LOT Task 3
Click to Show/Hide Directions
SUBDOMAIN 426.4 - HACKING
426.4.2: Preattack Planning - The graduate evaluates techniques used in footprinting and implements industry best practices to protect against this type of information asset vulnerability.
426.4.3: System Hacking - The graduate evaluates various network system hacking counter-techniques.
426.4.5: Hacking Web Servers - The graduate identifies known web server vulnerabilities and demonstrates industry best practices to protect against this type of threat.
426.4.6: Web Application Vulnerabilities - The graduate identifies common web application vulnerabilities and uses industry best practices to protect against this type of threat.
Maintaining a proactive approach on security requires that an organization perform its own hacking footprinting to see how much information is available to potential hackers. Some organizations do this using internal staff; however, it is much more common to see organizations hire external security consultants to perform these types of security reviews. This allows a truly unbiased outsider to attempt to gather as much information as possible to formulate an attack.
Assume that you have been selected as the security consultant to perform a comprehensive security review for an organization of your choosing. Ensure that the organization that you select has a public website that you can access and at least one web application that you can use for this task. You will review the security of the organization’s website and any related web applications and consider security risks such as structured query language (SQL) injection and social engineering techniques.
To complete this task, you will need to perform a footprinting analysis of your selected company. Your comprehensive security review will involve a series of tasks that are described in detail below.
Note: Task 3 only requires “Passive” Footprinting and a discussion on SQL injection. At no time during the execution of this task should any connection be made to the Footprinting target. If you have any questions please contact the course mentor.
A. Create a multimedia presentation (e.g., PowerPoint, Keynote) (suggested length of 12–15 slides) in which you do the following:
1. Summarize your findings of a footprinting analysis you performed on your chosen organization.
2. Discuss how the information gathered during your footprinting analysis could be used to initiate an attack against the organization.
3. Discuss social engineering techniques that could be utilized to gather information regarding the organization’s computer systems.
a. Present appropriate countermeasures that should be used to combat such social engineering techniques.
4. Prescribe a series of countermeasures and remedies that could be utilized to counter this type of footprinting attack.
5. Present common web server vulnerabilities that the organization is most susceptible to.
6. Present common threats against web applications that pose the greatest risk to the organization’s web applications.
7. Illustrate how SQL injection could be used to obtain or destroy information from a web application’s database.
8. Discuss how SQL injection techniques could pose a potential threat to the organization’s web applications.
Note: The slides in your presentation should include only the main points you wish to make, with more extensive information included in the presenter notes section of the presentation.
B. When you use sources, include all in-text citations and references in APA format.
Note: When bulleted points are present in the task prompt, the level of detail or support called for in the rubric refers to those bulleted points.
Note: For definitions of terms commonly used in the rubric, see the Rubric Terms web link included in the Evaluation Procedures section.
Note: When using sources to support ideas and elements in a paper or project, the submission MUST include APA formatted in-text citations with a corresponding reference list for any direct quotes or paraphrasing. It is not necessary to list sources that were consulted if they have not been quoted or paraphrased in the text of the paper or project.
Note: No more than a combined total of 30% of a submission can be directly quoted or closely paraphrased from sources, even if cited correctly. For tips on using APA style, please refer to the APA Handout web link included in the General Instructions section.