SlideShare a Scribd company logo

PENETRATION TESTING METHODOLOGY PROJECT TEMPLATE .docx

Download as DOCX, PDF
K
karlhennesey

PENETRATION TESTING METHODOLOGY PROJECT TEMPLATE 14 Penetration Testing Methodology Project Template ISTXXXX Your Name Running Head: Penetration Testing Methodology Project Template 1 Table of Contents Phase I: Planning and Preparation X Phase II: Assessment X Information Gathering X Network Mapping X Vulnerability Analysis X Penetration Testing X Phase III: Closing Activities X Reporting X Follow-on Actions X Archiving X Reference X Appendix X Example: Test Outputs X Example: Vulnerability Scan Reports X Example: Analysis Metrics from Tools X Example: Presentations X Example: Screenshots of Systems X Example: Screenshots of Commands X Example: Contractual Agreement X Example: Service Level Agreement X Example: Invoice X Example: Non-disclosure Agreement X List of Tables and Figures Figure 1. Example: Scope X Figure 2. Example: Deliverables X Give a brief summary, one page or less, of what you believe the purpose of this penetration test to be, what methodologies are appropriate, provide a statement of purpose. A virtual scenario has been provided for completion of this project. That said, Wilmington University is an institute of higher learning. As such, research is highly encouraged and rewarded. You have the option, with prior approval, to conduct penetration tests on personally owned systems such as Boxee Boxes, internet connected televisions/refrigerators, MySQL, etc. Phase I: Planning and Preparation This is arguably the most important part of a penetration testing project. The logistical work done during this phase makes it possible to execute a successful penetration test. The origins of all problems experienced during the other two phases can usually be tracked back to a lack of planning during this phase. This phase concludes with an assessment agreement. Background Give the penetration test context. Provide answers to these questions such as: (a) What kind of company is this?, (b) What services are they requesting?, (c) Why is the company requesting the services?, and (d) Does the requestor have the authority to make the request? Assessment Agreement The assessment agreement will include: 1. Scope: a. Rules of Engagement i. Internal, external, or both approach. ii. White, gray, or black box approach. iii. Announced, unannounced. iv. Passive recon, active recon. b. What will be tested? (Telephony, network, database, wireless (keyboard, mouse, Bluetooth, Zigbee), applications, web server, email servers, VPN, data leakage protection, VoIP, physical, DMZ, IDS, firewall, router, switch.) c. What will it be tested with? (BackTrack, Metasploit, Canvas Immunity, personally developed code, low orbit internet cannon, etc.) d. How? (Trojan, social engineering, denial-of-service, stealing/breaking and entering, viruses, wardialing.) *Use the Scope tables provided below as an example for logically organizing your information. Pene ...

