Penetration Test plan
A table of contents: The scope of this Penetration test will include a fully intrusive without compromise attack and penetration test on the e-commerce web-based application server and cisco core backbone network that will be during the hours of 2:00am – 6:00am on Saturday and Sunday only. There will be no compromise on the extraction of information. A compromise can be involved only with Written Client Authorization Only. We will apply a full system backup prior to attack and penetration attack in the event of system malfunction or loss of data. This is subject to change at the Clients’ discretion.
Authorization letter: We at E-Commerce Emporia authorize Darren Flory, Jason Olea, and James Williams of Hackers United to administer an Intrusive attack and penetration test during the hours of 2:00am to 6:00am every Saturday and Sunday until all weaknesses and vulnerabilities are established, limited or eliminated. A full system backup will be initiated pre-test each week. Any system failure as a result of testing will be handled by E-Commerce Emporia with Hackers United assisting in the fixing of the potential problems that arose. 3. A list of client questions that you need to answer: When will this test take place?
How much will this affect my production processing? Can the test avoid certain systems? How does web penetration test different from network penetration test? Should we advise the IT staff of the test. 4. A test plan scope defining what is in scope and what is out of scope and why: The scope of this project is to perform a penetration test on the web-based application server, Cisco Core Backbone Network, and post penetration test assessment. All other aspects are considered out of scope. 5. Goals & objectives: To find as many known vulnerabilities that can be located in the NIST vulnerability database.
A successful test will be to find and document vulnerabilities and provide solutions to correct these issues. Special care will be taken to minimize any potential problems to the network or data. 6. Test plan tasks: 1. Authentication – Confirming the person is who they say they are. a. Authentication Bypass – Direct page request (forced browsing), Parameter Modification, Session ID Prediction, SQL Injection b. Poor Password Strength – Require strong passwords with special characters, run a test when the users are creating them 2. Authorization – Determining the level of access the user should have. a.
Privilege Escalation – Attempt to access roles the user should not be allowed to access to verify they are not able to. b. Forceful Browsing – Don’t use automated tools for common files and directory names. 3. Session Management a. Session Hijacking – Use a packet sniffer to look for these vulnerabilities b. Session Time out too long – how easy will it be for a hacker to swoop in before the session times out. 4. Input Validation a. Cross Site Scripting – Perform security review of the code, turn off HTTP trace support b. SQL Injection – adding a single quote (‘) or a semicolon (;) to see if it reports an error c.
Buffer Overflow – Use a language or compiler that performs automatic bounds checking. 5. Cryptography a. Weak SSL – Use nmap scanner or Nessus scanner b. Unencrypted Sensitive Data – see if the data can be read from outside the network 7. Test plan reporting: Will provide the result and finding form the NMAP, Nessus scans, Damn Vulnerable Web APP (DVWA), tcpdump, wireshark. We will include as many recommended fixes as possible with recommended adjustments to network or policy. 8. A project plan and test plan schedule: Testing will be conducted between 2:00am to 6:00am EST on Saturday and Sunday only.
Testing will take approximately 1 month. An additional month can be added if needed and is subject to Clients approval. Assessment Questions & Answers 1. The 5 steps of the hacking process are: a. Phase 1 – Reconnaissance b. Phase 2 – Scanning c. Phase 3 – Gaining Access d. Phase 4 – Maintaining Access e. Phase 5 – Covering Tracks 2. Hire White Hat Hackers to test your system and find exploits so that you can develop a plan to protect the system. 3. Wireshark, Nmap, NESSUS 4. A hacker could use something like email to get someone to send them their username or password just by asking for it in the email acting like they are an administrator.
Clean desk policies can help prevent issues with people leaving stuff on their desk. 6. He will cover their tracks by removing logs, leaving a backdoor for easier access. 7. Backdoor 8. It depends on the scope of the approved penetration test. 9. NIST Publication 800-115 10. Planning, Discovery, Attack, Reporting. 11. An internal penetration test would most closely match an attack by an organizations own employee. 12. A penetration tester should not compromise or access a system that is defined in the formal rules of engagement. 13.
A penetration test from an outside company without the knowledge of the IT staff would most closely match an outside attack on the company. 14. The Network Penetration testing is designed to detect vulnerabilities specifically in the network. Web Application penetration testing is designed to detect security vulnerabilities in the programming. 15. The Security Practitioner has set rules and parameters that they must follow that are agreed on. The malicious hacker does not have these rules and will exploit any system or resource to penetrate the systems.