Reference no: EM133263364
Practical Pen Testing - Security Audit
Learning Outcome 1: Use appropriate tools to discover the structure of a network, the services running on it, and identify and classify potential security flaws
Learning Outcome 2: Demonstrate understanding of the core theoretical concepts that lead to insecurity in computer systems, and how there can be used to exploit and mitigate threats identified in a computer system or network
Learning Outcome 3: Discuss common penetration testing methodologies, vulnerability risk rating systems and how they relate to the security audit process
Penetration Test Report
In this assignment you will need to write a comprehensive pen-test report on ONE of the challenge systems provided in the labs.
Unlike in CW1 where you are expected to give an overview of the portfolio tasks. The report should be aimed at a non technical audience, and provide a detailed description of the process used to identify any vulnerabilities, methods used to exploit, and relevant suggestions for mitigation.
You should refer back to the generic pentest process discussed in the class, and discuss how the information gathered at each stage informed the decisions made.
You will also need to provide some discussion around the issues discovered. Providing an explanation of the cause of the problems, links to other similar real world examples, discussion of the risk involved.
Example Pen Test Process
A Generic Penetration test process discussed in class was:
Scope Reconnaissance Exploitation Post-Exploitation
Your report should address each of these stages:
SCOPE
As there is no formal contract defined, your scope stage should discuss any assumptions you make around the process. What methods of testing are you going to use, are there elements that are out of scope etc.
Reconnaissance
Discussion of recon methodology, and any tools used. Results, and analysis of the reconnaissance phase. This may stage should also include any reconnaissance from post initial foothold on the system.
Exploitation
Description of any tools, techniques and strategies for the exploitation phase. Discussion of the vulnerabilities found, and how you were able to exploit them.
As with reconnaissance, this should include details of any further exploitation after the initial foothold.
Post Exploitation
Suggestions for mitigation, and any other post-exploit tasks carried out.
Attachment:- Penetration Test Report.rar
|
Benefits of redressing racism with race-neutral remedies
: "The Benefits of Redressing Racism with Race-Neutral Remedies" and Which factor is more responsible for the disparity of outcomes in the African Diaspora--race?
|
|
Concept of circadian rhythms
: Chapter 7 discussed the concept of circadian rhythms and how shorter ones are associated with morning people and late ones with eveneing people.
|
|
Cognitive behavioral approach
: Identify and discuss two or three ways that a Christian view of change is similar to that of a cognitive behavioral approach.
|
|
Why do some religious architectural spaces
: Why do some religious architectural spaces, like the Buddhist cave monastery of Ajanta, India, adorn the interior, even hard to reach places.
|
|
Provide a detailed description of the process
: Provide a detailed description of the process used to identify any vulnerabilities, methods used to exploit, and relevant suggestions for mitigation
|
|
Receptionist for law firm
: Connie worked as a receptionist for a law firm. What advice would you give Connie? Health or Job?
|
|
Video game console industry
: At the time of searching for some file in the searching tab, I cannot get any results, im trying to see documents of " Video Game Console Industry in 2015"
|
|
What traits does suetonius emphasize about augustus
: What character traits does Suetonius emphasize about Augustus? Today, what characteristics do we emphasize in our own leaders?
|
|
What are the hypotheses
: What are the hypotheses? Is the sample evidence statistically significant? If so, at what significance levels can you reject the null hypothesis?
|