SlideShare a Scribd company logo

plan for penetration test

Download as DOCX, PDF
H
hetvi naik

The document outlines the methodology, engagement plan, identification plan, and action plan for an ethical hacking penetration test. The methodology to be used is the Penetration Testing Execution Standard (PTES) which includes 7 phases from initial communication through vulnerability analysis, exploitation, post-exploitation, and reporting. The engagement plan details preparing tools, deciding timelines and locations, and providing daily updates and a final report. The identification plan is to test 350 workstations, 27 servers, 50 networking devices, and a Microsoft Azure platform. The action plan has three steps - preparation with tools, contracts and permissions; testing through reconnaissance, scanning, access, and analysis; and final reporting.

Engineering
1 of 3
HETVI NAIK 101212340 Page | 1 ETHICAL HACKING ASSIGNMENT 1 By: HETVI NAIK 101212340
HETVI NAIK 101212340 Page | 2 1. PLAN AND TESTING METHODOLOGIES:  The testing methodology we are going to use is Penetration Testing Execution Standard (PTES) as it covers from initial communication and reasoning, through threat modeling, vulnerability, security to final reporting.  This test provides actual standard for business to have a raised bar of quality and gives better understanding of the services.  This test is divided in 7 phases: o Engagement interaction o Intelligence gathering o Threat modeling o Vulnerability analysis o Exploitation o Post-exploitation o Reporting  Tools used here are as follows: o Linux as virtual machine o IBM AppScan o SEBUG Vurl DB o Exploithub o Firewall 2. ENGAGEMENT PLAN:  The testers will prepare and gather the required tools, OS, and software to begin the penetration test.  The timesheet and location will be decided and provide to all the employees.  The submission of work on end of every day with short meetings will be done.  It will take 6 days to get the test done after 1st day used for proper tools and division of work.  If there is any vulnerability outside the original scope, then it will be resolved by additional support extending the hourly rate of workers.  Final reporting will be done on end of last day, where all the steps will be checked, and outputs will be given clearance. The post exploitation will tell the need of test to be done further or not.  Final report will be in 2 parts: executive as well as technical.
HETVI NAIK 101212340 Page | 3 3. IDENTIFICATION PLAN:  The main objective is to test in parts as: i. 350 workstations ii. 27 in-house servers iii. 50 networking devices iv. Microsoft azure platform  The test will be performed in range of IP assigned to each employee.  The permission will be taken from internet provider for testing at intervals.  All 27 in-house servers along with some hosted server in Microsoft azure platform will be tested.  The after-test announcement and repaired devices will be informed to workers and ISP as well. 4. ACTION PLAN:  The overall action plan here is: i. Preparation ii. Testing iii. Reporting  PREPARATION: o Service contract o Permission agreements o Memo permission from client o Tools and threats o Timesheet and division of work  TESTING: o Reconnaissance o Scanning o Gaining access o Maintaining o Analysis o Reporting

Recommended

Risk based software verification
Risk based software verificationRisk based software verification
Risk based software verificationcomplianceonline123
 
Zero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically GuaranteedZero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically GuaranteedAshley Zupkus
 
Towards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryTowards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryAshley Zupkus
 
Mathematically Guaranteeing Code Correctness with TrustInSoft
Mathematically Guaranteeing Code Correctness with TrustInSoftMathematically Guaranteeing Code Correctness with TrustInSoft
Mathematically Guaranteeing Code Correctness with TrustInSoftAshley Zupkus
 
o8 motivering
o8 motiveringo8 motivering
o8 motiveringADRYN MARITZ
 
Techlink_Velocity_Commercialization_v3
Techlink_Velocity_Commercialization_v3Techlink_Velocity_Commercialization_v3
Techlink_Velocity_Commercialization_v3Larry Zheng
 
ソフトウェア工学への招待 〜ソフトウェアの開発・利用を研究する〜
ソフトウェア工学への招待 〜ソフトウェアの開発・利用を研究する〜ソフトウェア工学への招待 〜ソフトウェアの開発・利用を研究する〜
ソフトウェア工学への招待 〜ソフトウェアの開発・利用を研究する〜Kyohei Fushida
 
