Introduction to Vulnerability Management Learning Path

Gain the skills necessary to build, manage, maintain and continuously improve an effective vulnerability management program in this series of vulnerability management courses.

9 hours, 52 minutes

Start 7-Day Free Trial
View All Training

Quick facts

About this learning path

  • courses

    100% online

  • Duration

    9 hours, 52 minutes

  • Assessment

    questions

About Introduction to Vulnerability Management

In an ever-evolving environment, staying ahead of the curve is key. This learning path teaches you how to be the proactive steward of your organization’s technology to better manage your organization’s risk. As you progress through the vulnerability management courses, you learn how to set up a virtual testing environment and identify, prioritize and remediate vulnerabilities. You will be exposed to real-world examples and learn the elements necessary to excel in the field.

By the end of this learning path, you will have the knowledge and skills to develop and continuously improve vulnerability management programs, including setting up effective and automated strategies. You will understand who is involved in vulnerability management, what it entails and the sources of vulnerabilities.

Who is this learning path for?

This Introduction to Vulnerability Management Learning Path is specifically designed for those who want to better their understanding of security vulnerabilities, including:

By the end of this learning path, you will:

  • Have a solid grasp of necessary vulnerability software and VMs
  • Be able to define and execute a vulnerability management strategy
  • Be able to create and train others on an effective vulnerability management plan
  • Have a solid grasp of automated vulnerability scanners
  • Be able to execute manual verification
  • Be able to prioritize vulnerabilities
  • Understand vulnerability remediation
  • Be familiar with the OWASP Top 10

 

Syllabus

Vulnerability Management Skill Assessment

Assessment - 63 questions
Introduction to Vulnerability Management

Course - 00:23:00
In the first course, we will take a look at what this learning path is all about. We will discuss what we will learn, how we will learn it and what you will be able to do with that knowledge.
Setting Up Your System

Course - 00:22:00
This course will go over setting up the VirtualBox environment with the Kali Linux and Metasploitable 2 and 3 VMs. You will also set up Nessus, nmap and OpenVAS. These tools will be used throughout the course, and you are encouraged to follow along in order to reinforce the concepts.
Vulnerability Management Process

Course - 01:03:00
This course will explore the vulnerability management process in detail. We go over determining the scope of the program, defining the strategy, selecting the methodology and selecting the tools, as well as engaging management and stakeholders.
Automated Vulnerability Scanners

Course - 00:36:00
In this course, we will look at what automated vulnerability scanners are, how to use them and why they are useful. We will perform vulnerability scans against our target, using Nessus and OpenVAS. After this course, you will be able to run automated vulnerability scans in your environment with an open-source or commercial scanner.
Manual Vulnerability

Course - 01:03:00
In this course, we will look at how to manually verify the existence of several different vulnerabilities with a wide array of tools. We will look at Metasploit, nmap, netcat and Wireshark. We go over banner-grabbing, nmap scripts, Metasploit scanning modules and capturing cleartext traffic.
Prioritizing Vulnerabilities

Course - 00:14:00
This course will cover how to prioritize vulnerabilities in our environment based on industry standard metrics (CVSS) as well as a risk-based approach based on what is important to our organization. We will also look at how CVSS scores are calculated.
Remediation

Course - 00:27:00
In this course, we will look at best practices for establishing and running an effective patch management program. We will look at what is needed in Windows and Linux environments, as well as discussing several considerations that must be taken into account when remediating vulnerabilities.
Web Application Vulnerabilities

Course - 00:53:00
This course will look at some of the most common web application vulnerabilities, as well as open-source and commercial scanners that can be used to detect them. We will go over each of the OWASP Top 10 vulnerabilities and perform a walkthrough demonstrating how to scan in Burp and OWASP ZAP.
Frameworks

Course - 00:47:00
This course will examine what role vulnerability management plays in different industry frameworks. We will accomplish this by looking at specific requirements and controls from each of the frameworks discussed.
Vulnerability Management Summary

Course - 01:19:00
This course will recap everything we have learned throughout the path, including the VM process, automated scanning, manual verification (with demo), prioritization, remediation and web application vulnerabilities.

Meet the author

Nikolas Behar

Nikolas is a Sr. Security Consultant and Adjunct Professor of Cybersecurity focused on advanced adversary simulation, penetration testing and vulnerability management. He has vast experience across many information security domains, such as cyber defense, cyber risk, security strategy, offensive security, security awareness and security operations.

Nikolas has worked at several organizations throughout Southern California and has been a consultant at PwC, Accenture and Deloitte. He primarily lectures on ethical hacking, digital forensics and information assurance. He has also sat on several information security panels, spoken at several information security conferences, and appears on news outlets to discuss information security-related issues.

Nikolas received his M.Sc in information security from Royal Holloway, the University of London and his B.A. in political science from UC, San Diego. He holds OSCP, CISSP and CISA certifications.

Learn More

The details

Learning path insights

How to claim CPEs

Should you complete this learning path, you’ll be able to download a certificate of completion. Use this to claim your CPEs or CPUs.

Associated NICE Work Roles

All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide you from beginner to expert across 52 Work Roles.

  • All-Source Analyst
  • Mission Assessment Specialist
  • Exploitation Analyst

No software. No set up. Unlimited access.

Skip the server racks and spin up a realistic environment with one click. Infosec Skills cyber ranges require no additional software, hardware or server space so your team can spend less time configuring environments and more time learning. Unlimited cyber range access is included in every Infosec Skills subscription so your team can skill up however they learn best.

Start 7-Day Free Trial

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments
Start a Free Trial

Plans & pricing

Infosec Skills Personal

$299 / year

Buy Now 7-Day Free Trial
  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

Book a Meeting
  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Learn about scholarships and financing with

Affirm logo