Access Millions of academic & study documents

Assignment 1 briefing sheet

Content type
User Generated
Showing Page:
1/4
Assignment Briefing Sheet (2020/21 Academic Year)
This Assignment assesses the following module Learning Outcomes (from Definitive Module
Document):
1. The ethical issues relating to penetration testing and how to incorporate them operationally.
2. A deep and systematic application of the tools, methods and procedures (theoretical and
methodological) used within the cyber security arena in the context of a penetration test
3. Work in teams (as leader or member) adapting to changing requirements for effectively
communicating the results of a penetration test
Assignment Brief:
Scenario:
Assume that you are working as a consultant for an SME which is building its capability in penetration testing.
You are part of a small team of three (3) consultants who are preparing to deliver a grey-box penetration
testing project. Your client has asked your employer to conduct the penetration test against a server, as they
fear they might have already been breached. To their best of their knowledge, the company assumes that
the server offers only the following online services: http, b) ssh, and c) vnc.
In this context, this assignment has two tasks:
Task 1 is an individual task that will assess your understanding of the statutory and ethical issues
surrounding penetration testing
Task 2 is a group task that will assess your understanding of the pentest process itself.
Please ensure that in completing these tasks you deploy the techniques you have been taught in your course
and, especially, in this module. If you produce work that is not concise and to the point, then marks may be
reduced.
The deadline for this assignment is the 25.03.2021.
Task 1 (Individual work)
Task 1 is an individual exercise. It is expected that this task will be in the region of 1500 words. You are
expected to:
Comment on the statutory and ethical considerations of a penetration tester working in the UK.
Undertake research and critically compare the published penetration testing methodologies (such
as OWASP, PTES, OSSTMM…) in order to deduce their applicability for Assignment 2.
Please note, your task is to critically compare existing methodologies against the scope of Assignment 2.
As a result, we are not expecting you to provide an overview of them, not to provide a critique on types of
PenTests and certainly not to tell us what is your favorite “pentesting color” (white, black, grey). In order to
undertake the comparison, you will have to justify your comparison criteria. Your comparison criteria
should be extracted from the scope of Assignment 2.
Scope of Assignment 2: Undertake a grey-box infrastructure PenTest. The target of the second assignment
will be one Linux server, which the company assumes that it offers the following online services:
http, b) ssh, and c) vnc..
Your Task 1 findings must be used in Task 2.
If you fail to provide references using the Harvard referencing style as per the University regulations, your
work will be marked as superficial and it is unlikely to obtain a pass grade.
Task 2 (Group work)
Task 2 is mainly a group exercise. Your tutor will allocate you to a group. As a group, you will have to decide
on how you will manage this task, what roles you will each have and how you will manage change during
the lifecycle of this assignment. The Group Management section of the report is an individual activity
and should be treated as confidential information. Each student is expected to report on group
management activities. Discrepancies between group members will affect the grades.

Sign up to view the full document!

lock_open Sign Up
Showing Page:
2/4
Note that on the field, a customer does not care about problems and issues. The customer will expect a
report for his money. In reporting for the Group Management Section, it is important to focus on the solutions
your group will implement in order to deliver on time, and not on the problems.
You are expected to work together and design/develop:
a Standard Operating Procedure (SOP),
a decision-making tree,
These will describe how you plan to undertake the penetration test of the server, which is Task 3 and you
can find in the second Assignment Brief Document, entitled Assignment 2: Pentesting Server.
Each group member must include their final SOP and the decision tree to his/her report. In addition,
each member should submit intermediary versions of the SOP and decision tree, as they are
produced by the Team on each calendar week. Aim to submit at least one version of the outcomes
of your work before your final submission.
In particular, the SOP should address: intelligence gathering (target profiling), vulnerability identification and
analysis, and target exploitation (including post exploitation).
An SOP is defined as a set of step-by-step instructions compiled by an organisation to help workers carry
out routine operations. The SOP must explain what PenTest activities you will undertake in Task 3 and you
can find in the second Assignment Brief Document, entitled Assignment 2: Pentesting Server. The decision
tree must report how you will execute your SOP. There must be no discrepancies between the SOP and the
decision tree. The SOP is expected to have the following example structure:
Phase 1
o
Process 1.1
Activity 1.1.1
Name:
Input:
Function:
Output:
Resources/Tool:
Details:
Please do not submit hand-written decision trees. A decision tree is a specific type of flow chart used to
visualize the decision-making process by mapping out different courses of action, as well as their
potential outcomes. The nodes of the tree must be the activities of your SOP.
Assessment Criteria
Mark Available
Task 1: Legal and ethical consideration of a penetration tester in
the UK
10
Task 1: Comparison Criteria
5
Task 1: PenTest Methodology Comparison
10
Task 2: Group management
5
Task 2: SOP (Standard Operating Procedure) for Task 2
10
Task 2: Decision Making Tree for Task 2
10
Total
50
For clarification questions please make use of the discussion forums on Canvas so that the whole of the
student cohort may benefit from the discussion.
Submission Requirements:
You are required to submit a text report in a PDF document using the submission link provided on Canvas.
Please note it is your responsibility to ensure you will submit on time. Canvas is a stable platform with a

Sign up to view the full document!

lock_open Sign Up
Showing Page:
3/4

Sign up to view the full document!

lock_open Sign Up
End of Preview - Want to read all 4 pages?
Access Now
Unformatted Attachment Preview
Assignment Briefing Sheet (2020/21 Academic Year) This Assignment assesses the following module Learning Outcomes (from Definitive Module Document): 1. The ethical issues relating to penetration testing and how to incorporate them operationally. 2. A deep and systematic application of the tools, methods and procedures (theoretical and methodological) used within the cyber security arena in the context of a penetration test 3. Work in teams (as leader or member) adapting to changing requirements for effectively communicating the results of a penetration test Assignment Brief: Scenario: Assume that you are working as a consultant for an SME which is building its capability in penetration testing. You are part of a small team of three (3) consultants who are preparing to deliver a grey-box penetration testing project. Your client has asked your employer to conduct the penetration test against a server, as they fear they might have already been breached. To their best of their knowledge, the company assumes that the server offers only the following online services: http, b) ssh, and c) vnc. In this context, this assignment has two tasks: • Task 1 is an individual task that will ass ...
Purchase document to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.
Studypool
4.7
Indeed
4.5
Sitejabber
4.4

Similar Documents