Ability to produce penetration testing plans

Assignment Help Computer Networking

Reference no: EM132534582

CECT5804 Penetration Testing and Incident Response - De Montfort University

Assignment - Report on Web Application Penetration Testing and Incident Response

Learning outcome 1: Demonstrate the ability to produce Penetration Testing plans.
Learning outcome 2: Apply Penetration Testing techniques to identify vulnerabilities.
Learning outcome 3: Propose an appropriate incident/intrusion response to a computer security incident.
Learning outcome 4: Critically evaluate a range of computer security solutions.

Task

Analyse the given web application (via URL/port 80/port 443) for vulnerabilities, and produce a report summarising your findings.

Objective

Web developers working for a commercial client have implemented a new web application. The company has requested that a penetration testing is carried out against the web-site, and that a report is prepared of the findings, to be returned to the client.

The VM is a samurai machine with the password of samurai. The website that you need to pen test is located at 127.0.0.1/cwk. The scope of your pen test is limited to the website as seen to the outside world, this means that you should not look at the files directly in a terminal.

You will need VM Player (or VM Workstation) to run the Virtual Machine containing the web-application.

You are to plan and execute a penetration testing of this web-application. You will describe the tools and techniques that you used to carry out the test. Your findings will be prepared as a report (Executive Summary) for the web-site owner, followed by a fuller discussion of the tools and techniques that you used.

Please note that the coursework is to assess your abilities in finding vulnerabilities using only port 80 and or port 443, ie via web-page forms or the address box.

Perform the pentest yourself - do not discuss your findings with anyone else. All sections of the report MUST be an individual piece of work.

Section 1 - Penetration Testing Planning Stage

To plan for the penetration testing, you will need to research techniques and tools to carry out the test. You should consider the use of a web application pen testing methodology and discuss this in your plan. When discussing the tools and techniques, you should also consider the likely outcomes and methods of analysis from each.

Section 2 - Penetration Testing Implementation Stage

Your investigation may or may not discover any problems with the web-site. You must ensure that you have thoroughly documented all tools and processes used in your investigations. You are also expected to critically analyse your penetration test in relation to your test plan, highlighting areas of strength and areas where work deviated from the original design.

The executive summary (a maximum of 600 words) should address the OWASP Top 10 vulnerabilities for 2013. The severity of each uncovered vulnerability should be assessed. The writing style of the summary should be suitable for a busy MD or CEO who is non-technical.

Section 3 - Preventative Recommendation Stage

Finally, you need to provide preventative recommendations to react appropriately. You need to discuss different security solutions to address the identified vulnerabilities and critically evaluate these security solutions.

Section 4 - Incident/Intrusion Response Plan
In this stage, you also need to propose the essential preparations before the incidents occur. For example, what processes and procedures you will put in place, how you plan to detect and analyse incidents, how you plan to collect data and evidence, how to build an incident response team, how to perform an initial response, incident handling and analysis, incident reporting, etc.

Attachment:- Penetration Testing and Incident Response.rar

Reference no: EM132534582

Questions Cloud

Discuss should a firm change positioning depending on market : Discuss Should a firm change its positioning depending on the market? What are the potential advantages and disadvantages of doing this?

How marketing in health care is different from marketing : Contrast how marketing in health care is different from marketing in other industries. Describe the impacts of the Patient Protection and Affordable Care Act

Determining the investment accumulate : To what amount will the following investment accumulate?

Why physical evidence to form an evaluation for a service : Why might a customer use physical evidence to form an evaluation for a service? How might a company manage physical evidence?

Ability to produce penetration testing plans : Demonstrate the ability to produce Penetration Testing plans and Critically evaluate a range of computer security solutions.

Evaluate a patient who presents with sleep complaints : Access Association of Directors of Medical Student Education in Psychiatry (ADMSEP) Clinical Simulation Initiative (CSI). Evaluate a patient who presents.

What is the value of stock today : What is the value of stock today assuming that required rate of return is 12 percent? (Show your formula/equation/calculations)

How channel conflict can lead to increased value for channel : Evaluate when and why legal means might best be used in resolving channel conflict and discusses the implications of using legal means.

How does gender bias in research potentially perpetuate : How does gender bias in research potentially perpetuate the view of what men and women are and should be? What impact could the biased research have on.

Reviews

len2534582

6/3/2020 10:31:45 PM

Hi hope your going to check the attachments of my course work. I'm looking forward to clear my assignment and post me back on or june 7th which means this month. I need the assignment in clear and transparent way Kindly go through my course work attachment and kindly notify me the price details as soon as possible. Waiting for your faster response Thanks

Write a Review

Required(*) Message

User Account

All Pages