Get Instant Help From 5000+ Experts For

Writing: Get your essay and assignment written from scratch by PhD expert

Rewriting: Paraphrase or rewrite your friend's essay with similar meaning at reduced cost

Editing:Proofread your work by experts and improve grade at Lowest cost

And Improve Your Grades
Phone no. Missing!

Enter phone no. to receive critical updates and urgent messages !

Attach file

Error goes here

Files Missing!

Please upload all relevant files for quick & complete assistance.

Guaranteed Higher Grade!
Free Quote
Portfolio Assignment on Penetration Testing and Attack Tree Against Web Server

Task 1: Attack Tree Against Web Server (Group Work)

This Assignment assesses the following module Learning Outcomes (from Definitive Module Document):

  1. The ethical issues relating to penetration testing and how to incorporate them operationally.
  2. A deep and systematic application of the tools, methods and procedures (theoretical and methodological) used within the cyber security arena in the context of a penetration test
  3. Work in teams (as leader or member) adapting to changing requirements for effectively communicating the results of a penetration test
  4. Critically analyse and evaluate security techniques used to protect complex heterogeneous environments and apply their findings for offering advice regarding solutions to decision makers.
  5. Apply advanced and current concepts/issues of computer systems risks, vulnerabilities, threats analysis, and software security in the context of a penetration test
  6. Use initiative for autonomously conducting and managing a penetration test, within a complex and unpredictable environment, demonstrating a systematic approach of creatively applying knowledge in unfamiliar contexts for solving problems

You are only required to undertake this assignment if you have an FREFC for Assignment 1 and Assignment 2, i.e. you have not passed both Assignment1 AND Assignment 2.

This portfolio has one individual Task, i.e., one that you must complete on your own, and one group Task, which you complete as a group of 3 students. The portfolio will be in the region of 3,000 words.

Task 1: Attack Tree Against Web Server (Group work)

Task 1 is mainly a group exercise which is allocated 750 words. Your module leader will allocate you to a group. As a group, you will have to decide on how you will manage this task, what roles you will each have and how you will manage change during the lifecycle of this assignment. The Group Management section

of the report is an individual activity and should be treated as confidential information. Each student is expected to report on group management activities, without sharing them with the other group members.

Discrepancies between group members will affect the grades. Note that on the field, a customer does not care about problems and issues. The customer will expect a report for his money. In reporting for the Group Management Section, it is important to focus on the solutions your group will implement in order to deliver on time, and not on the problems.

You are expected to work together as a group of three develop an Attack Tree. As we have discussed in Unit 3, an Attack Tree shows different ways in which a system can be attacked. For this task, your target system is a web server. Assume for this task that you have completed your port scanning activities and only one service exists on the system, i.e. port 80 where Apache server executes and presents you will the following login page when you connect to it with your browser.

Each group member must include the same, agreed by the group, Attack tree to his/her report. Please do not submit hand-written decision trees. Make sure that your attack tree includes at least three (3) attacks that you would undertake against the server.

Deliverable (750 words):

  1. Attack Tree, shared amongst the group members
  2. Group Management, confidential, not shared amongst the group members

Task 2 (Individual work)

Task 2 is an individual exercise, which consists of three subtasks. For the completion of all the subtasks consider the following scenario.

Task 2: Penetration Testing Project (Individual Work)


You are asked to deliver a penetration testing project. Your client, which is a SME operating in the UK, has asked your employer to conduct the penetration test against a server, as they fear they might have already been breached.

Information about the IP address of target of your penetration test as well as the schedule to access it is available on Canvas. Specifically, please navigate to the module on Canvas and select the “Your Assignment IP address and your Access Schedule” page, which is available under the “Module Information” Unit, in order to find more information.

Subtask A:

It is expected that this subtask will be in the region of 500 words. You are expected to comment on the legal considerations of your work for this subtask. If you fail to provide references using the Harvard referencing style as per the University regulations, your work will be marked as superficial and it is unlikely to obtain a pass grade.

Subtask B:

It is expected that this task will be in the region of 100 words. You are expected to provide an executive summary for the penetration testing activities that you have  undertaken. Assume that this subtask delivers the executive summary of a penetration testing report, thus the expected audience is upper management. Please refer to the lecture slides for the information that you need to include here.

It is expected that this task will be in the region of 1650 words. You are expected to provide a technical documentation of the exploitation of four (4) vulnerabilities, as well as a description of their mitigation. Thus, for each vulnerability, you need to provide evidence of the identification of the vulnerability, its exploitation, and describe the steps that your client must undertake in order to mitigate the vulnerability.

Assessment Criteria Mark Available

Task 1: Group management 10

Task 1: Attack Tree 20

Task 2: A Legal consideration of Task 2 10

Task 2 B. Executive Summary 10

Task 2: C. Vulnerability Exploitation and Mitigation 40

For clarification questions please make use of the discussion forums on Canvas so that the whole of the student cohort may benefit from the discussion.

You are required to submit a text report in a PDF document using the submission link provided on Canvas. Please note it is your responsibility to ensure you will submit on time. Canvas is a stable platform with alarge technical team supporting it. Apropos, it is a software platform. It is advisable to submit before the day of the deadline.

You are expected to demonstrate an insight into the implications of the problem introduced in each task by using clear and concise arguments. The report should be well written, showing good skills in creativity and design. Sentences should be of an appropriate length and the writing style should be brief but informative. Any images or Tables that you provide should be referred by text in the report. Work that is not making sense will be marked down. Write to impress! Aim for excellence. Be pedantic about formatting and presentation.

sales chat
sales chat