Education
1 of 13
PENETRATION TESTING METHODOLOGY PROJECT TEMPLATE 14 Penetration Testing Methodology Project Template ISTXXXX Your Name Running Head: Penetration Testing Methodology Project Template 1 Table of Contents Phase I: Planning and Preparation X Phase II: Assessment X Information Gathering X Network Mapping X Vulnerability Analysis X Penetration Testing X Phase III: Closing Activities X Reporting X Follow-on Actions X Archiving X Reference X Appendix X
Example: Test Outputs X Example: Vulnerability Scan Reports X Example: Analysis Metrics from Tools X Example: Presentations X Example: Screenshots of Systems X Example: Screenshots of Commands X Example: Contractual Agreement X Example: Service Level Agreement X Example: Invoice X Example: Non-disclosure Agreement X List of Tables and Figures Figure 1. Example: ScopeX Figure 2. Example: Deliverables X Give a brief summary, one page or less, of what you believe the purpose of this penetration test to be, what methodologies are appropriate, provide a statement of purpose. A virtual scenario has been provided for completion of this project. That said, Wilmington University is an institute of higher learning. As such, research is highly encouraged and rewarded. You have the option, with prior approval, to conduct penetration tests on personally owned systems such as Boxee Boxes, internet connected televisions/refrigerators, MySQL, etc. Phase I: Planning and Preparation This is arguably the most important part of a penetration testing project. The logistical work done during this phase makes it possible to execute a successful penetration test. The origins of all problems experienced during the other two phases can usually be tracked back to a lack of planning during this phase. This phase concludes with an assessment agreement.
Background Give the penetration test context. Provide answers to these questions such as: (a) What kind of company is this?, (b) What services are they requesting?, (c) Why is the company requesting the services?, and (d) Does the requestor have the authority to make the request? Assessment Agreement The assessment agreement will include: 1. Scope: a. Rules of Engagement i. Internal, external, or both approach. ii. White, gray, or black box approach. iii. Announced, unannounced. iv. Passive recon, active recon. b. What will be tested? (Telephony, network, database, wireless (keyboard, mouse, Bluetooth, Zigbee), applications, web server, email servers, VPN, data leakage protection, VoIP, physical, DMZ, IDS, firewall, router, switch.) c. What will it be tested with? (BackTrack, Metasploit, Canvas Immunity, personally developed code, low orbit internet cannon, etc.) d. How? (Trojan, social engineering, denial-of-service, stealing/breaking and entering, viruses, wardialing.) *Use the Scope tables provided below as an example for logically organizing your information. Penetration Testing Scope In Scope Out of Scope 1. 2. 3. 4. 5. 1. 2. 3.
4. 5. Figure 1. Penetration Tests Scope. Penetration Testing Tools Scope In Scope Out of Scope 1. 2. 3. 4. 5. 1. 2. 3. 4. 5. Figure 2. Penetration Testing Tools Scope. 2. Deliverables: Deliverable Description Acceptance Criteria Presentation Electronic Document As defined in scope, vetted by Team Lead, approved by Project Manager Report Electronic Document & Presentation As defined in scope, vetted by Team Lead, approved by Project Manager Etc. Etc. Etc. Figure 3. Deliverables.
3. Team Members: Penetration Team Project Members Role Responsibility Description Project Manager Harcourt, Thomas – Manage team, ultimately responsible for success of project. Project Sponsor Valasquez, Juan – Handles escalated personnel issues, represents project and team to third parties. Team Members Last name, First, etc, - All act in penetration test engineer capacities. Stakeholders Company name, CIO, Department Heads, IT employees, etc. Etc. Etc. Figure 4. Team Members. Penetration Testing Team Members Engineer Specialty Duty Email Phone Number Alternate Harcourt, Thomas Project Management, Wireless Penetration Project Manager [email protected]
1-800-943-2257 x142 Rivera, Jorge Smith, Andrew Database, Email, Web Server Penetration Engineer [email protected] 1-800-943-2257 x138 Mutton, Scott Etc. Etc. Etc Etc. Etc. Etc. Etc. Etc. Etc Etc. Etc. Etc. Etc. Etc. Etc Etc. Etc. Etc. Etc. Etc. Etc Etc. Etc. Etc. Etc. Etc. Etc Etc.
Etc. Etc. Etc. Etc. Etc Etc. Etc. Etc. Etc. Etc. Etc Etc. Etc. Etc. Figure 5. Penetration Testing Team Members. 4. What is the escalation path for problems? (For example: What will you do if the owner asks you break into his wife’s personal email because he believes she is cheating on him, you discover child pornography, etc?) 5. Each department needs a point of contact. (For example, Network Administration, Server Administration, Client Administration, Help Desk, Network Security, Quality Assurance, Development, etc.) 6. Date/Time of Test. (Perhaps only weekends are acceptable or only early morning hours, etc.) 7. Miscellaneous Points of Contact: a. Law Enforcement (City, State, County) b. Internet Service Provider c. Consultants d. Subject Matter Experts e. Lawyers 8. Retest Policy. 9. Working conditions. (For example: (a) Where will you work from?, (b) What will you work with?, and (c) What do you require? 10. Non-disclosure Agreement.
11. Liability Insurance or Approval in Writing (For example: (a) Why do you need it? (b) Where do you find it?) 12. Contractual Constraints (For example: (a) Don’t denial of service servers because we have customers who will sue us., (b) Don’t transfer data., and (c) Don’t route attack traffic out of the country and back.) 13. Legal Issues – If illegal activity is found such as child porn then we will do what? 14. Quality Assurance – How? (For example: Is there a senior rater? Are double tests performed?) Phase II: Assessment Provide a brief description of what will occur during this phase. For example: This is the phase where you will implement your plan. You will gather data about your intended target and infer enough information so you have the knowledge you need to pursue a penetration test. This phase has four sections: Information Gathering, Network Mapping, Vulnerability Analysis, Penetration Testing. 1. Information Gathering There are many methods of gathering information on your company, as discussed during the planning phase. You should have already identified the information gathering techniques in scope of your work during the planning phase. Now it’s time to execute your information gathering techniques. Explain the difference between active and passive gathering. Categorize your work into two sections, active or passive gathering. A block of words is provided below to jog your mind: DNS/WHOIS, search engines, website (wget), Chamber of Commerce, company reviews, Google Maps, Facebook/MySpace/Twitter/YouTube, Internet Archive, job postings, key people, web addresses, servers OSs, locations of servers, web links, web server directory tree, enumerate services running on server and list, encryption standards (SSL, TLS, etc), form fields, web code/language, variables, meta tag info. 2. Network Mapping
This section is where we compile a list of devices and their locations on the network, also known as foot printing the network. It can be broken down into two sections, internal and external. A list of devices should be provided with as much information as possible. Rack and stack the devices for targeting. A block of words is provided below to jog your mind: Live hosts, open/closed ports, services, perimeter devices, firewalls, routers, DMZs, operating systems, purpose of device, banner page, error pages, topological map, IP block, DNS registry information, ISP, tracert. 3. Vulnerability Analysis Specific targets have been identified. You’ve racked and stacked. It’s time to focus on your targets. List them here and explain why you’ve chosen them. Follow these steps below: a. Identify vulnerable services/OSs/coding language(s)/form input(s): b. Search for known vulnerabilities for each OS, service, etc, and list them: (CVE, CERT, NVD, etc.) c. Reprioritize rack and stack list. Classify list by likelihood of success. d. Create attack scenario. Tease out idea by drawing it on paper first. Provide a step-by-step with an accompanying descriptive paragraph detailing your thoughts. IMPORTANT: Verify your attack scenario is within scope. If it’s not, don’t do it. You could experience legal complications. 4. Penetration Testing This is the actual test. You are executing your attack scenario. Follow these steps: a. Find/develop your exploits for the vulnerabilities you identified, give a brief description of each, describe the dangers of using a second party exploit: (M1lW0rm, Metasploit, etc.) Vulnerability/Exploit Rack and Stack System Vulnerabilities
Exploits Exploit Description Exploit Source Ranking b. Use tool/code, verify success or failure to access. c. For each successful exploit list the system exploited, vulnerability, exploit used, paths, commands, impact on device. Provide screenshots, copies of file(s), intimate knowledge of system to prove claim. d. Hot wash. For each failure make a speculation of what the issues could be. For example, is the exploit being used against a slightly newer version of the system and, therefore, no longer effective? Phase III: Closing Activities The previous two phases were for your benefit as a penetration tester. There was an initial interface with the business in order to agree on the terms and then you planned and conducted a
penetration test. This is the phase where you communicate your findings to the business. 1. Reporting It is extremely important you reiterate in a clear and concise way that you’ve done what you said you would do. Provide a brief PowerPoint slide for each audience listed below. Use your judgment in determining what to include. Special note, this is also a pitch for further business. Market future services. a. Chief Information Officer/Director of Information Technology/Chief Security Officer/miscellaneous management: Example Management Summary: Scope, Tools, Exploits, Dates/Times, Verification, Residual Clean-up Actions Performed, Recommendations for Security Policy, Future Services (Post-Test Support, Countermeasures, Second Penetration Test, Training staff). b. IT Department Heads. Example: List systems found with accompanying specs and configurations, Vulnerabilities, Exploits, Dates/Times, Verification, Output of Tests, Post Clean-up Actions Performed, Recommendations, Post-testing. c. Technical Staff: server administrators, network administrators, client system administrators, etc. Example: Detail system exploited, date/time, output of tests, make specific recommendations that are actionable for the technicians such as fixing misconfigurations. 2. Follow-on Actions Describe what you’ve done in regards to follow-on actions. Follow-on actions include a discussion of cleaning up code, patching, wiping systems, notifying law enforcement and the ISP and stakeholders the penetration test is concluded, destroy network information gathering data and list of vulnerabilities and exploits and construct a lessons learned. The lessons learned should answer these, and other, questions: a. Were there any incidents, physical or cyber, with law enforcement, management, illegal activities found, pre-existing hacks already being exploited? b. How were they managed?
c. Could they have been managed differently? 3. Archiving List what information you will keep, why you will keep it, what the legal ramifications/risks of keeping it are, where you will keep it, and how long will you keep it? How will you secure the data you do keep? (Encryption level, software, cloud-based and accessible from your smart phone, locally stored, backup, in your email, data integrity checks with hashes, data leakage protection measures, knowledge database) Reference Appendix
PENETRATION TESTING METHODOLOGY PROJECT TEMPLATE .docx

