CVA: Certified Vulnerability Assessor

Course Outline
Self Study Version
Certification Path

Mile2’s Vulnerability Assessor course, C)VA provides an solid understanding of the tools an IT engineer needs to review an Information System. In this course, you will learn the importance of vulnerability assessments and how they are used to prevent serious cyber break-ins. Lessons include understanding malware and viruses and how they can infiltrate an organization’s network. After you take this course, you will be able to assess a company’s security posture and perform a basic vulnerability test. Plus, you will be able to generate reports to guide new security implementation.

All Prices Are in Candian Dollars

Price :

Choose the date and press 'Add To Cart'

No class dates currently scheduled. Click here to request a date

course is guaranteed to run


Course Overview

The Certified Vulnerability Assessor training helps students understand the importance of vulnerability assessments by providing intricate knowledge and skills in the Vulnerability Assessment arena. The CVA course provides foundational knowledge of general VA tools as well as popular exploits an IT engineer should be familiar with.


The CVA is a fundamental cyber security certification course that focuses on vulnerability assessments. The CVA course focuses on foundational information such as the importance of a Vulnerability Assessment and how it can help an engineer prevent serious break-ins to your organization. In the CVA course, the student will be versed with basic malware and viruses and how they can infiltrate an organizations network. The student will also learn how to asses a company’s security posture and perform a basic vulnerability test to help secure the organization’s networking infrastructure.



  • Basic networking understanding


Student Materials:

  • Student Workbook
  • Student Prep Guide


CPEs: 24



  • Information System Owners
  • Analysts
  • Ethical Hackers
  • ISSO’s
  • Cyber Security Managers
  • IT Engineer



Upon completion, the Certified Vulnerability Assessor candidate will not only be able to competently take the CVA exam but will also be able to understand and implement a basic vulnerability assessment.



The Certified Vulnerability Assessor exam is taken online through Mile2’s Assessment and Certification System (“MACS”), which is accessible on your account. The exam will take 2 hours and consist of 100 multiple choice questions.



Module 1 – Why Vulnerability Assessment?

Module 2 – Vulnerability Types

Module 3 – Assessing the Network  

Module 4 – Assessing Web Servers & Applications 

Module 5 – Assessing Remote & VPN Services

Module 6 – Vulnerability Assessment Tools of the Trade

Module 7 – Output Analysis 




Module 1 – Why Vulnerability Assessment?


What is a Vulnerability Assessment?

Vulnerability Assessment

Benefits of a
Vulnerability Assessment

What are Vulnerabilities?

Security Vulnerability Life Cycle

Compliance and Project Scoping

The Project Overview Statement

Project Overview Statement

Assessing Current Network Concerns

Vulnerabilities in Networks

More Concerns

Network Vulnerability
Assessment Methodology

Network Vulnerability
Assessment Methodology

Phase I: Data Collection

Phase II: Interviews, Information Reviews, and Hands-On Investigation

Phase III: Analysis

Analysis cont.

Risk Management

Why Is Risk Management Difficult?

Risk Analysis Objectives

Putting Together the Team and Components

What Is the Value of an Asset?

Examples of Some Vulnerabilities that Are
Not Always Obvious

Categorizing Risks

Some Examples of Types of Losses

Different Approaches to Analysis

Who Uses What?

Qualitative Analysis Steps

Quantitative Analysis

ALE Values Uses

ALE Example

ARO Values and Their Meaning

ALE Calculation

Can a Purely Quantitative Analysis Be Accomplished?

Comparing Cost and Benefit

Countermeasure Criteria

Calculating Cost/Benefit

Cost of a Countermeasure

Can You Get Rid of All Risk?

Management’s Response to Identified Risks

Liability of Actions

Policy Review (Top-Down) Methodology


Policy Types

Policies with Different Goals

Industry Best Practice Standards

Components that Support the Security Policy

Policy Contents

When critiquing a policy

Technical (Bottom-Up) Methodology



Module 2 – Vulnerability Types


Critical Vulnerabilities

Critical Vulnerability Types

Buffer OverFlows

URL Mappings
to Web Applications

IIS Directory Traversal

Format String Attacks

Default Passwords


Known Backdoors

Information Leaks

Memory Disclosure

Network Information

Version Information

Path Disclosure

User Enumeration

Denial of Service

Best Practices




Module 3 – Assessing the Network


Network Security Assessment Platform

Virtualization Software

Operating Systems

Exploitation Frameworks

Internet Host and Network Enumeration

Querying Web & Newsgroup Search Engines

Footprinting tools

Blogs & Forums

Google Groups/USENET

Google Hacking

Google and Query Operators

Google (cont.)

Domain Name Registration


WHOIS Output

BGP Querying

DNS Databases

Using Nslookup

Dig for Unix / Linux

Web Server Crawling

Automating Enumeration

SMTP Probing

SMTP Probing cont.

NMAP: Is the Host on-line

ICMP Disabled?

NMAP TCP Connect Scan

TCP Connect Port Scan

Nmap (cont.)

Tool Practice : TCP
half-open & Ping Scan

Half-open Scan

Firewalled Ports

NMAP Service Version Detection

Additional NMAP Scans


UDP Port Scan

Null Sessions

Syntax for a Null Session

SMB Null Sessions &
Hardcoded Named Pipes

Windows Networking Services Countermeasures



Module 4 – Assessing Web Servers

Web Servers

Fingerprinting Accessible Web Servers

Identifying and Assessing
Reverse Proxy Mechanisms

Proxy Mechanisms

Identifying Subsystems
and Enabled Components

Basic Web Server Crawling

Web Application Technologies Overview

Web Application Profiling

HTML Sifting and Analysis

Active Backend Database Technology Assessment

Why SQL “Injection”?

Web Application Attack Strategies

Web Application Vulnerabilities

Authentication Issues

Parameter Modification

SQL Injection: Enumeration

SQL Extended Stored Procedures

Shutting Down SQL Server

Direct Attacks

SQL Connection Properties

Attacking Database Servers

Obtaining Sensitive Information

URL Mappings to Web Applications

Query String

Changing URL Login Parameters

URL Login Parameters Cont.

IIS Directory Traversal

Cross-Site Scripting (XSS)

Web Security Checklist



Module 5 – Assessing Remote VPN Services

Assessing Remote & VPN Services

Remote Information Services

Retrieving DNS Service Version Information

DNS Zone Transfers

Forward DNS Grinding





Default Community Strings



RPC rusers

Remote Maintenance Services




X Windows


Microsoft Remote
Desktop Protocol


Assessing IP VPN Services

Microsoft PPTP




Module 6 – Vulnerability Tools of the Trade

Vulnerability Scanners


SAINT – Sample Report

Tool: Retina

Qualys Guard

Tool: LANguard

Microsoft Baseline Analyzer

MBSA Scan Report

Dealing with Assessment Results

Patch Management Options



Module 7 – Output Analysis


Staying Abreast: Security Alerts

Vulnerability Research Sites



SAINT Reports

GFI Languard

GFI Reports


MBSA Reports