Question

In: Computer Science

Imagine that you are the Information Security Officer (ISO) of your organization. Develop a plan to...

Imagine that you are the Information Security Officer (ISO) of your organization. Develop a plan to conduct a Web application penetration test on your network. Identify and explain all steps necessary to successfully complete the test.

Solutions

Expert Solution

Q Imagine that you are the Information Security Officer (ISO) of your organization. Develop a plan to conduct a Web application penetration test on your network. Identify and explain all steps necessary to successfully complete the test.

Ans: Before knowing the plan to conduct a web application for the penetration test , first let's know little about the penetration testing.Penetration testing is basically security exercise in that the cyber-security expert make an effort to find out the vulnerabilities and also exploit that vulnerabilities from the computer system. The purpose of this testing is to find out any weak spots in the system's from where the attacker can take the advantage.It is also called the pen test.Some of the types of the penetration testing(pen test) are as follows:

  • Open-box pen test.
  • Closed-box pen test.
  • External pen test .
  • Covert pen test.
  • Internal pen test .

After the test is completed than the WAF ( web application firewall) configurations an update to secure against the week spots that are discovered in the pen test.

Now let's see the steps and the plan that should develop  to conduct a Web application penetration test. The plan for the pen test is basically we define the scope and what the security measure that we taken that protect the system from the vulnerabilities.And the contest of the pen testing in the web application it is called the  web application firewall (WAF).

The following steps are involved in the penetration test. That are as follows:

1) Planning and investigation:This is the first step in the pen testing where the planning and the investigation are done.In this step we develop the plan and the  goals of a test , in this the system are addressed and the testing methods are used.In this step we also gather the intelligence to understand how the target basically work and the potential vulnerabilities.

2) Scanning : This is the second stage in the pen test in which we basically understand  how the target application will respond in the intrusion attempts.This is done by two methods:

a)Static analysis: This basically inspect the application’s code that how it behave while running.This scan the entire code in the single scan.

b) Dynamic analysis :This inspect the code while the  application’s code are in the running state.This provide the real time application of the system performance and this is more practical than the scanning.

3) Gaining Access: In this stage it basically uses the web application attacks, like the SQL injection ,backdoors and  cross-site scripting.And the tester try to find and exploit the vulnerabilities and also fine the causes of the damage.

4) Maintaining access: Basically the goal of this step is to see the vulnerability that can cause or exploit the system

5) Analysis : This is the last stage in which we find out the result of the penetration test that can be defined in the following points:

  • It specifies the vulnerabilities from where it can be exploited.
  • It will find out the sensitive data that was basically accessed.
  • It also find the amount of the time that the pen tester was able the  system basically undetected.

This all the information are analyzed by the security personnel that help to configure an enterprise’s web application firewall (WAP's) setting and the security solution for the application and also protect against future attacks.

THANKS , i think this will give you a better intuition about your question if you have any doubt feel free to ask in the comment section.


Related Solutions

Develop your Career Progression Plan Q1: Suppose you work as IT Officer in an organization, develop...
Develop your Career Progression Plan Q1: Suppose you work as IT Officer in an organization, develop your career plan, eveluate yourself according to your interest, ability, values, skills and personality. ( Not less than 500 words). No plagiaraism please, if so, no thumb up for the answer!
Develop your Career Progression Plan Q1: Suppose you work as IT Officer in an organization and...
Develop your Career Progression Plan Q1: Suppose you work as IT Officer in an organization and you want to move up higher position ( IT Director), develop your career progression plan, follow below stages of career planning. (800 words) Stages of Career Planning Self-Evaluation: learning about yourself. Exploration: learning about work opportunities. Decision Making: deciding on your future path. Goal Setting: creating your goals, objectives, and Plan. Implementing The Plan: carrying out your plan. No plagiaraism please, if so, no...
Imagine this is your first day as Senior Chief Information Security Officer (CISO) of Company A....
Imagine this is your first day as Senior Chief Information Security Officer (CISO) of Company A. The Chief Financial Officer (CFO) calls you wondering what should have been done differently during a recent incident involving your predecessor. The following incidents recently occurred and were closed out without any alert to senior staff or the CFO. The Chief Financial Officer’s admin reported that their laptops were performing erratically and many popup screens kept appearing while browsing the Internet. Upon inspection, it...
Imagine you are a Senior Officer at the Ministry of Agriculture; you are required to develop...
Imagine you are a Senior Officer at the Ministry of Agriculture; you are required to develop a plan that leads to the efficient utilization of fruits in Guyana by the various stakeholders. Discuss your proposed plan from beginning to end that will contribute to stopping the wastage of fruits in Guyana.
Develop your Career Progression Plan Q2: Suppose you are an IT Officer, according to your career...
Develop your Career Progression Plan Q2: Suppose you are an IT Officer, according to your career development plan, how do you make your decision on your future path.  (More than 500 words) No plagiaraism please, if so, no thumb up for your answer
In terms of Cubersecurity, Develop your organizations (or organization of choice) Comprehensive Information and Security Program...
In terms of Cubersecurity, Develop your organizations (or organization of choice) Comprehensive Information and Security Program answering the following questions: Organisation Name: Kisi Company Type: Wireless Access Control Ststem Employee number:30-50 (PLEASE TRY TO ANSWER ALL MY QUESTIONS. THANK YOU) 11. Physical Security What are the basic fundamentals of your physical security program? 12. Policies • Data Classification and Governance Policy Write a short description • Identify and Access Management Policy Write a short description • Data Retention and Destruction...
Imagine yourself as a security officer walking your patrol route within a mall. As you place...
Imagine yourself as a security officer walking your patrol route within a mall. As you place yourself in the situation, identify an instance in which you would find yourself in the middle of a possible aggravated encounter. Evaluate the actions, on your part, which could result in either criminal or civil actions being brought against you, based on how you responded to the situation.
Address the following questions on ISO standards on information security management and ethics. -Describe the Plan-Do-Check-Act...
Address the following questions on ISO standards on information security management and ethics. -Describe the Plan-Do-Check-Act process. -What does this process accomplish? -Discuss the difference between law and ethics; Research the Sarbanes-Oxley Act of 2002 and discuss how it has impacted information security in an organization.
Imagine you are the Newly hired Security Personnel responsible for creating a security and privacy plan...
Imagine you are the Newly hired Security Personnel responsible for creating a security and privacy plan for your organization. The purpose of your plan is to describe standards that help ensure the privacy and integrity of the many different facets of a network. What policies will you include in your plan that protects the hardware and physical aspects of the network and; Identify hardware areas that need to be secured.
If you were to develop an e-waste plan for YOUR organization:       1. What would be its...
If you were to develop an e-waste plan for YOUR organization:       1. What would be its key components?       2. How would you go about promoting your plan?       3. What do you think would be the response from management and from the workforce?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT