Comprehensive Penetration Testing and Cybersecurity Analysis
Assignment Objective
The aim of this assignment is to help the student acquire a solid knowledge on how to prepare a
professional penetration testing report by first completing a research task from Penetration Testing case
study and then by applying several techniques and tools on a given scenario in order to generate a
professional penetration testing report.
Assignment Tasks
Task 1: (35 Marks)
You are a Penetration Tester and Perform penetration tests on computer systems, networks, and
applications, Search for weaknesses in common software, web applications, and proprietary systems.
You are performing various penetration testsfor a medium-sized organization thatsells imported cars and
motorcycles through its online storefront.
You are required to do the following, which tools you will use in the following scenarios. List each tool
with its purpose and brief usage details.
A.
i. You need to discover who owns the organizations domain.
ii. You need to discover which IP addresses are associated with the organizations domain.
iii. You want to query search engines and other resources to discover email addresses, employee
names, and other details about the target.
iv. You need to uncover any information you can find about the organization using open-source
intelligence.
v. You need to probe the organizations web server IP address to see what information is associated
with it, such as the version of SSL or TLS and the cipher suite that it uses.
vi. You want to search the Internet for any documents associated with the organization (such as
Microsoft Word or PowerPoint documents) and analyze each files metadata for useful
information.
vii. You want to discover whether the target organization has any of the IOT devices deployed.
(7 marks)
B.
Apply the above-mentioned tools in part (A) to any website and write a pen testing report showing the
results obtained and implications of each result. (28 marks)
Task 2. (35 marks)
Select at least three published research papers (preferably from ACM Digital Library or IEEE
Computer Society Digital Library (IEEE CSDL), answer the following questions:
a. Analyze any five modern types of phishing attacks, methodologies, impacts, and
countermeasures. Show this information in from of table enhancing its readability. (20 marks)
b. Analyze the following injection attacks against web applications with reference to published
research papers and their countermeasures. (15 marks)
i. Command Injection Attacks.
ii. File Injection Attacks.
iii. HTML Injection Attacks
Task 3: (30 Marks)
CTFLearn (https://ctflearn.com/) is an online platform where you can learn and practice your hacking and
cybersecurity skills through various challenges. The challenges cover different aspects of information
security, cryptography, web application security, and more. Web challenges are one of the categories of
challenges that involve exploiting web vulnerabilities.
In this task, you are requested to apply different tools and show the results:
a. Apply three different scanning tools and analyze the results. (10 marks)
b. Apply the attacks in the following categories after finding vulnerabilities by using suitable tools
and techniques and write a comprehensive report.
i. Directory Traversal: Navigating into other directories.
ii. Denial of Service
iii. Cookie/session poisoning
iv. Password Brute force attack.
v. SQL Injection: Exploiting vulnerabilities in database queries. (20 Marks)
Are you struggling to keep up with the demands of your academic journey? Don't worry, we've got your back! Exam Question Bank is your trusted partner in achieving academic excellence for all kind of technical and non-technical subjects.
Our comprehensive range of academic services is designed to cater to students at every level. Whether you're a high school student, a college undergraduate, or pursuing advanced studies, we have the expertise and resources to support you.
To connect with expert and ask your query click here Exam Question Bank