Exam
ExamExam
ExamAlaaeldien Mohammed
 

Recommended

Risk based software verification
Risk based software verificationRisk based software verification
Risk based software verificationcomplianceonline123
 
Zero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically GuaranteedZero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically GuaranteedAshley Zupkus
 
Towards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryTowards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryAshley Zupkus
 
Mathematically Guaranteeing Code Correctness with TrustInSoft
Mathematically Guaranteeing Code Correctness with TrustInSoftMathematically Guaranteeing Code Correctness with TrustInSoft
Mathematically Guaranteeing Code Correctness with TrustInSoftAshley Zupkus
 
o8 motivering
o8 motiveringo8 motivering
o8 motiveringADRYN MARITZ
 
Techlink_Velocity_Commercialization_v3
Techlink_Velocity_Commercialization_v3Techlink_Velocity_Commercialization_v3
Techlink_Velocity_Commercialization_v3Larry Zheng
 
ソフトウェア工学への招待 〜ソフトウェアの開発・利用を研究する〜
ソフトウェア工学への招待 〜ソフトウェアの開発・利用を研究する〜ソフトウェア工学への招待 〜ソフトウェアの開発・利用を研究する〜
ソフトウェア工学への招待 〜ソフトウェアの開発・利用を研究する〜Kyohei Fushida
 
Exam
ExamExam
ExamAlaaeldien Mohammed
 
Software Outsourcing and New Model of Test Estimation for Agile Development
Software Outsourcing and New Model of Test Estimation for Agile Development Software Outsourcing and New Model of Test Estimation for Agile Development
Software Outsourcing and New Model of Test Estimation for Agile Development Masud Parvez
 
Using Control Charts for Detecting and Understanding Performance Regressions ...
Using Control Charts for Detecting and Understanding Performance Regressions ...Using Control Charts for Detecting and Understanding Performance Regressions ...
Using Control Charts for Detecting and Understanding Performance Regressions ...SAIL_QU
 
CCCAB - Making CABs life easy
CCCAB - Making CABs life easyCCCAB - Making CABs life easy
CCCAB - Making CABs life easyJavier Tallón
 
An Industrial Case Study of Automatically Identifying Performance Regression-...
An Industrial Case Study of Automatically Identifying Performance Regression-...An Industrial Case Study of Automatically Identifying Performance Regression-...
An Industrial Case Study of Automatically Identifying Performance Regression-...SAIL_QU
 
Software analysis
Software analysisSoftware analysis
Software analysisSabahtHussein
 
Resume_New
Resume_NewResume_New
Resume_NewPhilip Nielsen
 
National 5 Computing Science - Testing
National 5 Computing Science - TestingNational 5 Computing Science - Testing
National 5 Computing Science - TestingForrester High School
 
Key Findings from the 2019 State of DevOps Report
Key Findings from the 2019 State of DevOps ReportKey Findings from the 2019 State of DevOps Report
Key Findings from the 2019 State of DevOps ReportPuppet
 
Electronics&I ENGINEER(1)
Electronics&I ENGINEER(1)Electronics&I ENGINEER(1)
Electronics&I ENGINEER(1)RIZWAN MALLICK
 
Measurement and Metrics for Test Managers
Measurement and Metrics for Test ManagersMeasurement and Metrics for Test Managers
Measurement and Metrics for Test ManagersTechWell
 
ONLINE SOFTWERE AND HARDWER MANAGEMENT SYSTEM
ONLINE SOFTWERE AND HARDWER MANAGEMENT SYSTEMONLINE SOFTWERE AND HARDWER MANAGEMENT SYSTEM
ONLINE SOFTWERE AND HARDWER MANAGEMENT SYSTEMVikas Kumar
 
Calibration service
Calibration serviceCalibration service
Calibration servicesigmatest21
 
RBI for Power Generation
RBI for Power GenerationRBI for Power Generation
RBI for Power GenerationNikhil Kumar
 