Recommended

Black-Box Penetration Testing_ Advantages, Disadvantages, Techniques, and Too...
Black-Box Penetration Testing_ Advantages, Disadvantages, Techniques, and Too...Black-Box Penetration Testing_ Advantages, Disadvantages, Techniques, and Too...
Black-Box Penetration Testing_ Advantages, Disadvantages, Techniques, and Too...
Cyber security professional services- Detox techno
 
Black-Box Penetration Testing_ Advantages, Disadvantages, Techniques, and Too...
Black-Box Penetration Testing_ Advantages, Disadvantages, Techniques, and Too...Black-Box Penetration Testing_ Advantages, Disadvantages, Techniques, and Too...
Black-Box Penetration Testing_ Advantages, Disadvantages, Techniques, and Too...
Cyber security professional services- Detox techno
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
SuhailShaik16
 
erm Paper Penetration TestingDue Week 10 and worth 120 points.docx
erm Paper Penetration TestingDue Week 10 and worth 120 points.docxerm Paper Penetration TestingDue Week 10 and worth 120 points.docx
erm Paper Penetration TestingDue Week 10 and worth 120 points.docx
mealsdeidre
 
Cst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.comCst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.com
amaranthbeg113
 
Cst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.comCst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.com
amaranthbeg53
 
Cst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.comCst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.com
amaranthbeg73
 
InstructionsWork alone. You may not confer with other class me.docx
InstructionsWork alone. You may not confer with other class me.docxInstructionsWork alone. You may not confer with other class me.docx
InstructionsWork alone. You may not confer with other class me.docx
normanibarber20063
 

Recommended

Black-Box Penetration Testing_ Advantages, Disadvantages, Techniques, and Too...
Black-Box Penetration Testing_ Advantages, Disadvantages, Techniques, and Too...Black-Box Penetration Testing_ Advantages, Disadvantages, Techniques, and Too...
Black-Box Penetration Testing_ Advantages, Disadvantages, Techniques, and Too...
Cyber security professional services- Detox techno
 
Black-Box Penetration Testing_ Advantages, Disadvantages, Techniques, and Too...
Black-Box Penetration Testing_ Advantages, Disadvantages, Techniques, and Too...Black-Box Penetration Testing_ Advantages, Disadvantages, Techniques, and Too...
Black-Box Penetration Testing_ Advantages, Disadvantages, Techniques, and Too...
Cyber security professional services- Detox techno
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
SuhailShaik16
 
erm Paper Penetration TestingDue Week 10 and worth 120 points.docx
erm Paper Penetration TestingDue Week 10 and worth 120 points.docxerm Paper Penetration TestingDue Week 10 and worth 120 points.docx
erm Paper Penetration TestingDue Week 10 and worth 120 points.docx
mealsdeidre
 
Cst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.comCst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.com
amaranthbeg113
 
Cst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.comCst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.com
amaranthbeg53
 
Cst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.comCst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.com
amaranthbeg73
 
InstructionsWork alone. You may not confer with other class me.docx
InstructionsWork alone. You may not confer with other class me.docxInstructionsWork alone. You may not confer with other class me.docx
InstructionsWork alone. You may not confer with other class me.docx
normanibarber20063
 
Review the steps found in business process engineering. Review the.docx
Review the steps found in business process engineering. Review the.docxReview the steps found in business process engineering. Review the.docx
Review the steps found in business process engineering. Review the.docx
joellemurphey
 
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
MohamedOmerMusa
 
Formative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksFormative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering Attacks
DamaineFranklinMScBE
 
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
Scott Sutherland
 
Project 1CST630 Project ChecklistStudent Name DateNote This che
Project 1CST630 Project ChecklistStudent Name DateNote This cheProject 1CST630 Project ChecklistStudent Name DateNote This che
Project 1CST630 Project ChecklistStudent Name DateNote This che
davieec5f
 
spamzombieppt
spamzombiepptspamzombieppt
spamzombiepptkajol agarwal
 
[Document Title][Type text][Type text][Type text]Febru.docx
[Document Title][Type text][Type text][Type text]Febru.docx[Document Title][Type text][Type text][Type text]Febru.docx
[Document Title][Type text][Type text][Type text]Febru.docx
danielfoster65629
 
Sec 572 Education Specialist-snaptutorial.com
Sec 572 Education Specialist-snaptutorial.comSec 572 Education Specialist-snaptutorial.com
Sec 572 Education Specialist-snaptutorial.com
robertlesew79
 
Sec 572 Education Organization / snaptutorial.com
Sec 572 Education Organization / snaptutorial.comSec 572 Education Organization / snaptutorial.com
Sec 572 Education Organization / snaptutorial.com
Baileya109
 
SEC 572 Inspiring Innovation / tutorialrank.com
SEC 572 Inspiring Innovation / tutorialrank.comSEC 572 Inspiring Innovation / tutorialrank.com
SEC 572 Inspiring Innovation / tutorialrank.com
Bromleyz38
 
