Question

In: Computer Science

Plan your penetration testing processes for IMC and describe them in detail.

Plan your penetration testing processes for IMC and describe them in detail.

Solutions

Expert Solution

Penetration Teting:

It is also referred to as pen testing. It is a simulated cyber attack done on our systems to check for exploitable vulnerabilities. It is commonly used to augment a Web Application Firewall(WAF).

This helps to improve the WAF security policies and patch detected vulnerabilities.

Steps in penetration testing:

There are mainly 5 steps in pen testing. Lets see them in detail.

1) Planning and Reconnaissance:

  • In this we define the scope and goals of a test, which include the system and the testing methods to be used.
  • Gaining intelligence which include network and domain names to understand how a target works.

2) Scanning:

  • In this step we will understand how the target application will respond to various intrusion attempts. This is done using Static Analysis and Dynamic Analysis.
  • Static Analysis helps to estimate the way an application behaves while running.
  • Dynamic Analysis is more practical way of scanning. It inspects an application code in a running state.

3) Gaining access:

  • In this step some web application attacks such as SQL Injection, Cross-site scripting are simulated inorder to find the vulnerabilities of target application.
  • Vulnerabilities are exploited by using some methods like intercepting traffic, stealing data and escalating privileges.

4) Maintaining access:

  • In this stage, we will check whether vulnerability can be used to achieve a persistent presence in the exploited system.
  • Main purpose is to imitate persistent threats which remain in the system for long period.

5) Analysis:

  • At last we create a report detailing the results of penetration test which include,
  • Vulnerabilities that were exploited
  • Sensitive data accessed
  • Time the pen tester remain in the system undetected
  • By analysing these report necessary security actions are taken and vulnerabilities are avoided.

Penetration Testing Methods:

1) Blind Testing:

  • In Blind testing, tester is only given the name of the enterprise that’s being targeted.
  • This gives an idea about how an application assault would take place.

2) Double-Blind Testing:

  • In this kind of testing, there is no prior knowledge of simulated attack. It would be similar to real time scenario where an attack happens suddenly.

3) External testing:

  • It mainly targets the assets of company which are visible on the internet.
  • It include Domain Name Server(DNS), website, email etc.

4) Internal Testing:

  • In this type of testing, a tester with access to an application behind its firewall simulates an attack by a malicious insider.
  • A malicious insider can be an employee whose credentials were stolen due to a phishing attack

Related Solutions

You are hired as a penetration testing engineer at Ivy Medical Centre (IMC) located in Dandenong,...
You are hired as a penetration testing engineer at Ivy Medical Centre (IMC) located in Dandenong, Australia. The centre provides medical services mostly to pensioners, and KMC is determined to provide the highest security and privacy for their patients and visitors. On your arrival, you have learnt that IMC provides anonymous FTP access to their database to external members. In addition, you have learnt that many hospital staff members are not adequately trained in cybersecurity and often fall for victim...
The first and last sections of an IMC plan focus on __________
The first and last sections of an IMC plan focus on __________
Develop a Brand Communication/IMC Plan for a product of your choice.The product that you are choosing...
Develop a Brand Communication/IMC Plan for a product of your choice.The product that you are choosing should have a problem that could be solved by Advertising.
Principles of Cybersecurity Penetration testing is a very rewarding career in Cybersecurity. Companies contract penetration testers...
Principles of Cybersecurity Penetration testing is a very rewarding career in Cybersecurity. Companies contract penetration testers to find vulnerabilities and generate reports which can be used by the company's IT personnel to address vulnerabilities found during the pen test. The penetration tester has a huge resposibility because he/she has access to the network, network devices, servers, security devices such as firewalls, workstations, and the actual data. It is important that the penetration tester puts in writing what is going to...
Compare and contrast the processes of mitosis and meiosis. Describe the overall processes (not each detail)...
Compare and contrast the processes of mitosis and meiosis. Describe the overall processes (not each detail) and explain why each is important. Be sure to include what type of cell (diploid of haploid) each process starts with, in what location of the body it takes place, and the end result (what is produced)? Please note in a diagram or in words whether or not the beginning cell and the final cells contain sister chromatids and/or homologous chromosomes.
Please describe in detail your knowledge of electrical engineering? Please describe in detail your knowledge of...
Please describe in detail your knowledge of electrical engineering? Please describe in detail your knowledge of mechanical engineering? Please describe in detail your knowledge of computer software? What does customer service mean to you? What interests you most about this position? What are your career goals? Why are you looking for another job? What is your business travel tolerance? What has been your business travel levels in your past opportunities?
Please describe in detail your knowledge of electrical engineering? Please describe in detail your knowledge of...
Please describe in detail your knowledge of electrical engineering? Please describe in detail your knowledge of mechanical engineering? Please describe in detail your knowledge of computer software? What does customer service mean to you? What interests you most about this position? What are your career goals? Why are you looking for another job? What is your business travel tolerance? What has been your business travel levels in your past opportunities?
Analyze the system flowchart in Problem 8, and describe in detail the processes that are occurring.
Analyze the system flowchart in Problem 8, and describe in detail the processes that are occurring. 
A key role of penetration testing as used by IT security professionals is to identify system...
A key role of penetration testing as used by IT security professionals is to identify system weaknesses of various kinds. According, pen testing is an important method for protecting organizations from unwanted attacks or intrusions. Why is it important to understand the risks presented by weak physical security? How does defense in depth prevent attacks? What considerations inform decisions regarding which physical controls should be implemented and for what reasons?
describe HALT and HASS testing. what is the major difference between them ?
describe HALT and HASS testing. what is the major difference between them ?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT