Penetration Test plan
Unit 1 Lab 1
1. A table of contents:
The scope of this Penetration test will include a fully intrusive without compromise attack and penetration test on the e-commerce web-based application server and cisco core backbone network that will be during the hours of 2:00am – 6:00am on Saturday and Sunday only. There will be no compromise on the extraction of information. A compromise can be involved only with Written Client Authorization Only. We will apply a full system backup prior to attack and penetration attack in the event of system malfunction or loss of data. This is subject to change at the Clients’ discretion.
2. Authorization letter:
We at E-Commerce Emporia authorize Darren Flory, Jason Olea, and James Williams of Hackers United to administer an Intrusive attack and penetration test during the hours of 2:00am to 6:00am every Saturday and Sunday until all weaknesses and vulnerabilities are established, limited or eliminated. A full system backup will be initiated pre-test each week. Any system failure as a result of testing will be handled by E-Commerce Emporia with Hackers United assisting in the fixing of the potential problems that arose.
3. A list of client questions that you need to answer:
When will this test take place?
How much will this affect my production processing?
Can the test avoid certain systems?
How does web penetration test different from network penetration test?
Should we advise the IT staff of the test.
4. A test plan scope defining what is in scope and what is out of scope and why:
The scope of this project is to perform a penetration test on the web-based application server, Cisco Core Backbone Network, and post penetration test assessment. All other aspects are considered out of scope.
5. Goals & objectives:
To find as many known vulnerabilities that can be located in the NIST vulnerability database. A successful test will be to find and document vulnerabilities and provide solutions to correct these issues.
1. A table of contents:
The scope of this Penetration test will include a fully intrusive without compromise attack and penetration test on the e-commerce web-based application server and cisco core backbone network that will be during the hours of 2:00am – 6:00am on Saturday and Sunday only. There will be no compromise on the extraction of information. A compromise can be involved only with Written Client Authorization Only. We will apply a full system backup prior to attack and penetration attack in the event of system malfunction or loss of data. This is subject to change at the Clients’ discretion.
2. Authorization letter:
We at E-Commerce Emporia authorize Darren Flory, Jason Olea, and James Williams of Hackers United to administer an Intrusive attack and penetration test during the hours of 2:00am to 6:00am every Saturday and Sunday until all weaknesses and vulnerabilities are established, limited or eliminated. A full system backup will be initiated pre-test each week. Any system failure as a result of testing will be handled by E-Commerce Emporia with Hackers United assisting in the fixing of the potential problems that arose.
3. A list of client questions that you need to answer:
When will this test take place?
How much will this affect my production processing?
Can the test avoid certain systems?
How does web penetration test different from network penetration test?
Should we advise the IT staff of the test.
4. A test plan scope defining what is in scope and what is out of scope and why:
The scope of this project is to perform a penetration test on the web-based application server, Cisco Core Backbone Network, and post penetration test assessment. All other aspects are considered out of scope.
5. Goals & objectives:
To find as many known vulnerabilities that can be located in the NIST vulnerability database. A successful test will be to find and document vulnerabilities and provide solutions to correct these issues.