m 8s
-
(Locked)
Database security3m 53s
-
(Locked)
Data de-identification2m 44s
-
(Locked)
Data obfuscation2m 12s
-
(Locked)
-
-
(Locked)
Build an incident response program4m 13s
-
(Locked)
Creating an incident response team2m 15s
-
(Locked)
Incident communications plan2m 44s
-
(Locked)
Incident identification4m 26s
-
(Locked)
Escalation and notification2m 29s
-
(Locked)
Mitigation2m 20s
-
(Locked)
Containment techniques3m
-
(Locked)
Incident eradication and recovery5m 39s
-
(Locked)
Validation2m 24s
-
(Locked)
Post-incident activities4m 17s
-
(Locked)
Incident response exercises1m 37s
-
(Locked)
-
-
(Locked)
Conducting investigations3m 50s
-
(Locked)
Evidence types3m 28s
-
(Locked)
Introduction to forensics3m 21s
-
(Locked)
System and file forensics4m 26s
-
(Locked)
File carving3m 46s
-
(Locked)
Creating forensic images5m 30s
-
(Locked)
Digital forensics toolkit2m 25s
-
(Locked)
Operating system analysis6m 9s
-
(Locked)
Password forensics7m 16s
-
(Locked)
Network forensics4m 1s
-
(Locked)
Software forensics4m 25s
-
(Locked)
Mobile device forensics1m 10s
-
(Locked)
Embedded device forensics2m 30s
-
(Locked)
Chain of custody1m 50s
-
(Locked)
Ediscovery and evidence production3m 3s
-
(Locked)