1 SDEV 460 – Homework 4 Input Validation and Busine
1 SDEV 460 – Homework 4 Input Validation and Busine1 SDEV 460 – Homework 4 Input Validation and Busine
1 SDEV 460 – Homework 4 Input Validation and Busine
VannaJoy20
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
Rapid7
 
Cst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.comCst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.com
PrescottLunt385
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.com
agathachristie266
 
CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.com
agathachristie113
 
CST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comCST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.com
VSNaipaul15
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.com
KeatonJennings104
 
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12
Laura Arrigo
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident response
persons20ar
 
DIY guide to runbooks, incident reports, and incident response
DIY guide to runbooks, incident reports, and incident responseDIY guide to runbooks, incident reports, and incident response
DIY guide to runbooks, incident reports, and incident response
Nathan Case
 
Resources Assigned readings, ERRs, the Internet,and other resources.docx
Resources Assigned readings, ERRs, the Internet,and other resources.docxResources Assigned readings, ERRs, the Internet,and other resources.docx
Resources Assigned readings, ERRs, the Internet,and other resources.docx
karlhennesey
 
Resource Review Documenting the Face of America Roy Stryker and.docx
Resource Review Documenting the Face of America Roy Stryker and.docxResource Review Documenting the Face of America Roy Stryker and.docx
Resource Review Documenting the Face of America Roy Stryker and.docx
karlhennesey
 

More Related Content

Similar to PENETRATION TESTING METHODOLOGY PROJECT TEMPLATE .docx

Review the steps found in business process engineering. Review the.docx
Review the steps found in business process engineering. Review the.docxReview the steps found in business process engineering. Review the.docx
Review the steps found in business process engineering. Review the.docx
joellemurphey
 
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
MohamedOmerMusa
 
Formative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksFormative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering Attacks
DamaineFranklinMScBE
 
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
Scott Sutherland
 
Project 1CST630 Project ChecklistStudent Name DateNote This che
Project 1CST630 Project ChecklistStudent Name DateNote This cheProject 1CST630 Project ChecklistStudent Name DateNote This che
Project 1CST630 Project ChecklistStudent Name DateNote This che
davieec5f
 
[Document Title][Type text][Type text][Type text]Febru.docx
[Document Title][Type text][Type text][Type text]Febru.docx[Document Title][Type text][Type text][Type text]Febru.docx
[Document Title][Type text][Type text][Type text]Febru.docx
danielfoster65629
 
Sec 572 Education Specialist-snaptutorial.com
Sec 572 Education Specialist-snaptutorial.comSec 572 Education Specialist-snaptutorial.com
Sec 572 Education Specialist-snaptutorial.com
robertlesew79
 
Sec 572 Education Organization / snaptutorial.com
Sec 572 Education Organization / snaptutorial.comSec 572 Education Organization / snaptutorial.com
Sec 572 Education Organization / snaptutorial.com
Baileya109
 
SEC 572 Inspiring Innovation / tutorialrank.com
SEC 572 Inspiring Innovation / tutorialrank.comSEC 572 Inspiring Innovation / tutorialrank.com
SEC 572 Inspiring Innovation / tutorialrank.com
Bromleyz38
 
1 SDEV 460 – Homework 4 Input Validation and Busine
1 SDEV 460 – Homework 4 Input Validation and Busine1 SDEV 460 – Homework 4 Input Validation and Busine
1 SDEV 460 – Homework 4 Input Validation and Busine
VannaJoy20
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
Rapid7
 
Cst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.comCst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.com
PrescottLunt385
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.com
agathachristie266
 
CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.com
agathachristie113
 
CST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comCST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.com
VSNaipaul15
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.com
KeatonJennings104
 
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12
Laura Arrigo
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident response
persons20ar
 
DIY guide to runbooks, incident reports, and incident response
DIY guide to runbooks, incident reports, and incident responseDIY guide to runbooks, incident reports, and incident response
DIY guide to runbooks, incident reports, and incident response
Nathan Case
 

Similar to PENETRATION TESTING METHODOLOGY PROJECT TEMPLATE .docx (20)

Review the steps found in business process engineering. Review the.docx
Review the steps found in business process engineering. Review the.docxReview the steps found in business process engineering. Review the.docx
Review the steps found in business process engineering. Review the.docx
 
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
 
Formative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksFormative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering Attacks
 
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
 
Project 1CST630 Project ChecklistStudent Name DateNote This che
Project 1CST630 Project ChecklistStudent Name DateNote This cheProject 1CST630 Project ChecklistStudent Name DateNote This che
Project 1CST630 Project ChecklistStudent Name DateNote This che
 
spamzombieppt
spamzombiepptspamzombieppt
spamzombieppt
 
[Document Title][Type text][Type text][Type text]Febru.docx
[Document Title][Type text][Type text][Type text]Febru.docx[Document Title][Type text][Type text][Type text]Febru.docx
[Document Title][Type text][Type text][Type text]Febru.docx
 
Sec 572 Education Specialist-snaptutorial.com
Sec 572 Education Specialist-snaptutorial.comSec 572 Education Specialist-snaptutorial.com
Sec 572 Education Specialist-snaptutorial.com
 
Sec 572 Education Organization / snaptutorial.com
Sec 572 Education Organization / snaptutorial.comSec 572 Education Organization / snaptutorial.com
Sec 572 Education Organization / snaptutorial.com
 
SEC 572 Inspiring Innovation / tutorialrank.com
SEC 572 Inspiring Innovation / tutorialrank.comSEC 572 Inspiring Innovation / tutorialrank.com
SEC 572 Inspiring Innovation / tutorialrank.com
 
1 SDEV 460 – Homework 4 Input Validation and Busine
1 SDEV 460 – Homework 4 Input Validation and Busine1 SDEV 460 – Homework 4 Input Validation and Busine
1 SDEV 460 – Homework 4 Input Validation and Busine
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
 
Cst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.comCst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.com
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.com
 
CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.com
 
CST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comCST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.com
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.com
 
