Task
This Assignment assesses the following module Learning Outcomes (from Definitive Module Document):
1. The ethical issues relating to penetration testing and how to incorporate them operationally.
2. A deep and systematic application of the tools, methods and procedures (theoretical and methodological) used within the cyber security arena in the context of a penetration test
3. Work in teams (as leader or member) adapting to changing requirements for effectively communicating the results of a penetration test
Detailed Instructions:
Scenario:
Assume that you are working as a consultant for an SME which is building its capability in penetration testing. You are part of a small team of three (3) consultants who are preparing to deliver a white-box penetration testing project. Your client has asked your employer to conduct the penetration test against a web server and its relevant web application (online shop), which is hosted on Amazon AWS.
Task 1 (Individual work)
Task 1 is an individual exercise. It is expected that this task will be in the region of 1500 words.
You are expected to:
•Comment on the statutory and ethical considerations of a penetration tester working in the UK.
•Undertake research and critically compare the published penetration testing methodologies (such as OWASP, PTES, OSSTMM…) in order to deduce their applicability for this scenario.
Please note that your task is to critically compare existing methodologies against the scope of this scenario. As a result, we are not expecting you to provide an overview of them, not to provide a critique on types of PenTests and certainly not to tell us what is your favorite “pentesting color” (white, black, grey). In order to undertake the comparison, you will have to justify your comparison criteria. Your comparison criteria should be extracted from the scope of the scenario that has been described above.
Your Task 1 findings must be used in Task 2.
If you fail to provide references using the Harvard referencing style as per the University regulations, your work will be marked as superficial and it is unlikely to obtain a pass grade.
You are expected to demonstrate an insight into the implications of the problem introduced in each task by using clear and concise arguments. The report should be well written, showing good skills in creativity and design. Sentences should be of an appropriate length and the writing style should be brief but informative. Work that is not making sense will be marked down. Write to impress! Aim for excellence. Be pedantic about formatting and presentation.
The following report structure is expected:
1. Task 1
1. Legal & Ethical Considerations
2. Comparison Criteria
3. PenTest Methodology Comparison
