ASM Standard Operating Procedure Framework

0 ratings

This document outlines a continuous process to identify, monitor, and manage a company’s web attack surface exposed on the Internet using open-source tools. This approach helps organizations maintain an up-to-date inventory of their exposed services, reduce risks, and detect shadow IT.

Name a fair price:

Add to cart

Standard Operating Procedure (SOP): Continuous Web Attack Surface Identification using Open-Source Tools

Attack surface: The set of entry points where attackers can try to exploit a system.

Attack vector: Methods used by attackers to breach systems or networks.

Shadow IT: The use of IT systems without the IT department’s approval.

ASM Standard Operating Procedure Framework

ASM Standard Operating Procedure Framework

Attack surface: The set of entry points where attackers can try to exploit a system.

Attack vector: Methods used by attackers to breach systems or networks.

Shadow IT: The use of IT systems without the IT department’s approval.

Reconnaissance: Techniques to secretly gather information on a target system.

Red Team exercises: Simulated attacks that assess the security of an organization’s systems.

Domain name: A label that identifies a network domain.

Certificate transparency: Public logs of issued TLS certificates to detect suspicious activity.

External Attack Surface Management (EASM): Management of internet-facing assets to uncover hard-to-detect threats.

Content Management System (CMS): Software to manage digital content creation and modification.

Network ACL: Rules that control access to a computer network.

Vulnerability scanner: Tools used to detect vulnerabilities in systems and networks.

Configuration Management Database (CMDB): Database that tracks relationships between hardware, software, and networks in an organization.