Penetration Test Plan

In: Computers and Technology

Submitted By jaguars8fan
Words 566
Pages 3
Malcolm Testing Solution’s Penetration Test Plan
Customer: The Fitness Club
Introduction: The Fitness Club has already been victim to hacking that took place on their web server. They are unsure if this occurred due to a former administrator who quit or if by an external party. Malcolm Testing Solutions has been tasked with creating a penetration test plan to prevent further acts of attack on the Fitness Club’s network. The objective of the assessment is to provide feedback to The Fitness Club with respect to its ability to preserve the confidentiality, Integrity, and availability of the information maintained by and used by its origination. Malcolm Testing Solutions will test the use of security controls used to secure sensitive data.
Services Overview: This project shall include 1 consultant for a time period of 2 days onsite at a single customer location to provide internal penetration test services. Malcolm Testing Solutions will provide tools, knowledge and expertise to execute an internal penetration test on customer designated devices. Malcolm Testing Solutions will attempt to compromise the access controls on designated systems by employing the following methodology: 1. Enumeration – Once Malcolm Testing Solutions has arrived for The Fitness Club’s assessment they will connect to the network via the data port provided by the customer. Once connected, Malcolm Testing Solutions will run a variety of information gathering tools in order to enumerate computers and devices connected to the network. 2. Vulnerability Mapping and Penetration – Any computers or devices found will be scanned for vulnerabilities using a wide variety of tools and techniques. The tools and techniques used will be consistent with current industry trends regarding exploitation of vulnerabilities. Malcolm Testing Solutions will attempt to find the weakest link that can be…...

Similar Documents

Network Penetration Testing

...FULL BREACH PENETRATION TEST   1. Reconnaissance.   a.    Establish active and inactive routes into the property. b.    Establish Contractor routines (Cleaners, Builders, Electricians, Technician etc) c.    Establish Courier routines d.    Establish employee routines, (Social Engineering) e. Obtain ID card/s, (Theft or Falsify)   2. Gain entry to the building. (Pretext, Deceit, Employment)   a.    Establish Office layout b.    Establish Sensitive offices (Including ComCen and IT rooms) c.    Establish Evacuation routines    3. Acquisition of Intelligence.   a.    Obtain Hard & Soft Copy Information b.    Obtain Top Managerial Personal Information, (Addresses etc) c. (Optional deployment of Ethical Hacking)   4. Disruption/Sabotage   a.    Insertion of dummy explosive/incendiary devices (Packages, Letter Bombs etc). b.    Abduction plan 5. Report The time frame is variable dependent on current security protocols and staff awareness. Client Network Penetration Testing Proposal Document Reference xxx-xxxx-xx Contents 1 Background 3 2 Scope 4 2.1 Types of Attack 4 2.2 Report 5 2.2.1 Executive Summary 5 2.2.2 Technical Report 5 2.2.3 Recommendations 5 2.2.4 Security Policy 5 3 Phase 1 – Internal 6 3.1 Scope 6 3.2 Deliverable 6 4 Phase 2 – Internet 7 4.1 Scope 7 4...

Words: 2185 - Pages: 9

Test Plan

...Test Plan 1. Scope of Testing Unit and Integration are the two levels of testing. The main purpose of unit testing is to remove all errors in programming and logic. This will allow the end-user to have easy-to-use and functioning software application. The login pages will be tested as well as the staff and client login. The database will also be tested and verified that it is able to send and retrieve the proper data. The staff are of the application was also checked so that they are able to make any changes to their personal information. As far as integration testing goes, the main purpose is to ensure that the website is fully-functional before the site is actually live and working. This means that the software and hardware that are needed to support the integration will be working as to give the end-user a website that runs smoothly. We will also be testing the website with various browsers to ensure that it looks and works properly. 2. Unit Test Policy Purpose: The purpose of this testing is to make sure that the website works properly and effectively without any programming or logic errors. Policy: The purpose of the policy is to be able to make any changes that are necessary that may cause any errors with the website. Testing should be recorded and include who did the testing, time recorded, the outcome as well as the corrections. * Insert data – Use insert statements to insert data into tables as well as verify the insert statement with a......

