Description
A Penetration Tester evaluates the security of an information infrastructure by intentionally, and safely, exploiting vulnerabilities.
Take on the role of Penetration Tester for the organization you chose in Week 1.
Use the Penetration Testing Plan Template to create a 3- to 4-page Penetration Testing Plan for the organization you chose.
Research and include the following:
- Pen test Preplanning
- Engagement timeline: Tasks and who performs them
- Team location: Where will the penetration team execute their tests?
- Organization locations tested: multiple locations, countries (Export restrictions and government restrictions)
- Which pen test technologies will be used? Consider the following as you research options:
- Scanning Tools: Nmap, Nikto
- Credential Testing Tools: Hashcat, Medussa, John the Ripper, Cain and Abel
- OSINT Tools: Whois, TheHarvester
- Wireless Tools: Aircrack-ng, Kismet
- Networking Tools: Wireshark, Hping
- What client personnel are aware of the testing?
- What resources provided to pen test team?
- Test Boundaries:
- What is tested?
- Social engineering test boundaries? What is acceptable?
- What are the boundaries of physical security tests?
- What are the restrictions on invasive pentest attacks?
- What types of corporate policy affect your test?
- Gain Appropriate authorization (Including third-party authorization)
- Pen Test Execution Planning: Given the scope and constraints you developed in your Pentest Pre-Plan, plan the following pen test execution activities
- Reconnaissance
- Scanning
- Gaining Access
- Maintaining Access
- Covering Tracks
- Pen Test Analysis and Report Planning:
- Analyze pentest results
- Report pentest results
Addiitional Resources:
Unformatted Attachment Preview
Purchase answer to see full attachment
Explanation & Answer
Attached.
CMGT/400 v7
Penetration Testing Plan
A Penetration Tester evaluates the security of an information infrastructure by intentionally, and safely,
exploiting vulnerabilities. The Penetration Tester for the Syberry Corporation created a Penetration
Testing Plan. Syberry Corporation has asked the Security team to conduct a detailed security
examination of their network systems including their web based portal. The testing effort takes place in
June 2019 and concludes on June 15th 2019. The preliminary findings and report show the complete
results of the testing efforts and accordingly create recommendations.
Syberry Corporation
Syberry is a Custom Software Development company that provides technical and business expertise. The
company creates diverse, complex, web and mobile solutions to match any business requirement.
Syberry’s knowledge and experience translate to the creation of custom software solutions from the
ground up in almost every industry.
Penetration Testing Scope Statement
Criteria
Response
Project Title:
Penetration Testing Plan
Project Sponsor(s):
Syberry Corporation
Business Context for
the Penetration Test:
Evaluation of the Syberry’s Information Systems security
Project Scope
Description:
The scope of the testing is restricted to a web application portal for the
company. This is a web application and the particular instantiation of the
portal to test is the Syberry Network. The web application requires a
standard username and password credentials for secure access. The
testing includes both unauthenticated and authenticated testing.
Date Prepared:
This testing effort took place in June 2019 and concluded on and concluded
on June 15th 2019
Copyright© 2...