Prepare a written proposal for the penetration test plan that describes your fir
ID: 3573922 • Letter: P
Question
Prepare a written proposal for the penetration test plan that describes your firm's approach to performing the penetration test and what specific tasks, deliverables, and reports you will complete as part of your services.
Scenario: You are the owner and operator of a small information security consulting firm. You have received a request from one of your clients, Infusion Web Marketing, to provide a written proposal for performing a penetration test on the company's production Web servers and corporate network.
Environment:
Scope
Production e-commerce Web application server, thee-commerce Web application server is acting as an external point-of-entry into the network:
Ubuntu Linux 10.04 LTS Server (TargetUbuntu01)
Apache Web Server running the e-commerce Web application server
Credit card transaction processing occurs on all web servers.
Intrusive or Non-Intrusive
Intrusive. The test will include penetrating past specific security checkpoints.
Compromise or No Compromise
No compromise. The test can compromise with written client authorization only.
Scheduling
Between 2:00 a.m-6:00 a.m. MST weekend only (Saturday or Sunday)
Deliverables:
Based on the scenario above, provide a written attack and penetration testing plan. The plan should include these sections:
Table of Contents
Project Summary
Goals and Objectives
Tasks
Reporting
Schedule.
Your penetration testing plan should be two to three pages in length and should discuss and cite at least three credible or academic references other than the course materials.
Scope
Production e-commerce Web application server, thee-commerce Web application server is acting as an external point-of-entry into the network:
Ubuntu Linux 10.04 LTS Server (TargetUbuntu01)
Apache Web Server running the e-commerce Web application server
Credit card transaction processing occurs on all web servers.
Intrusive or Non-Intrusive
Intrusive. The test will include penetrating past specific security checkpoints.
Compromise or No Compromise
No compromise. The test can compromise with written client authorization only.
Scheduling
Between 2:00 a.m-6:00 a.m. MST weekend only (Saturday or Sunday)
Explanation / Answer
Information security consulting firm has been assigned the task of carrying out Quarterly Penetration Testing of Infusion Web Marketing Pvt Ltd.
This is the second quarter penetration testing report. It was performed during date 26.08.2015,The detailed report about each task and our findings are as described below.
The purpose of this test is to determine security vulnerabilities in the server configuration and web applications running on the servers specified as part of the scope. The tests are carried out assuming the identity of the attacker or user with a malicious intent. At the same time due care is taken not to cause damage to the servers.
Approach:
• Perform broad scans to identify potential areas of exposure and services that may act as entry points.
• Perform targeted scans and manual investigation to authenticate vulnerabilities
• Test identified workings to gain access to <IP Addresses>
• Identify and authenticate vulnerabilities
• Rank vulnerabilities based on threat level, loss potential
• Perform research and development activities to support analysis.
• Develop long term recommendations to enhance security
• Transfer knowledge
Scope:
Scope Production e-commerce Web application server, thee-commerce Web application server is acting as an external point-of-entry into the network:
Ubuntu Linux 10.04 LTS Server (TargetUbuntu01)
Apache Web Server administration the e-commerce Web application server
Credit card transaction processing occurs on all web servers.
Goals and Objectives:
The guidance focuses on the following:
• Penetration Testing Components: Understanding of the different components that make up a penetration test and how this differs from a susceptibility scan together with scope, application and network layer testing, segmentation checks, and social engineering.
• Qualifications of a dissemination Tester: Determining the qualifications of a penetration tester, whether internal or external, through their past knowledge and certifications.
• Penetration Testing Methodologies: thorough information related to the three primary parts of a saturation test: pre-engagement, engagement, and post-engagement.
• Penetration Testing Reporting Guidelines: Guidance for developing a comprehensive penetration test report that includes the compulsory information to document the test as well as a checklist that can be used by the organization or the appraiser to verify whether the necessary at ease is integrated.
Key Findings
In this part we would like to highlight key findings of the dangerous issues found during the testing.
Insufficient Authentication:
On some pages <Page no’s 1,5,6> user can login and get access without user name and password.
Recommendation:
Proper authentication apparatus should be implemented with a good password policy in place.
Improper Input Filtration:
The input values are not parsed properly. Attacker can make use of this and can insert a single user URL and send it to another user or can even steal session ID’s.
• Database management is possible through and molest technique:SQL Injection
• Servers <Names> were found susceptible to cross site scripting attack. Lack of input filtrations will allow an assailant to insert a single URL or a cruel Java script in the link and send to another user.
• In another scenario, input is not sanitary properly allowing any cruel URL to be sent in the bogus summary.
Recommendations
All data on all pages should have input as well as output filtering.SQL injections should be mitigated by using stored procedures,and reducing privilege levels with which the database executes.
Due to the impact to the overall organization as uncovered by this penetration test, appropriate resources should be allocated to ensure that remediation efforts are accomplished in a timely manner. While a comprehensive list of matter that should be implemented is away from the scope of this engagement, some high level items are significant to mention. Offensive safety measures recommends the following:
1. Ensure that strong recommendation are use everywhere in the organization. The conciliation of system as considerably impacted by the use of weak passwords as well as the reprocess of passwords across systems of reverse security levels. NIST SP 800-119 is recommended for course of action on operating an project password policy.
2. Establish hope boundaries. Create commonsense boundaries of trust where apposite on the internal network. Each logical trust segment should be able to be compromised without the infringe easily cascading to other segments. This should embrace the use of unique clerical accounts so that a compromised system in one sector cannot be used in other locations.
3. Implement and impose implementation of transform control across all systems: Misconfiguration and self-doubting deployment issues were naked across the various systems. The vulnerabilities that arose can be mitigated through the exercise of change have power over processes on all head waiter systems.
4. execute a patch management program: This will help to perimeter the do violence to shell that results from running unpatched domestic services
5. Conduct regular defenselessness assessments. As part of an of use organizational risk supervision strategy, openness assessments should be conducted on a ordinary basis. Doing so will allow the organization to settle on if the installed safekeeping controls are properly installed, operating as projected, and producing the much loved outcome.