Words: 335 - Pages: 2

Pen Test Plan

...Megan Patterson IS4560 Monday E1 Class Week 1-Penetration Test Plan June 17, 2013 Attack and Penetration Test Plan Megan Patterson IS4560 Childers June 17, 2013 External Penetration testing tests the security surrounding externally connected systems from the Internet, as well as within a corporate network. Controlled tests are used to gain access to Internet resources and ultimately to the DMZ, which is an internal network; by going through and around firewalls from the Internet. External Penetration Testing involves the finding and exploitation of actual known and unknown vulnerabilities from the perspective of an outside attacker. The External Attack and Penetration testing Process is as follows: * Phase 1-Discovery * Analysis * Footprint * Identify * Phase 2-Services * Ping * Map * Scan * Phase 3-Enumeration * Extract * Collect * Intrusive * Phase 4-Application Layer Testing * Manual * Depth * Blind * Phase 5-Exploit * Attack * Penetrate * Compromise The purpose of the External Attack and Penetration testing plan is to outline on what to do for an external penetration test within a corporate network. The goals for this plan if it is successful, is that to go ahead and deploy whatever the tester is testing after documentation has been written, saved, and reviewed by the IT staff. If the plan is not successful, then the tester needs to go through the steps of retesting the......

Words: 402 - Pages: 2

Sample - Test - Plan

...http://www.softwaretestinghelp.com/ Test Plan Template: (Name of the Product) Prepared by: (Names of Preparers) (Date) TABLE OF CONTENTS 1.0 INTRODUCTION 2.0 OBJECTIVES AND TASKS 2.1 Objectives 2.2 Tasks 3.0 SCOPE 4.0 Testing Strategy 4.1 Alpha Testing (Unit Testing) 4.2 System and Integration Testing 4.3 Performance and Stress Testing 4.4 User Acceptance Testing 4.5 Batch Testing 4.6 Automated Regression Testing 4.7 Beta Testing 5.0 Hardware Requirements 6.0 Environment Requirements 6.1 Main Frame 6.2 Workstation 7.0 Test Schedule 8.0 Control Procedures 9.0 Features to Be Tested 10.0 Features Not to Be Tested 11.0 Resources/Roles & Responsibilities 12.0 Schedules 13.0 Significantly Impacted Departments (SIDs) 14.0 Dependencies 15.0 Risks/Assumptions 16.0 Tools 17.0 Approvals 1.0 INTRODUCTION A brief summary of the product being tested. Outline all the functions at a high level. 2.0 OBJECTIVES AND TASKS 2.1 Objectives Describe the objectives supported by the Master Test Plan, eg., defining tasks and responsibilities, vehicle for communication, document to be used as a service level agreement, etc. 2.2 Tasks List all tasks identified by this Test Plan, i.e., testing, post-testing, problem reporting, etc. 3.0 SCOPE General This section describes what is being tested, such as all the functions of a specific product, its existing interfaces, integration of all functions. Tactics List here how you will accomplish the items that you have listed in the "Scope" section. For...

Words: 1343 - Pages: 6

Penetration

...totals for each category – called the “line item budget and 2) a separate budget narrative.  Be sure not to ask for amounts that seem unreasonable (get real prices).  Be sure to cover all the costs you will need. Don’t forget “fringe benefits” of salaries.  DO NOT exceed the maximum amount allowable by the funding source.  Put on your thinking cap, and put a price on everything YOU are bringing to the grant, and put it under In-Kind or under “Agency Share”  Do the same for Other Funding – put a price on what others will do toward the goals of the grant. Abstract, AKA Executive Summary, sometimes AKA Cover Sheet: (see Samples) ALWAYS write this section LAST, even though it goes first. You would not believe how much a plan can change by the time you are through writing a grant! This section should be a one-page miniature version of your proposal, and tell the person who is sorting the grants for review everything they need to know: WHO, WHAT, WHY, WHERE, WHEN, HOW MUCH = Organization/Personnel, Facility, Goal, Objectives, (sometimes a paragraph on Need), a Timeline, and how much $ you want....

