Get Instant Help From 5000+ Experts For
question

Writing: Get your essay and assignment written from scratch by PhD expert

Rewriting: Paraphrase or rewrite your friend's essay with similar meaning at reduced cost

Editing:Proofread your work by experts and improve grade at Lowest cost

And Improve Your Grades
myassignmenthelp.com
loader
Phone no. Missing!

Enter phone no. to receive critical updates and urgent messages !

Attach file

Error goes here

Files Missing!

Please upload all relevant files for quick & complete assistance.

Guaranteed Higher Grade!
Free Quote
wave
Penetration Testing Project - Assignment Brief and Tasks

Task 1: Attack Tree Against Web Server (Group work)

This Assignment assesses the following module Learning Outcomes (from Definitive Module Document):

  1. The ethical issues relating to penetration testing and how to incorporate them operationally.
  2. A deep and systematic application of the tools, methods and procedures (theoretical and methodological) used within the cyber security arena in the context of a penetration test
  3. Work in teams (as leader or member) adapting to changing requirements for effectively communicating the results of a penetration test
  4. Critically analyse and evaluate security techniques used to protect complex heterogeneous environments and apply their findings for offering advice regarding solutions to decision makers.
  5. Apply advanced and current concepts/issues of computer systems risks, vulnerabilities, threats analysis, and software security in the context of a penetration test
  6. Use initiative for autonomously conducting and managing a penetration test, within a complex and unpredictable environment, demonstrating a systematic approach of creatively applying knowledge in unfamiliar contexts for solving problems

Assignment Brief:

You are only required to undertake this assignment if you have an FREFC for Assignment 1 and Assignment 2, i.e. you have not passed both Assignment1 AND Assignment 2.

Task 1: Attack Tree Against Web Server (Group work)

Task 1 is mainly a group exercise which is allocated 750 words. Your module leader will allocate you to a group. As a group, you will have to decide on how you will manage this task, what roles you will each have and how you will manage change during the lifecycle of this assignment. The Group Management section of the report is an individual activity and should be treated as confidential information. Each student is expected to report on group management activities, without sharing them with the other group members.

Discrepancies between group members will affect the grades. Note that on the field, a customer does not care about problems and issues. The customer will expect a report for his money. In reporting for the GroupManagement Section, it is important to focus on the solutions your group will implement in order to deliver on time, and not on the problems.

You are expected to work together as a group of three develop an Attack Tree. As we have discussed in Unit 3, an Attack Tree shows different ways in which a system can be attacked. For this task, your target system is a web server. Assume for this task that you have completed your port scanning activities and only one service exists on the system, i.e. port 80 where Apache server executes and presents you will the following login page when you connect to it with your browser.

Each group member must include the same, agreed by the group, Attack tree to his/her report. Please do not submit hand-written decision trees. Make sure that your attack tree includes at least three (3) attacks that you would undertake against the server.

Deliverable :

  1. Attack Tree, shared amongst the group members
  2. Group Management, confidential, not shared amongst the group members

Task 2 (Individual work)

Task 2 is an individual exercise, which consists of three subtasks. For the completion of all the subtasks consider the following scenario.

Scenario:

You are asked to deliver a penetration testing project. Your client, which is a SME operating in the UK, has asked your employer to conduct the penetration test against a server, as they fear they might have already been breached.

Information about the IP address of target of your penetration test as well as the schedule to access it is available on Canvas. Specifically, please navigate to the module on Canvas and select the “Your Assignment IP address and your Access Schedule” page, which is available under the “Module Information” Unit, in order to find more information.

Subtask A:

It is expected that this subtask will be in the region of 500 words. You are expected to comment on the legal considerations of your work for this subtask. If you fail to provide references using the Harvard referencing style as per the University regulations, your work will be marked as superficial and it is unlikely to obtain a pass grade.

Subtask B:

It is expected that this task will be in the region of 100 words. You are expected to provide an executive summary for the penetration testing activities that you have undertaken. Assume that this subtask delivers the executive summary of a penetration testing report, thus the expected audience is upper management. Please refer to the lecture slides for the information that you need to include here.

support
close