Write a penetrating test report against the web application

Assignment Help Web Project

Reference no: EM131499077

Web Application Assessment

Overview

GlobalComm has hired you as an offensive security consultant. You have been tasked with writing a penetrating test report against the web application of GlobalComm - DVWA. The expectation is you use active information gathering techniques and methods to exploit web applications.

Rules of engagement

• The only computer that should targeted is Metasploitable

• Students must of preformed the lab preparation assignment before continuing

Tasks and expectations

• Show proficiency Web application security

• Write a response to the tasks and questions below

Technical Questions

For this lab report screenshots of every command is not needed, please use your judgment when documenting this. Screenshots again should be used but limited. I do not want 5 pages of screenshots; additionally use the cropping tool to tighten the screenshots that are used.

Design

Web Application Assessment

The CTO of GlobalComm has requested an in-depth assessment of the Web

Applications running on the Linux virtual machine provided. A report should be written outlining the risk the current system has and recommendations on how to resolve them. DVWA should be the focus of the report but feel free to include an assessment of the other web applications running. Within the report you should explain the following:

• Information gathering

• Vulnerability identification

• Authentication weaknesses

• Web Application Exploitation

o 4 Exploits should be demonstrated

- 1 SQL injection attack

- 1 attack using SQL Map

- 1 attack using demonstrating a web shell

- 1 attack of choice

• Data exfiltration or disclosure possibilities should be outline and explain the risk in-depth.

• Remediation steps and action items to resolve issues identified should be elaborated on.

Reference no: EM131499077

Questions Cloud

Outline the physical design of your database : Outline the physical design of your database. Explain the security mechanisms available for a database and how the data will be protected.

Define the use of quantitative business model : Throughout this course, you will participate in a variety of critical thinking exercises designed to engage you in evaluating and selecting appropriate.

Computational point of view : Discuss the role that partial differential equations play in Finance and Economics, both from the theoretical and computational point of view.

Evaluate the performance of the industrials sector : You want to evaluate the performance of the Industrials sector of your portfolio over the past year.

Write a penetrating test report against the web application : GlobalComm has hired you as an offensive security consultant. Write a penetrating test report against the web application of GlobalComm - DVWA.

Local and stochastic volatility : What is a volatility surface and how does it point in general to the limitations of the Black-Scholes model? Discuss.

Write a report to the chairpersons : Write a report of 2000 words to the chairpersons of the Financial Reporting Council and the Australian Accounting Standards Board commenting

Explain the four concepts of structural change : 1005HSL Individual Essay Assessment. Identify and explain the four concepts of structural change, linking each concept to a world-famous tourist, restaurant

Explain what is an incomplete market : Explain what is an incomplete market, what is hedging at minimum cost and what is understood by completing a market.

User Account

All Pages