Penetration Test Ecommerce Company
LAB 1 ITN.261
PENETRATION TEST PLAN ECOMMERCE COMPANY
Table of Contents
SCOPE…………………………………………………………………………………………………..2
GOALS AND OBJECTIVES………………………………………………………………………2
TASKS…………………………………………………………………………………………………..3
REPORTING…………………………………………………………………………………………..3
SCHEDULES…………………………………………………………………………………………..3
UNANSWERED QUESTIONS………………………………………………………………….3
AUTHORIZATION LETTER………………………………………………………………………4
SCOPE: The scope of this penetration test will be as follows:
We are running a penetration test from Jan. 1 to Jan. 15th, 2014 on the client’s ecommerce production environment.
We will test the Production Web Application server and Cisco Network located on ASA_Instrw
The application server is an external point of entry
The server is an Apache Server acting as an ecommerce web application server
Company’s uses the machine as a web portal
Credit card transactions are initiated here
GOAL and OBJECTIVES:
This test will verify whether Client Security checkpoints are effective in eliminating security breaches to client’s Cisco Network
We will utilize Black box testing to simulate hacker intrusions into the environment to steal customer data.
We will utilize gray box testing techniques to simulate internal breaches of from insider threats
TASKS:
Three step process 1. Explore the system. 2. Test for Vulnerability 3. Test for Exploitability.
We will use Ethereal (Ethereal.com) To intercept a sample network packages to explore possible vulnerabilities.
Will use NMap an open source utility for network exploration and security auditing. NMAPP utilizes raw IP packets to determine what hosts are available on the network, what services (ports) they are running, what operating systems they are using, and what firewalls are in place.
Will Use HOLDADECK WEB to test for vulnerabilities in web based applications. Uses a spider to discover Web Page vulnerabilities including buffer overflows, cross site scripting and SQL injections.
We
PENETRATION TEST PLAN ECOMMERCE COMPANY
Table of Contents
SCOPE…………………………………………………………………………………………………..2
GOALS AND OBJECTIVES………………………………………………………………………2
TASKS…………………………………………………………………………………………………..3
REPORTING…………………………………………………………………………………………..3
SCHEDULES…………………………………………………………………………………………..3
UNANSWERED QUESTIONS………………………………………………………………….3
AUTHORIZATION LETTER………………………………………………………………………4
SCOPE: The scope of this penetration test will be as follows:
We are running a penetration test from Jan. 1 to Jan. 15th, 2014 on the client’s ecommerce production environment.
We will test the Production Web Application server and Cisco Network located on ASA_Instrw
The application server is an external point of entry
The server is an Apache Server acting as an ecommerce web application server
Company’s uses the machine as a web portal
Credit card transactions are initiated here
GOAL and OBJECTIVES:
This test will verify whether Client Security checkpoints are effective in eliminating security breaches to client’s Cisco Network
We will utilize Black box testing to simulate hacker intrusions into the environment to steal customer data.
We will utilize gray box testing techniques to simulate internal breaches of from insider threats
TASKS:
Three step process 1. Explore the system. 2. Test for Vulnerability 3. Test for Exploitability.
We will use Ethereal (Ethereal.com) To intercept a sample network packages to explore possible vulnerabilities.
Will use NMap an open source utility for network exploration and security auditing. NMAPP utilizes raw IP packets to determine what hosts are available on the network, what services (ports) they are running, what operating systems they are using, and what firewalls are in place.
Will Use HOLDADECK WEB to test for vulnerabilities in web based applications. Uses a spider to discover Web Page vulnerabilities including buffer overflows, cross site scripting and SQL injections.
We