Vulnerability Analysis (2020)

From CyberEdWiki
Revision as of 22:07, 21 November 2019 by GeralynUH (talk | contribs) (Text replacement - "To complete this KU, students should be able to:" to "After completing the KU, students will be able to:")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The intent of the Vulnerability Analysis Knowledge Unit is to provide students with a thorough understanding of system vulnerabilities, to include what they are, how they can be found/identified, the different types of vulnerabilities, how to determine the root cause of a vulnerability, and how to mitigate their effect on an operational system.


After completing the KU, students will be able to:

  1. Apply tools and techniques for identifying vulnerabilities.
  2. Create and apply a vulnerability map of a system.
  3. Apply techniques to trace a vulnerability to its root cause.
  4. Propose and analyze countermeasures to mitigate vulnerabilities.
  5. Explain the circumstances under which a vulnerability must be disclosed.


  1. Definition of “vulnerability”
  2. System modeling techniques
  3. Vulnerability mapping.
  4. Vulnerability characteristics and classification.
  5. Taxonomy
    1. Buffer overflows, privilege escalation, rootkits
    2. trojans/backdoors/viruses
    3. Return oriented programming
    4. Social Engineering Vulnerabilities
    5. Administrative Privileges and Their Effect on Vulnerabilities
  6. Root causes of vulnerabilities
  7. Mitigation strategies
  8. Analyze the expected and actual effectiveness of proposed countermeasures.
  9. Explain when vulnerabilities must be disclosed.
  10. Tools and Techniques for Identifying Vulnerabilities


NICE Framework Categories[edit]

CSEC 2017 Categories[edit]

Specialization Areas[edit]

See also[edit]

Related Knowledge Units

Original Knowledge Unit

Further reading[edit]

Suggested textbooks[edit]

Suggested academic readings[edit]

Sample knowledge test[edit]

Sample skills test[edit]

Sample abilities test[edit]

Additional notes or materials[edit]


Reference ID[edit]