Risk Based Design & SCE
Risk Based Design & SCERisk Based Design & SCE
Risk Based Design & SCEadepp
 
What is penetration testing and career path
What is penetration testing and career pathWhat is penetration testing and career path
What is penetration testing and career pathVikram Khanna
 
Reliable Relevant Metrics to the Right Audience - Manual Testing Whitepaper
Reliable Relevant Metrics to the Right Audience - Manual Testing WhitepaperReliable Relevant Metrics to the Right Audience - Manual Testing Whitepaper
Reliable Relevant Metrics to the Right Audience - Manual Testing WhitepaperIndium Software
 
Test Suite Reduction Based on Fault Detection with Cost Optimization
Test Suite Reduction Based on Fault Detection with Cost OptimizationTest Suite Reduction Based on Fault Detection with Cost Optimization
Test Suite Reduction Based on Fault Detection with Cost Optimizationijcoa
 
What is Test Matrix?
What is Test Matrix?What is Test Matrix?
What is Test Matrix?QA InfoTech
 
Automatic Load Test Verification Using Control Charts
Automatic Load Test Verification Using Control ChartsAutomatic Load Test Verification Using Control Charts
Automatic Load Test Verification Using Control ChartsSAIL_QU
 
Vinay Singh
Vinay SinghVinay Singh
Vinay SinghVinay Singh
 
Vinay Singh
Vinay SinghVinay Singh
Vinay SinghVinay Singh
 
Controlling interests editors
Controlling interests editorsControlling interests editors
Controlling interests editorseldhoev
 

More Related Content

What's hot

Software Outsourcing and New Model of Test Estimation for Agile Development
Software Outsourcing and New Model of Test Estimation for Agile Development Software Outsourcing and New Model of Test Estimation for Agile Development
Software Outsourcing and New Model of Test Estimation for Agile Development Masud Parvez
 
Using Control Charts for Detecting and Understanding Performance Regressions ...
Using Control Charts for Detecting and Understanding Performance Regressions ...Using Control Charts for Detecting and Understanding Performance Regressions ...
Using Control Charts for Detecting and Understanding Performance Regressions ...SAIL_QU
 
CCCAB - Making CABs life easy
CCCAB - Making CABs life easyCCCAB - Making CABs life easy
CCCAB - Making CABs life easyJavier Tallón
 
An Industrial Case Study of Automatically Identifying Performance Regression-...
An Industrial Case Study of Automatically Identifying Performance Regression-...An Industrial Case Study of Automatically Identifying Performance Regression-...
An Industrial Case Study of Automatically Identifying Performance Regression-...SAIL_QU
 
National 5 Computing Science - Testing
National 5 Computing Science - TestingNational 5 Computing Science - Testing
National 5 Computing Science - TestingForrester High School
 
Key Findings from the 2019 State of DevOps Report
Key Findings from the 2019 State of DevOps ReportKey Findings from the 2019 State of DevOps Report
Key Findings from the 2019 State of DevOps ReportPuppet
 
Electronics&I ENGINEER(1)
Electronics&I ENGINEER(1)Electronics&I ENGINEER(1)
Electronics&I ENGINEER(1)RIZWAN MALLICK
 
Measurement and Metrics for Test Managers
Measurement and Metrics for Test ManagersMeasurement and Metrics for Test Managers
Measurement and Metrics for Test ManagersTechWell
 
ONLINE SOFTWERE AND HARDWER MANAGEMENT SYSTEM
ONLINE SOFTWERE AND HARDWER MANAGEMENT SYSTEMONLINE SOFTWERE AND HARDWER MANAGEMENT SYSTEM
ONLINE SOFTWERE AND HARDWER MANAGEMENT SYSTEMVikas Kumar
 
Calibration service
Calibration serviceCalibration service
Calibration servicesigmatest21
 
RBI for Power Generation
RBI for Power GenerationRBI for Power Generation
RBI for Power GenerationNikhil Kumar
 