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident response
 
DIY guide to runbooks, incident reports, and incident response
DIY guide to runbooks, incident reports, and incident responseDIY guide to runbooks, incident reports, and incident response
DIY guide to runbooks, incident reports, and incident response
 

More from karlhennesey

Resources Assigned readings, ERRs, the Internet,and other resources.docx
Resources Assigned readings, ERRs, the Internet,and other resources.docxResources Assigned readings, ERRs, the Internet,and other resources.docx
Resources Assigned readings, ERRs, the Internet,and other resources.docx
karlhennesey
 
Resource Review Documenting the Face of America Roy Stryker and.docx
Resource Review Documenting the Face of America Roy Stryker and.docxResource Review Documenting the Face of America Roy Stryker and.docx
Resource Review Documenting the Face of America Roy Stryker and.docx
karlhennesey
 
Resource Review Thelma Golden--How Art Gives Shape to Cultural C.docx
Resource Review Thelma Golden--How Art Gives Shape to Cultural C.docxResource Review Thelma Golden--How Art Gives Shape to Cultural C.docx
Resource Review Thelma Golden--How Art Gives Shape to Cultural C.docx
karlhennesey
 
Resource Review Representational Cityscape, and Ch. 3 of Oxfo.docx
Resource Review Representational Cityscape, and Ch. 3 of Oxfo.docxResource Review Representational Cityscape, and Ch. 3 of Oxfo.docx
Resource Review Representational Cityscape, and Ch. 3 of Oxfo.docx
karlhennesey
 
Resource Part 2 of Terrorism TodayYou work on a national se.docx
Resource Part 2 of Terrorism TodayYou work on a national se.docxResource Part 2 of Terrorism TodayYou work on a national se.docx
Resource Part 2 of Terrorism TodayYou work on a national se.docx
karlhennesey
 
Resources Appendix A, The Home Depot, Inc. Annual Report in Fun.docx
Resources Appendix A, The Home Depot, Inc. Annual Report in Fun.docxResources Appendix A, The Home Depot, Inc. Annual Report in Fun.docx
Resources Appendix A, The Home Depot, Inc. Annual Report in Fun.docx
karlhennesey
 
Resources Annotated Bibliography document. Research five websites t.docx
Resources Annotated Bibliography document. Research five websites t.docxResources Annotated Bibliography document. Research five websites t.docx
Resources Annotated Bibliography document. Research five websites t.docx
karlhennesey
 
Resources American History, Primary Source Investigator;Cente.docx
Resources American History, Primary Source Investigator;Cente.docxResources American History, Primary Source Investigator;Cente.docx
Resources American History, Primary Source Investigator;Cente.docx
karlhennesey
 
Resource University of Phoenix Material Data SetDownload the.docx
Resource University of Phoenix Material Data SetDownload the.docxResource University of Phoenix Material Data SetDownload the.docx
Resource University of Phoenix Material Data SetDownload the.docx
karlhennesey
 
Resource Ch. 6 & 7 of Financial AccountingComplete Brief Ex.docx
Resource Ch. 6 & 7 of Financial AccountingComplete Brief Ex.docxResource Ch. 6 & 7 of Financial AccountingComplete Brief Ex.docx
Resource Ch. 6 & 7 of Financial AccountingComplete Brief Ex.docx
karlhennesey
 
Resource Films on DemandCrime and Punishment”Experiment Res.docx
Resource Films on DemandCrime and Punishment”Experiment Res.docxResource Films on DemandCrime and Punishment”Experiment Res.docx
Resource Films on DemandCrime and Punishment”Experiment Res.docx
karlhennesey
 
Resource Managing Environmental Issues Simulation(or research a.docx
Resource Managing Environmental Issues Simulation(or research a.docxResource Managing Environmental Issues Simulation(or research a.docx
Resource Managing Environmental Issues Simulation(or research a.docx
karlhennesey
 
Resource Ch. 9 of Introduction to Business Create a 5-to-7 slide .docx
Resource Ch. 9 of Introduction to Business Create a 5-to-7 slide .docxResource Ch. 9 of Introduction to Business Create a 5-to-7 slide .docx
Resource Ch. 9 of Introduction to Business Create a 5-to-7 slide .docx
karlhennesey
 
Resource Ch. 9 of Introduction to Business Complete the table in .docx
Resource Ch. 9 of Introduction to Business Complete the table in .docxResource Ch. 9 of Introduction to Business Complete the table in .docx
Resource Ch. 9 of Introduction to Business Complete the table in .docx
karlhennesey
 
Resource Ch. 3 of ManagementIdentify a time in your life wh.docx
Resource Ch. 3 of ManagementIdentify a time in your life wh.docxResource Ch. 3 of ManagementIdentify a time in your life wh.docx
Resource Ch. 3 of ManagementIdentify a time in your life wh.docx
karlhennesey
 
Resource Significant Health Care Event Paper Grading Criteria.docx
Resource Significant Health Care Event Paper Grading Criteria.docxResource Significant Health Care Event Paper Grading Criteria.docx
Resource Significant Health Care Event Paper Grading Criteria.docx
karlhennesey
 
Resource Ch. 3 of Financial AccountingComplete Exercises E3.docx
Resource Ch. 3 of Financial AccountingComplete Exercises E3.docxResource Ch. 3 of Financial AccountingComplete Exercises E3.docx
Resource Ch. 3 of Financial AccountingComplete Exercises E3.docx
karlhennesey
 
Resource University of Phoenix Material Appendix AIdentify.docx
Resource University of Phoenix Material Appendix AIdentify.docxResource University of Phoenix Material Appendix AIdentify.docx
Resource University of Phoenix Material Appendix AIdentify.docx
karlhennesey
 
Resource The Threat of Bioterrorism VideoWrite a 700 to 850-w.docx
Resource The Threat of Bioterrorism VideoWrite a 700 to 850-w.docxResource The Threat of Bioterrorism VideoWrite a 700 to 850-w.docx
Resource The Threat of Bioterrorism VideoWrite a 700 to 850-w.docx
karlhennesey
 
