Software Testing and Better Protect Companies
09/19/13 IS4560
Lab 1
Task 1
1. Introduction
2. Will the testing be done after business hours?
3. The scope covers the type of testing one need to do like load testing. The scope defines what will be done in the testing process.
4. Define what will be tested and when.
5. Define what we test first.
6. Define what passed and what failed.
7. Define what day and time testing will begin and end.
Task 2
1. Foot printing, Scanning and Enumeration, System Hacking, Deploy Payload and cover tracks. 2. The first step would be reconnaissance to gather information quietly.
3. Google would be the first and foremost tool.
4. Phishing and baiting would be the most common.
5. Refers to scanning a system for vulnerabilities and reveals information about the target that is needed to access it. 6. By deleting all traces of information that the attacker was there, being careful not to delete too much which could also prove someone was there. 7. Most hackers would leave a backdoor into the system.
8. Stop here and report it.
9. NIST 800-42 Guideline on Network Security testing.
10. Planning, Discovery, attack, and reporting.
11. To show what an attacker would have access to if they were in the system.
12. The tester should only penetrate areas that the client has informed and told them to. 13. This would be to test the response of their IT team and if they can detect in intruder. 14. A web application penetration only focuses on the web application itself and a network test focuses on the network. 15. A hacker uses his talents to affect a personal gain while an ethical hacker uses his talents to help better protect companies.
Lab 1
Task 1
1. Introduction
2. Will the testing be done after business hours?
3. The scope covers the type of testing one need to do like load testing. The scope defines what will be done in the testing process.
4. Define what will be tested and when.
5. Define what we test first.
6. Define what passed and what failed.
7. Define what day and time testing will begin and end.
Task 2
1. Foot printing, Scanning and Enumeration, System Hacking, Deploy Payload and cover tracks. 2. The first step would be reconnaissance to gather information quietly.
3. Google would be the first and foremost tool.
4. Phishing and baiting would be the most common.
5. Refers to scanning a system for vulnerabilities and reveals information about the target that is needed to access it. 6. By deleting all traces of information that the attacker was there, being careful not to delete too much which could also prove someone was there. 7. Most hackers would leave a backdoor into the system.
8. Stop here and report it.
9. NIST 800-42 Guideline on Network Security testing.
10. Planning, Discovery, attack, and reporting.
11. To show what an attacker would have access to if they were in the system.
12. The tester should only penetrate areas that the client has informed and told them to. 13. This would be to test the response of their IT team and if they can detect in intruder. 14. A web application penetration only focuses on the web application itself and a network test focuses on the network. 15. A hacker uses his talents to affect a personal gain while an ethical hacker uses his talents to help better protect companies.