Risk Based Design & SCE
Risk Based Design & SCERisk Based Design & SCE
Risk Based Design & SCEadepp
 
What is penetration testing and career path
What is penetration testing and career pathWhat is penetration testing and career path
What is penetration testing and career pathVikram Khanna
 
Reliable Relevant Metrics to the Right Audience - Manual Testing Whitepaper
Reliable Relevant Metrics to the Right Audience - Manual Testing WhitepaperReliable Relevant Metrics to the Right Audience - Manual Testing Whitepaper
Reliable Relevant Metrics to the Right Audience - Manual Testing WhitepaperIndium Software
 
Test Suite Reduction Based on Fault Detection with Cost Optimization
Test Suite Reduction Based on Fault Detection with Cost OptimizationTest Suite Reduction Based on Fault Detection with Cost Optimization
Test Suite Reduction Based on Fault Detection with Cost Optimizationijcoa
 
What is Test Matrix?
What is Test Matrix?What is Test Matrix?
What is Test Matrix?QA InfoTech
 
Automatic Load Test Verification Using Control Charts
Automatic Load Test Verification Using Control ChartsAutomatic Load Test Verification Using Control Charts
Automatic Load Test Verification Using Control ChartsSAIL_QU
 

What's hot (19)

Software Outsourcing and New Model of Test Estimation for Agile Development
Software Outsourcing and New Model of Test Estimation for Agile Development Software Outsourcing and New Model of Test Estimation for Agile Development
Software Outsourcing and New Model of Test Estimation for Agile Development
 
Using Control Charts for Detecting and Understanding Performance Regressions ...
Using Control Charts for Detecting and Understanding Performance Regressions ...Using Control Charts for Detecting and Understanding Performance Regressions ...
Using Control Charts for Detecting and Understanding Performance Regressions ...
 
CCCAB - Making CABs life easy
CCCAB - Making CABs life easyCCCAB - Making CABs life easy
CCCAB - Making CABs life easy
 
An Industrial Case Study of Automatically Identifying Performance Regression-...
An Industrial Case Study of Automatically Identifying Performance Regression-...An Industrial Case Study of Automatically Identifying Performance Regression-...
An Industrial Case Study of Automatically Identifying Performance Regression-...
 
Software analysis
Software analysisSoftware analysis
Software analysis
 
Resume_New
Resume_NewResume_New
Resume_New
 
National 5 Computing Science - Testing
National 5 Computing Science - TestingNational 5 Computing Science - Testing
National 5 Computing Science - Testing
 
Key Findings from the 2019 State of DevOps Report
Key Findings from the 2019 State of DevOps ReportKey Findings from the 2019 State of DevOps Report
Key Findings from the 2019 State of DevOps Report
 
Electronics&I ENGINEER(1)
Electronics&I ENGINEER(1)Electronics&I ENGINEER(1)
Electronics&I ENGINEER(1)
 
Measurement and Metrics for Test Managers
Measurement and Metrics for Test ManagersMeasurement and Metrics for Test Managers
Measurement and Metrics for Test Managers
 
ONLINE SOFTWERE AND HARDWER MANAGEMENT SYSTEM
ONLINE SOFTWERE AND HARDWER MANAGEMENT SYSTEMONLINE SOFTWERE AND HARDWER MANAGEMENT SYSTEM
ONLINE SOFTWERE AND HARDWER MANAGEMENT SYSTEM
 
Calibration service
Calibration serviceCalibration service
Calibration service
 
RBI for Power Generation
RBI for Power GenerationRBI for Power Generation
RBI for Power Generation
 
Risk Based Design & SCE
Risk Based Design & SCERisk Based Design & SCE
Risk Based Design & SCE
 
What is penetration testing and career path
What is penetration testing and career pathWhat is penetration testing and career path
What is penetration testing and career path
 
Reliable Relevant Metrics to the Right Audience - Manual Testing Whitepaper
Reliable Relevant Metrics to the Right Audience - Manual Testing WhitepaperReliable Relevant Metrics to the Right Audience - Manual Testing Whitepaper
Reliable Relevant Metrics to the Right Audience - Manual Testing Whitepaper
 
Test Suite Reduction Based on Fault Detection with Cost Optimization
Test Suite Reduction Based on Fault Detection with Cost OptimizationTest Suite Reduction Based on Fault Detection with Cost Optimization
Test Suite Reduction Based on Fault Detection with Cost Optimization
 
What is Test Matrix?
What is Test Matrix?What is Test Matrix?
What is Test Matrix?
 