Resource Ch. 14 of Introduction to Psychology Create an 8 to 12 s.docx
Resource Ch. 14 of Introduction to Psychology Create an 8 to 12 s.docxResource Ch. 14 of Introduction to Psychology Create an 8 to 12 s.docx
Resource Ch. 14 of Introduction to Psychology Create an 8 to 12 s.docx
karlhennesey
 

More from karlhennesey (20)

Resources Assigned readings, ERRs, the Internet,and other resources.docx
Resources Assigned readings, ERRs, the Internet,and other resources.docxResources Assigned readings, ERRs, the Internet,and other resources.docx
Resources Assigned readings, ERRs, the Internet,and other resources.docx
 
Resource Review Documenting the Face of America Roy Stryker and.docx
Resource Review Documenting the Face of America Roy Stryker and.docxResource Review Documenting the Face of America Roy Stryker and.docx
Resource Review Documenting the Face of America Roy Stryker and.docx
 
Resource Review Thelma Golden--How Art Gives Shape to Cultural C.docx
Resource Review Thelma Golden--How Art Gives Shape to Cultural C.docxResource Review Thelma Golden--How Art Gives Shape to Cultural C.docx
Resource Review Thelma Golden--How Art Gives Shape to Cultural C.docx
 
Resource Review Representational Cityscape, and Ch. 3 of Oxfo.docx
Resource Review Representational Cityscape, and Ch. 3 of Oxfo.docxResource Review Representational Cityscape, and Ch. 3 of Oxfo.docx
Resource Review Representational Cityscape, and Ch. 3 of Oxfo.docx
 
Resource Part 2 of Terrorism TodayYou work on a national se.docx
Resource Part 2 of Terrorism TodayYou work on a national se.docxResource Part 2 of Terrorism TodayYou work on a national se.docx
Resource Part 2 of Terrorism TodayYou work on a national se.docx
 
Resources Appendix A, The Home Depot, Inc. Annual Report in Fun.docx
Resources Appendix A, The Home Depot, Inc. Annual Report in Fun.docxResources Appendix A, The Home Depot, Inc. Annual Report in Fun.docx
Resources Appendix A, The Home Depot, Inc. Annual Report in Fun.docx
 
Resources Annotated Bibliography document. Research five websites t.docx
Resources Annotated Bibliography document. Research five websites t.docxResources Annotated Bibliography document. Research five websites t.docx
Resources Annotated Bibliography document. Research five websites t.docx
 
Resources American History, Primary Source Investigator;Cente.docx
Resources American History, Primary Source Investigator;Cente.docxResources American History, Primary Source Investigator;Cente.docx
Resources American History, Primary Source Investigator;Cente.docx
 
Resource University of Phoenix Material Data SetDownload the.docx
Resource University of Phoenix Material Data SetDownload the.docxResource University of Phoenix Material Data SetDownload the.docx
Resource University of Phoenix Material Data SetDownload the.docx
 
Resource Ch. 6 & 7 of Financial AccountingComplete Brief Ex.docx
Resource Ch. 6 & 7 of Financial AccountingComplete Brief Ex.docxResource Ch. 6 & 7 of Financial AccountingComplete Brief Ex.docx
Resource Ch. 6 & 7 of Financial AccountingComplete Brief Ex.docx
 
Resource Films on DemandCrime and Punishment”Experiment Res.docx
Resource Films on DemandCrime and Punishment”Experiment Res.docxResource Films on DemandCrime and Punishment”Experiment Res.docx
Resource Films on DemandCrime and Punishment”Experiment Res.docx
 
Resource Managing Environmental Issues Simulation(or research a.docx
Resource Managing Environmental Issues Simulation(or research a.docxResource Managing Environmental Issues Simulation(or research a.docx
Resource Managing Environmental Issues Simulation(or research a.docx
 
Resource Ch. 9 of Introduction to Business Create a 5-to-7 slide .docx
Resource Ch. 9 of Introduction to Business Create a 5-to-7 slide .docxResource Ch. 9 of Introduction to Business Create a 5-to-7 slide .docx
Resource Ch. 9 of Introduction to Business Create a 5-to-7 slide .docx
 
Resource Ch. 9 of Introduction to Business Complete the table in .docx
Resource Ch. 9 of Introduction to Business Complete the table in .docxResource Ch. 9 of Introduction to Business Complete the table in .docx
Resource Ch. 9 of Introduction to Business Complete the table in .docx
 
Resource Ch. 3 of ManagementIdentify a time in your life wh.docx
Resource Ch. 3 of ManagementIdentify a time in your life wh.docxResource Ch. 3 of ManagementIdentify a time in your life wh.docx
Resource Ch. 3 of ManagementIdentify a time in your life wh.docx
 
Resource Significant Health Care Event Paper Grading Criteria.docx
Resource Significant Health Care Event Paper Grading Criteria.docxResource Significant Health Care Event Paper Grading Criteria.docx
Resource Significant Health Care Event Paper Grading Criteria.docx
 
Resource Ch. 3 of Financial AccountingComplete Exercises E3.docx
Resource Ch. 3 of Financial AccountingComplete Exercises E3.docxResource Ch. 3 of Financial AccountingComplete Exercises E3.docx
Resource Ch. 3 of Financial AccountingComplete Exercises E3.docx
 
Resource University of Phoenix Material Appendix AIdentify.docx
Resource University of Phoenix Material Appendix AIdentify.docxResource University of Phoenix Material Appendix AIdentify.docx
Resource University of Phoenix Material Appendix AIdentify.docx
 
Resource The Threat of Bioterrorism VideoWrite a 700 to 850-w.docx
Resource The Threat of Bioterrorism VideoWrite a 700 to 850-w.docxResource The Threat of Bioterrorism VideoWrite a 700 to 850-w.docx
Resource The Threat of Bioterrorism VideoWrite a 700 to 850-w.docx
 
Resource Ch. 14 of Introduction to Psychology Create an 8 to 12 s.docx
Resource Ch. 14 of Introduction to Psychology Create an 8 to 12 s.docxResource Ch. 14 of Introduction to Psychology Create an 8 to 12 s.docx
Resource Ch. 14 of Introduction to Psychology Create an 8 to 12 s.docx
 

