This Assignment assesses the following module Learning Outcomes (from Definitive Module Document): 1. The ethical issues relating to penetration testing and how to incorporate them operationally. 2. A deep and systematic application of the tools methods and procedures (theoretical and methodological) used within the cyber security arena in the context of a penetration test 3. Work in teams (as leader or member) adapting to changing requirements for effectively communicating the results of a penetration test Assignment Brief: Scenario: Assume that you are working as a consultant for an SME which is building its capability in penetration testing. You are part of a small team of three (3) consultants who are preparing to deliver a grey-box penetration testing project. Your client has asked your employer to conduct the penetration test against a server as they fear they might have already been breached. To their best of their knowledge the company assumes that the server offers only the following online services: http b) ssh and c) vnc. In this context this assignment has two tasks: Please ensure that in completing these tasks you deploy the techniques you have been taught in your course and especially in this module. If you produce work that is not concise and to the point then marks may be reduced. Task 1 (Individual work) Task 1 is an individual exercise. It is expected that this task will be in the region of 1500 words. You are expected to: as OWASP PTES OSSTMM…) in order to deduce their applicability for Assignment 2. Please note your task is to critically compare existing methodologies against the scope of Assignment 2. As a result we are not expecting you to provide an overview of them not to provide a critique on types of PenTests and certainly not to tell us what is your favorite “pentesting color” (white black grey). In order to undertake the comparison you will have to justify your comparison criteria. Your comparison criteria should be extracted from the scope of Assignment 2. Scope of Assignment 2: Undertake a grey-box infrastructure PenTest. The target of the second assignment will be one Linux server which the company assumes that it offers the following online services: http b) ssh and c) vnc.. Your Task 1 findings must be used in Task 2. If you fail to provide references using the Harvard referencing style as per the University regulations your work will be marked as superficial and it is unlikely to obtain a pass grade. Task 2 (Group work) Task 2 is mainly a group exercise. Your tutor will allocate you to a group. As a group you will have to decide on how you will manage this task what roles you will each have and how you will manage change during the lifecycle of this assignment. The Group Management section of the report is an individual activity and should be treated as confidential information. Each student is expected to report on group management activities. Discrepancies between group members will affect the grades. School of Physics Engineering and Computer Science Page 3 of 5 Note that on the field a customer does not care about problems and issues. The customer will expect a report for his money. In reporting for the Group Management Section it is important to focus on the solutions your group will implement in order to deliver on time and not on the problems. You are expected to work together and design/develop: These will describe how you plan to undertake the penetration test of the server which is Task 3 and you can find in the second Assignment Brief Document entitled Assignment 2: Pentesting Server. Each group member must include their final SOP and the decision tree to his/her report. In addition each member should submit intermediary versions of the SOP and decision tree as they are produced by the Team on each calendar week. Aim to submit at least one version of the outcomes of your work before your final submission. In particular the SOP should address: intelligence gathering (target profiling) vulnerability identification and analysis and target exploitation (including post exploitation). An SOP is defined as a set of step-by-step instructions compiled by an organisation to help workers carry out routine operations. The SOP must explain what PenTest activities you will undertake in Task 3 and you can find in the second Assignment Brief Document entitled Assignment 2: Pentesting Server. The decision tree must report how you will execute your SOP. There must be no discrepancies between the SOP and the decision tree. The SOP is expected to have the following example structure: o Process 1.1 ▪ Activity 1.1.1 ▪ Name: ▪ Input: ▪ Function: ▪ Output: ▪ Resources/Tool: ▪ Details: Please do not submit hand-written decision trees. A decision tree is a specific type of flow chart used to visualize the decision-making process by mapping out different courses of action as well as their potential outcomes. The nodes of the tree must be the activities of your SOP. Assessment Criteria Mark Available Task 1: Legal and ethical consideration of a penetration tester in the UK – 10 Task 1: Comparison Criteria 5 Task 1: PenTest Methodology Comparison 10 Task 2: Group management 5 Task 2: SOP (Standard Operating Procedure) for Task 2 10 Task 2: Decision Making Tree for Task 2 10 Total 50 For clarification questions please make use of the discussion forums on Canvas so that the whole of the student cohort may benefit from the discussion. Submission Requirements: You are required to submit a text report in a PDF document using the submission link provided on Canvas. Please note it is your responsibility to ensure you will submit on time. Canvas is a stable platform with a School of Physics Engineering and Computer Science Page 4 of 5 large technical team supporting it. Apropos it is a software platform. It is advisable to submit before the day of the deadline. You are expected to demonstrate an insight into the implications of the problem introduced in each task by using clear and concise arguments. The report should be well written showing good skills in creativity and design. Sentences should be of an appropriate length and the writing style should be brief but informative. Work that is not making sense will be marked down. Write to impress! Aim for excellence. Be pedantic about formatting and presentation. The following report structure is expected: 1. Task 1 a. Legal & Ethical Considerations b. Comparison Criteria c. PenTest Methodology Comparison 2. Task 2 a. Group Management b. SOP c. Decision Tree 3. References (aim for at least of 20 references!) 4. Appendixes (optional but advisable) There are no marks allocated for the report structure but it is advisable you follow the expected structure in order to simplify the assessment process and have a clear link between the marking criteria and your work. Requirements: as per provided requirements Task 1 is an individual task that will assess your understanding of the statutory and ethical issues surrounding penetration testing Task 2 is a group task that will assess your understanding of the pentest process itself. Comment on the statutory and ethical considerations of a penetration tester working in the UK. Undertake research and critically compare the published penetration testing methodologies (such a Standard Operating Procedure (SOP) a decision-making tree Phase 1 ‘
We value our customers and so we ensure that what we do is 100% original..
With us you are guaranteed of quality work done by our qualified experts.Your information and everything that you do with us is kept completely confidential.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
The Product ordered is guaranteed to be original. Orders are checked by the most advanced anti-plagiarism software in the market to assure that the Product is 100% original. The Company has a zero tolerance policy for plagiarism.Read more
The Free Revision policy is a courtesy service that the Company provides to help ensure Customer’s total satisfaction with the completed Order. To receive free revision the Company requires that the Customer provide the request within fourteen (14) days from the first completion date and within a period of thirty (30) days for dissertations.Read more
The Company is committed to protect the privacy of the Customer and it will never resell or share any of Customer’s personal information, including credit card data, with any third party. All the online transactions are processed through the secure and reliable online payment systems.Read more
By placing an order with us, you agree to the service we provide. We will endear to do all that it takes to deliver a comprehensive paper as per your requirements. We also count on your cooperation to ensure that we deliver on this mandate.Read more