Automatic Load Test Verification Using Control Charts
Automatic Load Test Verification Using Control ChartsAutomatic Load Test Verification Using Control Charts
Automatic Load Test Verification Using Control Charts
 

Similar to plan for penetration test

Controlling interests editors
Controlling interests editorsControlling interests editors
Controlling interests editorseldhoev
 
Fundamentals_of_testing.pdf
Fundamentals_of_testing.pdfFundamentals_of_testing.pdf
Fundamentals_of_testing.pdfAndreeaDavid22
 
IT Services Management
IT Services ManagementIT Services Management
IT Services ManagementChetan Goenka
 
ITP-1 – Project CharterGroup 3 - The Project Management Masters .docx
ITP-1 – Project CharterGroup 3 - The Project Management Masters .docxITP-1 – Project CharterGroup 3 - The Project Management Masters .docx
ITP-1 – Project CharterGroup 3 - The Project Management Masters .docxpriestmanmable
 
Quality Assurance Guidelines for Mobile App Development
Quality Assurance Guidelines for Mobile App DevelopmentQuality Assurance Guidelines for Mobile App Development
Quality Assurance Guidelines for Mobile App DevelopmentMoqod
 
Quality Assurance Guidelines
Quality Assurance GuidelinesQuality Assurance Guidelines
Quality Assurance GuidelinesTim Stribos
 
IRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit FrameworkIRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit FrameworkIRJET Journal
 
Penetration testing using metasploit framework
Penetration testing using metasploit frameworkPenetration testing using metasploit framework
Penetration testing using metasploit frameworkPawanKesharwani
 
NSA Capstone Project III final pp
NSA Capstone Project III final ppNSA Capstone Project III final pp
NSA Capstone Project III final ppAlfonso Zamorano
 
Team 4, Team PMP”IT Installation of the Adelphi V.docx
Team 4, Team PMP”IT Installation of the Adelphi V.docxTeam 4, Team PMP”IT Installation of the Adelphi V.docx
Team 4, Team PMP”IT Installation of the Adelphi V.docxmattinsonjanel
 
Commissioning and Operations
Commissioning and OperationsCommissioning and Operations
Commissioning and OperationsAchal Gupta
 
V 2.0Project Scope StatementProject NameSpeakeasy Ho.docx
V 2.0Project Scope StatementProject NameSpeakeasy Ho.docxV 2.0Project Scope StatementProject NameSpeakeasy Ho.docx
V 2.0Project Scope StatementProject NameSpeakeasy Ho.docxdickonsondorris
 
Practical assessment 4 - Identify construction work hazards and select risk c...
Practical assessment 4 - Identify construction work hazards and select risk c...Practical assessment 4 - Identify construction work hazards and select risk c...
Practical assessment 4 - Identify construction work hazards and select risk c...Canberra Institute of technology
 

Similar to plan for penetration test (20)

Vinay Singh
Vinay SinghVinay Singh
Vinay Singh
 
Vinay Singh
Vinay SinghVinay Singh
Vinay Singh
 
Controlling interests editors
Controlling interests editorsControlling interests editors
Controlling interests editors
 
System implemantation
System implemantationSystem implemantation
System implemantation
 
Fundamentals_of_testing.pdf
Fundamentals_of_testing.pdfFundamentals_of_testing.pdf
Fundamentals_of_testing.pdf
 
Vandana B
Vandana BVandana B
Vandana B
 
IT Services Management
IT Services ManagementIT Services Management
IT Services Management
 