Recently uploaded

The Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptxThe Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptx
DhatriParmar
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
Pavel ( NSTU)
 
Francesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptxFrancesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptx
EduSkills OECD
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
Scholarhat
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
EverAndrsGuerraGuerr
 
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfWelcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
TechSoup
 
Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
Vikramjit Singh
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
heathfieldcps1
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
Balvir Singh
 
Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
vaibhavrinwa19
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
Thiyagu K
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
Celine George
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
TechSoup
 
Normal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of LabourNormal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of Labour
Wasim Ak
 
Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.
Atul Kumar Singh
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
MysoreMuleSoftMeetup
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
Levi Shapiro
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
DeeptiGupta154
 
Chapter -12, Antibiotics (One Page Notes).pdf
Chapter -12, Antibiotics (One Page Notes).pdfChapter -12, Antibiotics (One Page Notes).pdf
Chapter -12, Antibiotics (One Page Notes).pdf
Kartik Tiwari
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
camakaiclarkmusic
 

Recently uploaded (20)

The Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptxThe Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptx
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
 
Francesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptxFrancesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptx
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
 
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfWelcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
 
Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
 
Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
 
Normal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of LabourNormal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of Labour
 
Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
 
Chapter -12, Antibiotics (One Page Notes).pdf
Chapter -12, Antibiotics (One Page Notes).pdfChapter -12, Antibiotics (One Page Notes).pdf
Chapter -12, Antibiotics (One Page Notes).pdf
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
 