Words: 1071 - Pages: 5

Attack and Penetration Test Plan

...Attack and Penetration Test Plan Part 1: Table of Contents 2. Scope 3 .Goals and Objectives 4. Tasks 5. Reporting 6. Schedule 7. Unanswered Questions 8. Authorization Letter Part 2: Scope Production e-commerce Web application server and Cisco network. Located on ASA_Instructor, the e-commerce web application server is acting as an external point-of-entry into the network: • Ubuntu Linux 10.04 LTS Server (TargerUbuntu01) • Apache Web Server running the e-commerce Web application server • Credit Card transaction processing occurs The test will be intrusive, meaning specific security points will be passed. Part 3: Goals and Objectives • If security software is up to speed, and penetration is not possible, a positive result will be given. If security software is not what it should be, penetration will be easy and the results will be explained to you in a separate report. Part 4: Tasks • Determine website size • Determine code of the website Part 5: Reporting • Upon completion of the penetration test, all results found will be in a separate report written by the person whom is performing the test. Part 6: Schedule Phase One-Information Collection (2 days) 1. Client authorization letter 2. Further client information 3. Get IT infrastructure Phase Two-Test Plan Development (3 days) 1. Determine scope 2. Use IT infrastructure to gain further knowledge about what is to be penetrated 3. List things to be penetrated and things that are off limits Phase...

Words: 458 - Pages: 2

Physical Ability Test Plan M2A2

...Physical Ability Test Plan Individual Assessment questionnaire: 1. Prior to being hired were you asked to take any physical ability test? Yes, the position required me to lift up to 70 pounds, I also had to operate a manual transmission U.P.S. vehicle, and forklift test. 2. What do you perceive to be the physical demands of your job? The demands are injuries, stress, physical strain, and working harder and longer hours. 3. On a scale of 1 to 5, with 5 meaning very physically demanding and 1 meaning not at all physically demanding, how physically demanding would you say your job is? I say 4, because getting a strain, sprain, or rupture to your knees, back, or shoulder happens to often, considering when delivering up to 500 packages in a day, and I make about 20 stops an hour. 4. Are there physical demands you were unaware of prior to accepting your position? Yes, the stamina, body movement, and your endurance that you will need to fulfill the long hours working, and the continuous tracking of packages, and there is a high interaction with customers. 5. Do you believe physical ability tests should be given to individuals being considered for your type of work? If yes, what types of physical tests would you recommend? I would recommend a manual dexterity test, static strength test, and reaction time test. 6. This job will require the ability to perform strength, stamina functions for moderate to extended periods of......

Words: 1158 - Pages: 5

Penetration Testing

...Using penetration testing to enhance your company's security Based on the fundamental principle that prevention is better than cure, penetration testing (pen-testing) is essentially an information assurance activity to determine if information is appropriately secured. Conducted by penetration testers, sometimes referred to as ‘white hats’ or ethical hackers, these tests use the same tools and techniques as the bad guys (‘black hat hackers’), but do so in a controlled manner with the express permission of the target organization. Vulnerability scans versus pen-testing A common area of confusion is the relationship between vulnerability scanning (automated) and pen-testing (expert-driven manual testing). Both involve a proactive and concerted attempt to identify vulnerabilities that could expose the organization to a potential malevolent attack. Vulnerability scanners are great at identifying ‘low-hanging’ vulnerabilities, such as common configuration mistakes or unpatched systems that offer an easy target for attackers. What they are unable to determine is the context or nature of the asset or data at risk. They are also less able than humans to identify unknown-unknowns (things not already on the risk register, or which haven't been theorized by the organization as potential security issues). Good pen-testing teams, however, do this very well. For instance, pen-testers can give countless examples of engagements where an environment was previously scanned only for......

Words: 1752 - Pages: 8

Penetration Testing

...Penertation Test? 4 1. Cleint Penetraion Test Request 5 1.2 Scope 5 1.3 Intrusive or Non-Intrusive 5 1.4 Compromise or Non Compromise 5 2. Goals and Objectives 6 3. Penertation testing Methodology 2.1 Penetration test plans 2.2 NIST penertation testing documentation 2.3 Web application penertation testing 2.4 E-commerece penertation testing 2.5 Network penetration testing 2.6 Common tools and applications for peneration testing 7 2.7 Black box testing, grey box testing, Black/grey box testing 2.8 Social engineering testing 7 3. Test Plan 15 3.1 Task 3.1 Reporting 3.1 Schedule 3.2 Limitation of Liability 3.3 End of Testing 3.1 Unanswered Questions 10 3.4 Signatures 8 3.1 Authorization Letter 8 4. Conclusion 11 5. Bibiography 11 Acronyms 22 Appendix A – Test Case Procedures 23 Abstract This document is a proposal with a series of activities undertaken to identify and exploit security vulnerabilities. It helps confirm the effectiveness or ineffectiveness of the security measures that have been implemented. This proposal provides an understanding of penetration testing. It discusses the benefits, the strategies and the mythology of conducting penetration testing. The mythology of penetration testing includes three phases: test preparation, test and test analysis. Key Words: Security Testing, Vulnerability Assessment,......