ITP-1 – Project CharterGroup 3 - The Project Management Masters .docx
ITP-1 – Project CharterGroup 3 - The Project Management Masters .docxITP-1 – Project CharterGroup 3 - The Project Management Masters .docx
ITP-1 – Project CharterGroup 3 - The Project Management Masters .docx
 
Quality Assurance Guidelines for Mobile App Development
Quality Assurance Guidelines for Mobile App DevelopmentQuality Assurance Guidelines for Mobile App Development
Quality Assurance Guidelines for Mobile App Development
 
Quality Assurance Guidelines
Quality Assurance GuidelinesQuality Assurance Guidelines
Quality Assurance Guidelines
 
IRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit FrameworkIRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit Framework
 
Penetration testing using metasploit framework
Penetration testing using metasploit frameworkPenetration testing using metasploit framework
Penetration testing using metasploit framework
 
NSA Capstone Project III final pp
NSA Capstone Project III final ppNSA Capstone Project III final pp
NSA Capstone Project III final pp
 
Team 4, Team PMP”IT Installation of the Adelphi V.docx
Team 4, Team PMP”IT Installation of the Adelphi V.docxTeam 4, Team PMP”IT Installation of the Adelphi V.docx
Team 4, Team PMP”IT Installation of the Adelphi V.docx
 
Cloud Testing Research
Cloud Testing ResearchCloud Testing Research
Cloud Testing Research
 
Commissioning and Operations
Commissioning and OperationsCommissioning and Operations
Commissioning and Operations
 
4. Assessment Practical.docx
4. Assessment Practical.docx4. Assessment Practical.docx
4. Assessment Practical.docx
 
V 2.0Project Scope StatementProject NameSpeakeasy Ho.docx
V 2.0Project Scope StatementProject NameSpeakeasy Ho.docxV 2.0Project Scope StatementProject NameSpeakeasy Ho.docx
V 2.0Project Scope StatementProject NameSpeakeasy Ho.docx
 
Practical assessment 4 - Identify construction work hazards and select risk c...
Practical assessment 4 - Identify construction work hazards and select risk c...Practical assessment 4 - Identify construction work hazards and select risk c...
Practical assessment 4 - Identify construction work hazards and select risk c...
 
T0 numtq0nje=
T0 numtq0nje=T0 numtq0nje=
T0 numtq0nje=
 

More from hetvi naik

Cleaning equipment
Cleaning equipmentCleaning equipment
Cleaning equipmenthetvi naik
 
disadvantages of learning foreign language
disadvantages of learning foreign languagedisadvantages of learning foreign language
disadvantages of learning foreign languagehetvi naik
 
Face detection and recognition report with pi in single poster
Face detection and recognition report with pi in single posterFace detection and recognition report with pi in single poster
Face detection and recognition report with pi in single posterhetvi naik
 
BMC report for face detection and recognition using pi-3
BMC report for face detection and recognition using pi-3BMC report for face detection and recognition using pi-3
BMC report for face detection and recognition using pi-3hetvi naik
 
Face detection and recognition report
Face detection and recognition reportFace detection and recognition report
Face detection and recognition reporthetvi naik
 
Face detection and recognition with pi
Face detection and recognition with piFace detection and recognition with pi
Face detection and recognition with pihetvi naik
 
Face recognition with pi
Face recognition with piFace recognition with pi
Face recognition with pihetvi naik
 
Wireless power transfer report
Wireless power transfer reportWireless power transfer report
Wireless power transfer reporthetvi naik
 
wireless power transfer
wireless power transferwireless power transfer
wireless power transferhetvi naik
 
Nb iot (naik hetvi)
Nb iot (naik hetvi)Nb iot (naik hetvi)
Nb iot (naik hetvi)hetvi naik
 
Region filling
Region fillingRegion filling
Region fillinghetvi naik
 
Number plate recogition
Number plate recogitionNumber plate recogition
Number plate recogitionhetvi naik
 

More from hetvi naik (16)