PENETRATION TESTING METHODOLOGY PROJECT TEMPLATE .docx

  • 1. PENETRATION TESTING METHODOLOGY PROJECT TEMPLATE 14 Penetration Testing Methodology Project Template ISTXXXX Your Name Running Head: Penetration Testing Methodology Project Template 1 Table of Contents Phase I: Planning and Preparation X Phase II: Assessment X Information Gathering X Network Mapping X Vulnerability Analysis X Penetration Testing X Phase III: Closing Activities X Reporting X Follow-on Actions X Archiving X Reference X Appendix X
  • 2. Example: Test Outputs X Example: Vulnerability Scan Reports X Example: Analysis Metrics from Tools X Example: Presentations X Example: Screenshots of Systems X Example: Screenshots of Commands X Example: Contractual Agreement X Example: Service Level Agreement X Example: Invoice X Example: Non-disclosure Agreement X List of Tables and Figures Figure 1. Example: ScopeX Figure 2. Example: Deliverables X Give a brief summary, one page or less, of what you believe the purpose of this penetration test to be, what methodologies are appropriate, provide a statement of purpose. A virtual scenario has been provided for completion of this project. That said, Wilmington University is an institute of higher learning. As such, research is highly encouraged and rewarded. You have the option, with prior approval, to conduct penetration tests on personally owned systems such as Boxee Boxes, internet connected televisions/refrigerators, MySQL, etc. Phase I: Planning and Preparation This is arguably the most important part of a penetration testing project. The logistical work done during this phase makes it possible to execute a successful penetration test. The origins of all problems experienced during the other two phases can usually be tracked back to a lack of planning during this phase. This phase concludes with an assessment agreement.
  • 3. Background Give the penetration test context. Provide answers to these questions such as: (a) What kind of company is this?, (b) What services are they requesting?, (c) Why is the company requesting the services?, and (d) Does the requestor have the authority to make the request? Assessment Agreement The assessment agreement will include: 1. Scope: a. Rules of Engagement i. Internal, external, or both approach. ii. White, gray, or black box approach. iii. Announced, unannounced. iv. Passive recon, active recon. b. What will be tested? (Telephony, network, database, wireless (keyboard, mouse, Bluetooth, Zigbee), applications, web server, email servers, VPN, data leakage protection, VoIP, physical, DMZ, IDS, firewall, router, switch.) c. What will it be tested with? (BackTrack, Metasploit, Canvas Immunity, personally developed code, low orbit internet cannon, etc.) d. How? (Trojan, social engineering, denial-of-service, stealing/breaking and entering, viruses, wardialing.) *Use the Scope tables provided below as an example for logically organizing your information. Penetration Testing Scope In Scope Out of Scope 1. 2. 3. 4. 5. 1. 2. 3.
  • 4. 4. 5. Figure 1. Penetration Tests Scope. Penetration Testing Tools Scope In Scope Out of Scope 1. 2. 3. 4. 5. 1. 2. 3. 4. 5. Figure 2. Penetration Testing Tools Scope. 2. Deliverables: Deliverable Description Acceptance Criteria Presentation Electronic Document As defined in scope, vetted by Team Lead, approved by Project Manager Report Electronic Document & Presentation As defined in scope, vetted by Team Lead, approved by Project Manager Etc. Etc. Etc. Figure 3. Deliverables.
  • 5. 3. Team Members: Penetration Team Project Members Role Responsibility Description Project Manager Harcourt, Thomas – Manage team, ultimately responsible for success of project. Project Sponsor Valasquez, Juan – Handles escalated personnel issues, represents project and team to third parties. Team Members Last name, First, etc, - All act in penetration test engineer capacities. Stakeholders Company name, CIO, Department Heads, IT employees, etc. Etc. Etc. Figure 4. Team Members. Penetration Testing Team Members Engineer Specialty Duty Email Phone Number Alternate Harcourt, Thomas Project Management, Wireless Penetration Project Manager [email protected]
  • 6. 1-800-943-2257 x142 Rivera, Jorge Smith, Andrew Database, Email, Web Server Penetration Engineer [email protected] 1-800-943-2257 x138 Mutton, Scott Etc. Etc. Etc Etc. Etc. Etc. Etc. Etc. Etc Etc. Etc. Etc. Etc. Etc. Etc Etc. Etc. Etc. Etc. Etc. Etc Etc. Etc. Etc. Etc. Etc. Etc Etc.
  • 7. Etc. Etc. Etc. Etc. Etc Etc. Etc. Etc. Etc. Etc. Etc Etc. Etc. Etc. Figure 5. Penetration Testing Team Members. 4. What is the escalation path for problems? (For example: What will you do if the owner asks you break into his wife’s personal email because he believes she is cheating on him, you discover child pornography, etc?) 5. Each department needs a point of contact. (For example, Network Administration, Server Administration, Client Administration, Help Desk, Network Security, Quality Assurance, Development, etc.) 6. Date/Time of Test. (Perhaps only weekends are acceptable or only early morning hours, etc.) 7. Miscellaneous Points of Contact: a. Law Enforcement (City, State, County) b. Internet Service Provider c. Consultants d. Subject Matter Experts e. Lawyers 8. Retest Policy. 9. Working conditions. (For example: (a) Where will you work from?, (b) What will you work with?, and (c) What do you require? 10. Non-disclosure Agreement.
  • 8. 11. Liability Insurance or Approval in Writing (For example: (a) Why do you need it? (b) Where do you find it?) 12. Contractual Constraints (For example: (a) Don’t denial of service servers because we have customers who will sue us., (b) Don’t transfer data., and (c) Don’t route attack traffic out of the country and back.) 13. Legal Issues – If illegal activity is found such as child porn then we will do what? 14. Quality Assurance – How? (For example: Is there a senior rater? Are double tests performed?) Phase II: Assessment Provide a brief description of what will occur during this phase. For example: This is the phase where you will implement your plan. You will gather data about your intended target and infer enough information so you have the knowledge you need to pursue a penetration test. This phase has four sections: Information Gathering, Network Mapping, Vulnerability Analysis, Penetration Testing. 1. Information Gathering There are many methods of gathering information on your company, as discussed during the planning phase. You should have already identified the information gathering techniques in scope of your work during the planning phase. Now it’s time to execute your information gathering techniques. Explain the difference between active and passive gathering. Categorize your work into two sections, active or passive gathering. A block of words is provided below to jog your mind: DNS/WHOIS, search engines, website (wget), Chamber of Commerce, company reviews, Google Maps, Facebook/MySpace/Twitter/YouTube, Internet Archive, job postings, key people, web addresses, servers OSs, locations of servers, web links, web server directory tree, enumerate services running on server and list, encryption standards (SSL, TLS, etc), form fields, web code/language, variables, meta tag info. 2. Network Mapping
  • 9. This section is where we compile a list of devices and their locations on the network, also known as foot printing the network. It can be broken down into two sections, internal and external. A list of devices should be provided with as much information as possible. Rack and stack the devices for targeting. A block of words is provided below to jog your mind: Live hosts, open/closed ports, services, perimeter devices, firewalls, routers, DMZs, operating systems, purpose of device, banner page, error pages, topological map, IP block, DNS registry information, ISP, tracert. 3. Vulnerability Analysis Specific targets have been identified. You’ve racked and stacked. It’s time to focus on your targets. List them here and explain why you’ve chosen them. Follow these steps below: a. Identify vulnerable services/OSs/coding language(s)/form input(s): b. Search for known vulnerabilities for each OS, service, etc, and list them: (CVE, CERT, NVD, etc.) c. Reprioritize rack and stack list. Classify list by likelihood of success. d. Create attack scenario. Tease out idea by drawing it on paper first. Provide a step-by-step with an accompanying descriptive paragraph detailing your thoughts. IMPORTANT: Verify your attack scenario is within scope. If it’s not, don’t do it. You could experience legal complications. 4. Penetration Testing This is the actual test. You are executing your attack scenario. Follow these steps: a. Find/develop your exploits for the vulnerabilities you identified, give a brief description of each, describe the dangers of using a second party exploit: (M1lW0rm, Metasploit, etc.) Vulnerability/Exploit Rack and Stack System Vulnerabilities
  • 10. Exploits Exploit Description Exploit Source Ranking b. Use tool/code, verify success or failure to access. c. For each successful exploit list the system exploited, vulnerability, exploit used, paths, commands, impact on device. Provide screenshots, copies of file(s), intimate knowledge of system to prove claim. d. Hot wash. For each failure make a speculation of what the issues could be. For example, is the exploit being used against a slightly newer version of the system and, therefore, no longer effective? Phase III: Closing Activities The previous two phases were for your benefit as a penetration tester. There was an initial interface with the business in order to agree on the terms and then you planned and conducted a
  • 11. penetration test. This is the phase where you communicate your findings to the business. 1. Reporting It is extremely important you reiterate in a clear and concise way that you’ve done what you said you would do. Provide a brief PowerPoint slide for each audience listed below. Use your judgment in determining what to include. Special note, this is also a pitch for further business. Market future services. a. Chief Information Officer/Director of Information Technology/Chief Security Officer/miscellaneous management: Example Management Summary: Scope, Tools, Exploits, Dates/Times, Verification, Residual Clean-up Actions Performed, Recommendations for Security Policy, Future Services (Post-Test Support, Countermeasures, Second Penetration Test, Training staff). b. IT Department Heads. Example: List systems found with accompanying specs and configurations, Vulnerabilities, Exploits, Dates/Times, Verification, Output of Tests, Post Clean-up Actions Performed, Recommendations, Post-testing. c. Technical Staff: server administrators, network administrators, client system administrators, etc. Example: Detail system exploited, date/time, output of tests, make specific recommendations that are actionable for the technicians such as fixing misconfigurations. 2. Follow-on Actions Describe what you’ve done in regards to follow-on actions. Follow-on actions include a discussion of cleaning up code, patching, wiping systems, notifying law enforcement and the ISP and stakeholders the penetration test is concluded, destroy network information gathering data and list of vulnerabilities and exploits and construct a lessons learned. The lessons learned should answer these, and other, questions: a. Were there any incidents, physical or cyber, with law enforcement, management, illegal activities found, pre-existing hacks already being exploited? b. How were they managed?
  • 12. c. Could they have been managed differently? 3. Archiving List what information you will keep, why you will keep it, what the legal ramifications/risks of keeping it are, where you will keep it, and how long will you keep it? How will you secure the data you do keep? (Encryption level, software, cloud-based and accessible from your smart phone, locally stored, backup, in your email, data integrity checks with hashes, data leakage protection measures, knowledge database) Reference Appendix