User Account

All Pages

Penetration testing strategies and methodologies

Assignment Help Other Subject
Reference no: EM133196785

Assessment - Web Application Penetration Test Resit

Learning outcome 1: Understand penetration testing strategies and methodologies
Learning outcome 2: Apply penetration testing techniques to identify vulnerabilities
Learning outcome 3: Exploit vulnerabilities using appropriate Tactics, Techniques, and Procedures
Learning outcome 4:Create a written report for a penetration test to a high standard

Task: Objectives
• Analyse the given website to identify vulnerabilities
• Apply penetration testing tactics and techniques to exploit vulnerabilities
• Summarise the findings, processes, and provide mitigation recommendations
• Demonstrate the ability to develop a final pen test report to a high standard

Background
A commercial client has implemented a new web application. The company has requested that a penetration test is carried out against the website, and that a Final Penetration Test Report is prepared and returned to the client.

Scope
This assessment focuses on your ability to develop a final penetration test report to a high standard:

1) To conduct the penetration testing, you should consider the use of the penetration testing methodology requested by your client. You may need to justify in your report whether another well-known penetration test methodology is best suited for this type of engagement.

2) You will need to apply the appropriate Tactics, Techniques and Procedures (TTPs) to identify the target IP address, scan the ports relevant to the web application and scan all vulnerabilities. Include in the assessment summary all the TTPs followed. Provide details about the identified vulnerable running services, versions, and severity levels.

3) You need to conduct a comprehensive exploit and post-exploitation attempt of all vulnerabilities discovered during your scans. Exploits not informed by a previous vulnerability scan process will not be considered as successful.

4) You will need to produce a final penetration test report based upon the TTPs used and the results obtained, regardless of whether or not you are successful exploiting the vulnerabilities and misconfigurations discovered. Provide evidence (i.e. screenshots, test outputs) of all the steps you carry out, and document the commands you use during the test. Finally, you need to provide recommendations to address the vulnerabilities and critically evaluate these security solutions.

The Rules of Engagement document states the IP address of the target web application is within the network IP address 192.168.11.0/24. Once you locate the IP address, you would need to open the website on your web browser at 192.168.11.xxx/cwk. You are allowed to use any TTP, including any existing exploits, and your own bespoke scripts. However, offline attacks on the victim Virtual Hard Disk are out of scope. This means that you should not look at the files directly in a terminal, and interaction with the target system should always occur remotely, through the network. Moreover, the Rules of Engagement of this test states that any brute force type of attack (e.g. Denial of Service and Dictionary attack) is out of scope. Finally, your client considers the use of sqlmap as potentially damaging. Hence, the use of this tools is out of scope.

During the pre-engagement meetings, your client has requested only following the NIST penetration test methodology to find and exploit the system. Your client has also requested 3 separate documents to be included within the Final Penetration Test Report: i) Executive Summary, ii) Technical Summary, and iii) Assessment Summary. Each of these documents should address the relevant audience, and be written using the adequate narrative. The technical summary must include a table summarising the vulnerabilities uncovered, as well as a detailed attack flow diagram. For each vulnerability, include the risk level, a brief description of the vulnerability, the potential impact to the target, and recommendations to mitigate the vulnerability only from the MITRE ATT&CK framework.

Structure
Ensure that all imported material is properly cross-referenced, pages are numbered, sections and subsections heading are numbered, and figures include caption.
• As a minimum, you report will contain:
o Title page
o Table of content
o An executive summary (1 page)
o A technical summary
o An assessment summary, comprising:
• Details of the vulnerability assessment results and misconfigurations discovered
• Descriptions of the exploits you used to test the discovered vulnerabilities
• Screenshots to illustrate your report
• The process and techniques used, including tools and commands
• Possible mitigations for each of the vulnerabilities
• Details of unsuccessful exploits

Attachment:- Web Application Penetration Test.rar

Reference no: EM133196785

Questions Cloud

Statutory provisions of any consumer law : i) Advise Harry on his legal position in relation to Barry under contract law. Do NOT apply the statutory provisions of any consumer law in your response.
Write a short piece about the issue in writer journal : EDC 121 Curtin University Identify a current issue in the news. Research the issue by reading about it from different sources and write a short piece about the
What were the total annual carbon dioxide emissions : In the first graph on the page, what were the total annual CO2 emissions in 2017? hich region had the largest CO2 emissions in 2018? What were the 2nd and 3rd?
Kingdoms in a classification system : BIOL 134 American Public University Write two questions each for the animal. plant, fungi and protist kingdoms (8 questions total) that can be used
Penetration testing strategies and methodologies : CTEC5804 Penetration Test and Incident Response - Apply penetration testing tactics and techniques to exploit vulnerabilities
Discuss the possible data sources of the mobile app : Discuss the possible data sources of the mobile app. Determine what data each component of the app either displays or accepts as input
Violating the corporate policy : ICT 378 Murdoch University Question: How should you approach a case in which an employee is suspected of violating the corporate policy in the forensic
How did your upbringing and background influence ideology : How did your upbringing and background influence this ideology? How have your personal experiences and observations influenced your ideology?
What needs might a user have that your app would serve : What needs might a user have that your app would serve? Why might a user decide engaging with your app is the right choice for them

Reviews

Write a Review

Other Subject Questions & Answers

  What is the objective of a maximum flow problem

Which of the following is not an assumption of a maximum flow problem: What is the objective of a maximum flow problem:

  How are the choosen moral value dealt with in other cultures

Choose three American moral values and explain whether or not you think these moral values are universal or uniquely American. How are these moral values dealt with in other cultures?

  Discusses the implications of the development

Discusses the implications of the development on how business is or will be conducted. Is this a tectonic shift that is going to drastically change

  Effective in reducing appetite

You have developed a new drug that you believe is effective in reducing appetite. As a result of some preliminary research, you have been given a small grant to design an experiment that tests the effectiveness of this new drug on morbidly obese i..

  Explain the three primary goals of the evaluation

Explain the three (3) primary goals of the evaluation. Analyze three (3) major cultural or political issues that might be encountered and explain how they might

  Create a connection socket when contacted by a client

Develop a simple Web server in Python that is capable of processing only one request.create a connection socket when contacted by a client .

  Write an executive summary of your study

Write an executive summary of your study. In the summary, include the ANOVA test results, your hypothesis and its resolution, and the implications.

  What is created toward the end of an academic program

Over the past five weeks you have examined several areas of psychology in relation to the areas/fields of psychology that you are most interested in.

  Why do you think many healthcare practitioners are often

Why do you think many healthcare practitioners are often unwilling to change practice patterns based on research findings? Some practitioners criticize evidence-based practice as "cookbook care." Considering these perceptions, how would you utiliz..

  What are some strengths and weaknesses of the proposal

NRS-451V: In this assignment, you will select a program, quality improvement initiative, or other project from your place of employment. Assume you are presenting this program to the board for approval of funding. Write an executive summary to pre..

  Identify the constitutional amendment

Identify the constitutional amendment that would govern Officer Jones' actions. In your own opinion, discuss if you support his actions or not.

  Examine the relevant issue-argument-claims

Freedom Writers addresses a number of key social justice issues related to the course readings. Examples include inequality, homelessness

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd