User Account

All Pages

CTEC5804 Penetration Testing and Incident Response

Assignment Help Other Subject
Reference no: EM132822117

CTEC5804 Penetration Testing and Incident Response - De Montfort University

Penetration Testing & Incident Response

Assignment: Web Application Penetration Testing and Incident Response

Learning outcome 1 Understand penetration testing strategies and methodologies
Learning outcome 2 Application of penetration testing tactics and techniques to assess vulnerabilities
Learning outcome 3 Implement appropriate incident response plan to computer security events
Learning outcome 4 Create a written report for a penetration test to a high standard

Objectives

• Analyse the given Website to identify vulnerabilities.
• Apply penetration testing tactics and techniques to exploit vulnerabilities.
• Summarise the findings, processes, recommendations and incident response plan.
• Demonstrate the ability to conduct a Final Pen Test Report to a high standard.
• Critically evaluate a range of computer security solutions.
• Propose an appropriate incident response to a computer security incident.

Background

Web developers working for a commercial client have implemented a new web application. The company has requested that a penetration test is carried out against the web-site, and that a Final Penetration Test Report is prepared of the findings, to be returned to the client.

Objective

You will need to take notes and produce a report based upon the techniques you used, as well as the results of your exploitations. Provide evidence (i.e. screenshots, test outputs) of all the steps you carry out, and document the commands you use during the test. Critically evaluate a range of security solutions, and propose an appropriate incident response to security events.

The scope of your pen test is limited to the website as seen to the outside world, this means that you should not look at the files directly in a terminal.

The Virtual Machine (VM) is a samurai machine with the password of samurai. The website that you need to pen test is located at 127.0.0.1/cwk.

You will need VMWare Player to run the VM containing the web-application. VMWare Player is available to download from:

You should have VM Player/Workstation installed on your caddy for working on your own machine. NB this VM may work with VirtualBox, but that is at your own risk.

Structure

Your report will include (as a minimum) a title page, table of content, introduction, executive summary and reference/bibliography. Ensure all imported/referenced material is properly cross-referenced, pages and sub/sections heading are numbered, and figures include caption.

• The report will contain:
o An executive summary.
o A brief rationale of the chosen Pen Test methodology.
o Details of the vulnerabilities you have discovered.
o Descriptions of the exploits you used to test the discovered vulnerabilities.
o Details of unsuccessful tests.
o The process and techniques used, including the tools and commands.
o Possible mitigations for each of the vulnerabilities.
o Incident Response plan
• Your contemporaneous notes must be included as an appendix.
• Other appendices will include scan results, screenshots, etc.

Suggested sections:

Section 1 - Executive Summary

The executive summary (a maximum of 600 words) should address the OWASP Top 10 vulnerabilities for 2017.

The risk level of each uncovered vulnerability should be presented. The writing style of the summary should be suitable for a busy MD or CEO who is non-technical.

Section 2 - Penetration Testing Planning

To plan for the penetration testing, you will need to research techniques and tools to carry out the test. You should consider the use of a web application pen testing methodology and discuss this in your plan. When discussing the tools and techniques, you should also consider the likely outcomes and methods of analysis from each.

Section 3 - Penetration Testing Implementation

You must ensure that you have thoroughly documented all tools and processes used in your investigations. You are also expected to critically analyse your penetration test in relation to your test plan, highlighting areas of strength and areas where work deviated from the original design. Your investigation may or may not discover any problems with the web-site.

Section 4 - Preventative Recommendations

Finally, you need to provide preventative recommendations to react appropriately. You need to discuss different security solutions to address the identified vulnerabilities and critically evaluate these security solutions.

Section 5 - Incident Response Plan

In this stage, you also need to propose the essential preparations before the incidents occur. For example, what processes and procedures you will put in place, how you plan to detect and analyse incidents, how you plan to collect data and evidence, how to build an incident response team, how to perform an initial response, incident handling and analysis, incident reporting, etc.

Harvard referencing style

Attachment:- Web Application Penetration Testing.rar

Reference no: EM132822117

Questions Cloud

What is libby recognized gain on the transaction : The fair market value is $125,000. What is Libby's recognized gain on the transaction and her adjusted basis in the building she receives?
Characteristics of a leader : Share an example based on your own experiences where the characteristics of a leader who you worked for had a clear impact on the employees or the organization.
What is the present value of each cash flow stream : The appropriate discount rate is 12 percent. What is the present value of each cash flow stream? What is the value of each cash flow stream at Year 3?
What are advantages and disadvantages of the laws : How do these laws impact education at the local and classroom levels? What are advantages and disadvantages of the laws
CTEC5804 Penetration Testing and Incident Response : CTEC5804 Penetration Testing and Incident Response Assignment Help and Solution, De Montfort University - Assessment Writing Service
What yield will Li Ping achieve on her investment : Li Ping intends to settle the contract by delivery. Ignoring any effects from the mark-to-market rule, what yield will Li Ping achieve on her investment
Explaining difference between cra and service canada : List some of the tools/methods that can be used to calculate CPP contributions. Explaining difference between CRA, Service Canada & HRSDC
Determine the amounts in the accounting equation at December : Use Amazon's Balance Sheet to determine the amounts in the accounting equation at December 31, 2019 (in millions). What was Amazon' Net Income (NI) in 2019
What is maeisha total annual compensation : Corporation pays employer-only taxes and insurance that comprises an additional 16% of Maeisha's annual salary. What is Maeisha's total annual compensation?

Reviews

len2822117

3/9/2021 9:43:25 PM

Harvard referencing style Please find the attached assignment of Penetration Testing & Incident Response Sample attached too Please take care of the yellow mark in the attached assignment. and make it good use good content Use the link below to download a compressed file (ctec5804_cwk.zip) instead of the link provided in the assignment.

Write a Review

Other Subject Questions & Answers

  Cross-cultural opportunities and conflicts in canada

Short Paper on Cross-cultural Opportunities and Conflicts in Canada.

  Sociology theory questions

Sociology are very fundamental in nature. Role strain and role constraint speak about the duties and responsibilities of the roles of people in society or in a group. A short theory about Darwin and Moths is also answered.

  A book review on unfaithful angels

This review will help the reader understand the social work profession through different concepts giving the glimpse of why the social work profession might have drifted away from its original purpose of serving the poor.

  Disorder paper: schizophrenia

Schizophrenia does not really have just one single cause. It is a possibility that this disorder could be inherited but not all doctors are sure.

  Individual assignment: two models handout and rubric

Individual Assignment : Two Models Handout and Rubric,    This paper will allow you to understand and evaluate two vastly different organizational models and to effectively communicate their differences.

  Developing strategic intent for toyota

The following report includes the description about the organization, its strategies, industry analysis in which it operates and its position in the industry.

  Gasoline powered passenger vehicles

In this study, we examine how gasoline price volatility and income of the consumers impacts consumer's demand for gasoline.

  An aspect of poverty in canada

Economics thesis undergrad 4th year paper to write. it should be about 22 pages in length, literature review, economic analysis and then data or cost benefit analysis.

  Ngn customer satisfaction qos indicator for 3g services

The paper aims to highlight the global trends in countries and regions where 3G has already been introduced and propose an implementation plan to the telecom operators of developing countries.

  Prepare a power point presentation

Prepare the power point presentation for the case: Santa Fe Independent School District

  Information literacy is important in this environment

Information literacy is critically important in this contemporary environment

  Associative property of multiplication

Write a definition for associative property of multiplication.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd