Company XYZ, a
mid-sized corporation, is in the middle of satisfying their regulatory
compliance needs. The manager of security at the company has been tasked by the
CIO (Chief Information Officer) to report on the company’s current security
posture. You are called upon as a 3rd party penetration tester, based
on your industry reputation of being both careful and thorough to report on
company XYZ’s security posture. The only information available about the company
is the generalized information found on its company Website which includes a
contact page, home page, customer login portal, copyright and acceptable use
page, and disclaimers page.
As an experienced
penetration tester, you already have a collection of typical tools you use to
conduct your tests (at minimum, all the tools available in CEH labs for this
course.) The end goal here is to report on company XYZ’s current security
posture through performing penetration tests.
Write a four to five
(4-5) page paper in which you outline all steps you would take to provide
company XYZ’s request. Include but do not limit yourself to the
- Determine the
communications and questions that you need to ask the Manager of Security before
beginning your work assignment.
- Determine the type
of documents you would bring to your first meeting with the Manager of Security
(i.e. documents to sign, to review, to consider).
chronologically when things happen.
- Predict what results
are expected based on tools and techniques you use. For example, if a goal is to
collect recon data, one might use the Nmap tool to perform a subnet scan. A
similar scan can be conducted in your iLabs environment and the resulting data
used as support in the form of screenshots when explaining your theories.
- Evaluate the
importance of the Nondisclosure Agreement (NDA) and other legal agreements to
- Propose the main
pre-penetration test steps that the penetration tester should perform before
beginning the initial phases of the XYZ penetration test. Provide a rationale to
support your proposal.
- Use at least three
(3) quality resources in this assignment. Note: Wikipedia and similar
Websites do not qualify as quality resources.
Your assignment must
follow these formatting requirements:
- Be typed, double
spaced, using Times New Roman font (size 12), with one-inch margins on all
sides; citations and references must follow APA or school-specific format.