Reference no: EM132297469
Cybersecurity and Analytics Assignment - Penetration Testing Project for eCommerce Website
Purpose of the assessment - The purpose of the assignment is to analyse the botnet attacks in cybersecurity; evaluate available defensive resolutions, and recommend a security solution.
Students will be able to complete the following ULOs:
a. Analyse cyber security threats and attacks.
b. Implement and evaluate security testing tools in a realistic computing environment.
Assessment - Penetration testing on eCommerce Website
Assignment Description -
You are a new IT engineer at PureHacking.com located in Australia.
Your client is Mr. Daniel Gromer who runs a chain of clothing shops in Australia. Mr Gromer runs over 50 clothing shops in Sydney and Melbourne targeting female customers in their early twenties with moderate budget. Mr. Gromer has recently taken an interest in online business as he realized that many of his competitions have moved onto the online platforms reducing their expenditure significantly. Mr. Gromer has hired a team of web developers (located overseas) to develop and their new online shop is ready to launch in May 2019. Mr. Gromer has no IT background but he is aware of many cases where the websites were hijacked and lost fortunes alongside ruining their digital reputations.
Mr. Gromer has approached the PureHacking.com to assess his new eCommerce website and report any vulnerabilities ahead of its launch as Mr. Gromer is aware that he may get only one chance at the online success and if the website security is breached, he can face major loss in his investment.
Mr. Gromer informs: his eCommerce website is using WooCommerce plugin implemented on the WordPress website platform and the entire website is running on Linux webserver. The website developers have been using FTP to upload the website contents to the Linux webserver. The developers are fairly certain that their FTP passwords were complex enough not to be compromised. The password is given to PureHacking (your lecturer).
Your task is to write a report on how you will perform penetration testing on the eCommerce platform and Linux-based FTP webserver to identify their security vulnerabilities and breaches.
In this report, you are to report:
1. Potential risks and threats to the eCommerce website and their web server.
2. Penetration testing tools and technologies you will use
a. Description of tools and technologies
b. Other case episode of their usages
3. Expected outcomes from the penetration testing
4. Resources you will require to complete the penetration testing (including security credentials in red teaming).
5. Expected business benefits to the client (Mr. Gromer).
6. Conclusion and remarks on future works.
Section to be included in the report -
Introduction - Outline of the report ( in 3-4 sentences).
Report Layout - Report layout, style and language.
Potential threats and risks - Identify the potential threats and risks of your concern in terms of penetration testing planning.
Penetration tools and technologies - Recommend penetration tools and technologies and rationalize your choice.
Expected outcomes - What are the signs you are looking within penetration testing.
Resources required - Resources you will require to complete the penetration testing (including security credentials in red teaming).
Practical demonstration - Demonstration of use of ethical hacking tools in labs 5 and 6.
Business benefits - Expected business benefits to the client (Mr. Gromer).
Conclusion and remarks - Write summary of the report and future work
Reference style - Follow IEEE reference style.