From the course: Performing a Technical Security Audit and Assessment

Overview of technical security assessment techniques

From the course: Performing a Technical Security Audit and Assessment

Start my 1-month free trial Buy for my team

Overview of technical security assessment techniques

- [Instructor] There are various methods to assess the security of systems and networks, and they fall into three main categories of techniques: review, target identification and analysis, and target vulnerability validation. Review techniques involve manual examinations of systems, applications, networks, and policies to ensure they meet minimum security requirements. These techniques include reviewing system and network documentation, firewall and switch rulesets, and system configurations. Techniques like network sniffing and file integrity checking are also part of the review process, and I'll delve into these in the Conduct Technical Security Reviews chapter. Target identification and analysis techniques are used to identify and analyze systems, networks, and security vulnerabilities relevant to the assessment. Often, automated tools or systems are used for network discovery, network port and service identification, vulnerability scanning, and wireless network scanning. I'll provide more details on these techniques in the Identify and Analyze Targets chapter. Target vulnerability validation techniques focus on confirming the validity of vulnerabilities identified during earlier testing phases. Examples of these techniques include password cracking, penetration tests, and social engineering. The Validate Target Vulnerabilities chapter will delve into these validation techniques. Now let's dive deeper into these testing methods.

Contents