Words: 1995 - Pages: 8

Sample Master Test Plan

...Sample Master Test Plan TEST PLAN IDENTIFIERRS-MTP01.3 REFERENCES None Identified. INTRODUCTION This is the Master Test Plan for the Reassigned Sales Re-write project. This plan will address only those items and elements that are related to the Reassigned Sales process, both directly and indirectly affected elements will be addressed. The primary focus of this plan is to ensure that the new Reassigned Sales application provides the same level of information and detail as the current system while allowing for improvements and increases in data acquisition and level of details available (granularity). The project will have three levels of testing, Unit, System/Integration and Acceptance. The details for each level are addressed in the approach section and will be further defined in the level specific plans. The estimated time line for this project is very aggressive (six (6) months), as such, any delays in the development process or in the installation and verification of the third party software could have significant effects on the test plan. The acceptance testing is expected to take one (1) month from the date of application delivery from system test and is to be done in parallel with the current application process. TEST ITEMS The following is a list, by version and release, of the items to be tested: A. EXTOL EDI package, Version 3.0 If a new release is available prior to roll-out it will not be used until after installation. It will be a separate......

Words: 3503 - Pages: 15

It Penetration Testing

...Institute Author Retains Full Rights This paper is from the SANS Penetration Testing site. Reposting is not permited without express written permission. Interested in learning more? Check out the list of upcoming events offering "Hacker Techniques, Exploits & Incident Handling (SEC504)" at http://pen-testing.sans.org/events/ Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 A Management Guide to Penetration Testing David A. Shinberg © SANS Institute 2003, © SA NS In sti tu As part of GIAC practical repository. te 20 03 ,A ut ho rr Version 2.1a eta Practical Assignment ins SANS Hacker Techniques, Exploits, and Incident Handling (GCIH) fu ll r igh ts. Author retains full rights. Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Abstract Penetration tests are an excellent method for determining the strengths and weaknesses of a network consisting of computers and network devices. However, the process of performing a penetration test is complex, and without care can have disastrous effects on the systems being tested. This paper provides guidance, primarily focused around planning and management, on how to conduct a penetration test comprised of five phases – Preparation, Public Information, Planning, Execution and Analysis and Reporting. However, due to the technical and sometimes sensitive nature of penetration testing only a cursory overview how to compromise......

Words: 4111 - Pages: 17

Test Plan Template

...4 1.3.3 Testing Process Management Team 4 1.4 Assumptions for Test Execution 5 1.5 Constraints for Test Execution 5 1.6 Definitions 6 2 Test Methodology 6 2.1 Purpose 6 2.1.1 Overview 6 2.1.2 Usability Testing 6 2.1.3 Unit Testing (Multiple) 7 2.1.4 Iteration/Regression Testing 7 2.1.5 Final release Testing 7 2.1.6 Testing completeness Criteria 8 2.2 Test Levels 8 2.2.1 Build Tests 8 2.2.1.1 Level 1 - Build Acceptance Tests 8 2.2.1.2 Level 2 - Smoke Tests 8 2.2.1.3 Level 2a - Bug Regression Testing 8 2.2.2 Milestone Tests 9 2.2.2.1 Level 3 - Critical Path Tests 9 2.2.3 Release Tests 9 2.2.3.1 Level 4 - Standard Tests 9 2.2.3.2 Level 5 - Suggested Test 9 2.3 Bug Regression 9 2.4 Bug Triage 9 2.5 Suspension Criteria and Resumption Requirements 10 2.6 Test Completeness 10 2.6.1 Standard Conditions: 10 2.6.2 Bug Reporting & Triage Conditions: 10 3 Test Deliverables 11 3.1 Deliverables Matrix 11 3.2 Documents 12 3.2.1 Test Approach Document 12 3.2.2 Test Plan 12 3.2.3 Test Schedule 13 3.2.4 Test Specifications 13 3.2.5 Requirements Traceability Matrix 13 3.3 Defect Tracking & Debugging 13 3.3.1 Testing Workflow 13 3.3.2 Defect reporting using G FORGE 14 3.4 Reports 16 3.4.1 Testing status reports 16 3.4.2 Phase Completion Reports 16 3.4.3 Test Final Report - Sign-Off 16 3.5 Responsibility......