Final ppt g08
Final ppt g08Final ppt g08
Final ppt g08
 
Team black
Team blackTeam black
Team black
 
Cleaning equipment
Cleaning equipmentCleaning equipment
Cleaning equipment
 
disadvantages of learning foreign language
disadvantages of learning foreign languagedisadvantages of learning foreign language
disadvantages of learning foreign language
 
Face detection and recognition report with pi in single poster
Face detection and recognition report with pi in single posterFace detection and recognition report with pi in single poster
Face detection and recognition report with pi in single poster
 
BMC report for face detection and recognition using pi-3
BMC report for face detection and recognition using pi-3BMC report for face detection and recognition using pi-3
BMC report for face detection and recognition using pi-3
 
Face detection and recognition report
Face detection and recognition reportFace detection and recognition report
Face detection and recognition report
 
Face detection and recognition with pi
Face detection and recognition with piFace detection and recognition with pi
Face detection and recognition with pi
 
Face recognition with pi
Face recognition with piFace recognition with pi
Face recognition with pi
 
Wireless power transfer report
Wireless power transfer reportWireless power transfer report
Wireless power transfer report
 
wireless power transfer
wireless power transferwireless power transfer
wireless power transfer
 
Nb iot (naik hetvi)
Nb iot (naik hetvi)Nb iot (naik hetvi)
Nb iot (naik hetvi)
 
GRO n GO
GRO n GO GRO n GO
GRO n GO
 
AAA server
AAA serverAAA server
AAA server
 
Region filling
Region fillingRegion filling
Region filling
 
Number plate recogition
Number plate recogitionNumber plate recogition
Number plate recogition
 

Recently uploaded

the ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptxthe ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptxhumanexperienceaaa
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxupamatechverse
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...ranjana rawat
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSSIVASHANKAR N
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningmisbanausheenparvam
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxupamatechverse
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...srsj9000
 

Recently uploaded (20)

the ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptxthe ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptx
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learning
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
 

plan for penetration test

  • 1. HETVI NAIK 101212340 Page | 1 ETHICAL HACKING ASSIGNMENT 1 By: HETVI NAIK 101212340
  • 2. HETVI NAIK 101212340 Page | 2 1. PLAN AND TESTING METHODOLOGIES:  The testing methodology we are going to use is Penetration Testing Execution Standard (PTES) as it covers from initial communication and reasoning, through threat modeling, vulnerability, security to final reporting.  This test provides actual standard for business to have a raised bar of quality and gives better understanding of the services.  This test is divided in 7 phases: o Engagement interaction o Intelligence gathering o Threat modeling o Vulnerability analysis o Exploitation o Post-exploitation o Reporting  Tools used here are as follows: o Linux as virtual machine o IBM AppScan o SEBUG Vurl DB o Exploithub o Firewall 2. ENGAGEMENT PLAN:  The testers will prepare and gather the required tools, OS, and software to begin the penetration test.  The timesheet and location will be decided and provide to all the employees.  The submission of work on end of every day with short meetings will be done.  It will take 6 days to get the test done after 1st day used for proper tools and division of work.  If there is any vulnerability outside the original scope, then it will be resolved by additional support extending the hourly rate of workers.  Final reporting will be done on end of last day, where all the steps will be checked, and outputs will be given clearance. The post exploitation will tell the need of test to be done further or not.  Final report will be in 2 parts: executive as well as technical.
  • 3. HETVI NAIK 101212340 Page | 3 3. IDENTIFICATION PLAN:  The main objective is to test in parts as: i. 350 workstations ii. 27 in-house servers iii. 50 networking devices iv. Microsoft azure platform  The test will be performed in range of IP assigned to each employee.  The permission will be taken from internet provider for testing at intervals.  All 27 in-house servers along with some hosted server in Microsoft azure platform will be tested.  The after-test announcement and repaired devices will be informed to workers and ISP as well. 4. ACTION PLAN:  The overall action plan here is: i. Preparation ii. Testing iii. Reporting  PREPARATION: o Service contract o Permission agreements o Memo permission from client o Tools and threats o Timesheet and division of work  TESTING: o Reconnaissance o Scanning o Gaining access o Maintaining o Analysis o Reporting