CMGT400 University of Phoenix Penetration Testing Plan Worksheet

User Generated

wqhoo6777

Computer Science

CMGT400

University of Phoenix

Description

A Penetration Tester evaluates the security of an information infrastructure by intentionally, and safely, exploiting vulnerabilities.

Take on the role of Penetration Tester for the organization you chose in Week 1.

Use the Penetration Testing Plan Template to create a 3- to 4-page Penetration Testing Plan for the organization you chose.

Research and include the following:

  • Pen test Preplanning
  • Engagement timeline: Tasks and who performs them
  • Team location: Where will the penetration team execute their tests?
  • Organization locations tested: multiple locations, countries (Export restrictions and government restrictions)
  • Which pen test technologies will be used? Consider the following as you research options:
  • Scanning Tools: Nmap, Nikto
  • Credential Testing Tools: Hashcat, Medussa, John the Ripper, Cain and Abel
  • OSINT Tools: Whois, TheHarvester
  • Wireless Tools: Aircrack-ng, Kismet
  • Networking Tools: Wireshark, Hping
  • What client personnel are aware of the testing?
  • What resources provided to pen test team?
  • Test Boundaries:
  • What is tested?
  • Social engineering test boundaries? What is acceptable?
  • What are the boundaries of physical security tests?
  • What are the restrictions on invasive pentest attacks?
  • What types of corporate policy affect your test?
  • Gain Appropriate authorization (Including third-party authorization)
  • Pen Test Execution Planning: Given the scope and constraints you developed in your Pentest Pre-Plan, plan the following pen test execution activities
  • Reconnaissance
  • Scanning
  • Gaining Access
  • Maintaining Access
  • Covering Tracks
  • Pen Test Analysis and Report Planning:
  • Analyze pentest results
  • Report pentest results

Addiitional Resources:

Unformatted Attachment Preview

CMGT/400 v7 Penetration Testing Plan Template Instructions: Replace the information in brackets [ ] with information relevant to your penetration testing project. Fill out each of the sections below with information relevant to your project. A Penetration Tester evaluates the security of an information infrastructure by intentionally, and safely, exploiting vulnerabilities. Take on the role of Penetration Tester for the approved organization you chose in Week 1. Research the following information about the organization you chose. Use this template to create a Penetration Testing Plan. [Organization Name] Penetration Testing Scope Statement Criteria Response Project Title: [Response] Project Sponsor(s): [Response] Business Context for the Penetration Test: [Response] Project Scope Description: [Response] Date Prepared: [Response] Prepared By: [Response] Penetration Test Pre-Planning Team Location(s) Organization Location(s) Client Personnel Aware of Testing Resources Provided to Pentest Team Pentest Technologies Used [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] Copyright© 2018 by University of Phoenix. All rights reserved. Penetration Testing Plan Template CMGT/400 v7 Page 2 of 5 High-Level Work Schedule: Project Scope Description of Work/Pentest Boundaries Assumptions and Constraints What is tested? Social engineering test boundaries? What is acceptable? What are the boundaries of physical security tests? What are the restriction on invasive pentest attacks? What type of corporate policy affect your test? [Response] [Response] Milestones Due Dates [Response] [Response] Labor ID Activity Material Total Cost Resource Hours Rate Total Units Cost Total Appropriate Authorization (Including Third-Party Authorization) Name Title/Organization Description of Authorization and Consent (Identify reference documents) [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] Copyright© 2018 by University of Phoenix. All rights reserved. Penetration Testing Plan Template CMGT/400 v7 Page 3 of 5 [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] Reconnaissance Pentest Activities Reconnaissance Deliverable Name Reconnaissance Deliverable Description [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] Scanning Pentest Activities Scanning Test Deliverable Name Scanning Test Deliverable Description [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] Copyright© 2018 by University of Phoenix. All rights reserved. Penetration Testing Plan Template CMGT/400 v7 Page 4 of 5 Gaining Access Activities Gaining Access Activity Name Gaining Access Activity Description [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] Maintaining Access Activities Maintaining Access Activity Name Maintaining access Activity Description [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] Covering Tracks Activities Covering Tracks Activity Name Covering Tracks Activity Description [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] [Response] Copyright© 2018 by University of Phoenix. All rights reserved. Penetration Testing Plan Template CMGT/400 v7 Page 5 of 5 Pentest Analysis and Report Planning Describe plan for analyzing and reporting pentest results. [Response] Copyright© 2018 by University of Phoenix. All rights reserved.
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached.

CMGT/400 v7

Penetration Testing Plan
A Penetration Tester evaluates the security of an information infrastructure by intentionally, and safely,
exploiting vulnerabilities. The Penetration Tester for the Syberry Corporation created a Penetration
Testing Plan. Syberry Corporation has asked the Security team to conduct a detailed security
examination of their network systems including their web based portal. The testing effort takes place in
June 2019 and concludes on June 15th 2019. The preliminary findings and report show the complete
results of the testing efforts and accordingly create recommendations.

Syberry Corporation
Syberry is a Custom Software Development company that provides technical and business expertise. The
company creates diverse, complex, web and mobile solutions to match any business requirement.
Syberry’s knowledge and experience translate to the creation of custom software solutions from the
ground up in almost every industry.

Penetration Testing Scope Statement

Criteria

Response

Project Title:

Penetration Testing Plan

Project Sponsor(s):

Syberry Corporation

Business Context for
the Penetration Test:

Evaluation of the Syberry’s Information Systems security

Project Scope
Description:

The scope of the testing is restricted to a web application portal for the
company. This is a web application and the particular instantiation of the
portal to test is the Syberry Network. The web application requires a
standard username and password credentials for secure access. The
testing includes both unauthenticated and authenticated testing.

Date Prepared:

This testing effort took place in June 2019 and concluded on and concluded
on June 15th 2019

Copyright© 2...


Anonymous
Goes above and beyond expectations!

Studypool
4.7
Indeed
4.5
Sitejabber
4.4

Similar Content

Related Tags