Words: 5532 - Pages: 23

Insurance Penetration

...INCREASING INSURANCE PENETRATION IN INDIA Insurance as an industry has secured a vital position in the development of the nation’s economy. An efficient insurance market is essential to achieve integration into the global economy and sustainable strong economic growth. In conjunction with the forces of global consolidation, current advances in information technology and the potential of e-business mark the beginning of a veritable efficiency revolution in the insurance industry. One of insurance's key roles is safeguarding the financial health of small and medium-sized enterprises. In addition to the protection provided by social security systems, insurance cover is crucial for people to insure themselves against inability to work, set aside money for retirement or protect themselves against the loss of their assets. Insurance reduces the investment risk faced by companies and the state. Many companies find it far more expensive, if not impossible, to take out a loan without purchasing the requisite insurance protection. Insured, thereby reduces the costs of raising the capital they need. By reducing investment risk, insurance can also encourage companies to think more long term and increase their risk tolerance. A lot of investments in new production facilities and newly founded companies would never happen if every company was required to have the necessary financial means to make good every conceivable loss. While arguable, it is no exaggeration that the......

Words: 2524 - Pages: 11

Conducting a Penetration Test on an Organization

...Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Conducting a Penetration Test on an Organization This document is decided to give readers an outlook on how a penetration test can be successfully done on an organization. A methodology has been drawn out in this document to allow readers to be acquainted with the process that penetration testers go through to conduct a penetration test. AD Copyright SANS Institute Author Retains Full Rights Conducting a Penetration Test on an Organization TABLE OF CONTENTS PAGE 2 What is a Penetration Test? 2 fu ll r igh ts. Abstract eta ins The Process and Methodology Planning and Preparation Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Information Gathering and Analysis Vulnerability Detection Penetration Attempt Analysis and Reporting Cleaning Up rr Limitation of Penetration Testing ut ho Conclusion 10 10 Appendix A: Netcraft (www.netcraft.com) results on www.sans.org 12 Appendix B: Penetration Testing Tools 14 tu te 20 ,A 11 02 Bibliography 3 3 4 6 7 9 9 sti DETAILS © SA NS In Full name: Chan Tuck Wai GIAC userID: twchan001 Course: Security Essentials Version: First (Original Submission) Conference Location: Malaysia Key......

Words: 5638 - Pages: 23

Penetration Test vs. Vulnerability Assessment

...Penetration Test vs. Vulnerability Assessment Ø Penetration testing ensures you that your network will not be penetrated by malicious users. Ø Vulnerability Assessment gives an organization the ability to identify potentials for intrusion to their network. Ø Penetration test are more intrusive Reason for Assessement Ø Identify the vulnerability Ø Quantify the vulnerability Ø Prioritizing the vulnerability Internal vs. External Ø Internal assessment shows the vulnerabilities that employees or anyone with access to the internal network and exploit them. Ø External assessments shows the vulnerabilities from someone without direct access to the internal network. Window of Vulnerability Ø Unknown Window of Vulnerability Ø Known Window of Vulnerability Risk Ø Vulnerability Ø Attacks Ø Threats Ø Exposure Risk = Vulnerability x Attacks x Threats x Exposure Risk of Internal Assessment Ø Can’t be truly objective Ø Fair and impartial assessment Management is force to deal with the “fox in the Hen House” problem Steps 1-3 to an Successful Assessment • Understand the consequences • Document Management buy-in • Develop manageable objectives Step 4-6 to an Successful Assessment • Determine method • Plan for disruptions • Develop an assessment in a impactful, yet understandable, way. Qualified and Experienced outside Third Party. Ø Protect yourself with an contract Ø Breadth of experience Ø Currency with the latest......

Words: 255 - Pages: 2

Playback nước khác | Bitdefender | Vice Principals S01E01 HDTV x264-KILLERS[ettv]