Menu

2.4 Given a scenario, use the appropriate vulnerability assessment and penetration testing methods and tools.

Methods

 Static analysis

 Dynamic analysis

 Side-channel analysis

 Reverse engineering

  Software
  Hardware

 Wireless vulnerability scan

 Software composition analysis

 Fuzz testing

 Pivoting

 Post-exploitation

 Persistence

Tools

 SCAP scanner

 Network traffic analyzer

 Vulnerability scanner

 Protocol analyzer

 Port scanner

 HTTP interceptor

 Exploit framework

 Password cracker

Dependency management

Requirements

 Scope of work

 Rules of engagement

 Invasive vs. non-invasive

 Asset inventory

 Permissions and access

 Corporate policy considerations

 Facility considerations

 Physical security considerations

 Rescan for corrections/changes

Security Operations

CASP+ Home