Running Head: Ecommerce Sales
Penetration Test Plan
IT542 Dr . Matthew North
March nineteen, 2013
Stand of Items
Goals and Objectives4
This Weakness and Penetration Test Strategy is designed specifically for E-commerce Product sales and is created to determine what actions need to be taken up secure and protect the network against malicious problems. This Weeknesses and Transmission Test will handle numerous facets of the Ecommerce Sales technology infrastructure such as the production web commerce web app server and the Cisco network. The ecommerce web application server will act as the external point of access into the WAN and LAN where the pursuing occurs:
вЂў Ubuntu Apache 10. apr LTS Hardware (TargetUbuntu01)
вЂў Apache Web Server running the web commerce web app server вЂў Credit card control
The E-commerce Revenue network protects five sites, Norfolk, Polk, Indianapolis, Seattle, and Western world Covina which all match the corporate hq. This check will be an intrusive test out, but will not compromise any kind of data that falls outside the documentation letter without additional drafted permission via E-commerce Sales. No consumer payment data will be jeopardized and if vulnerabilities are found that might endanger consumer financial details the client will probably be notified instantly. All testing will take place outside of normal organization hours, which can be documented in the schedule and milestone malfunction section of this plan of action.
Goals and Objectives
The ultimate objective of the Weeknesses and Transmission test will be to determine what dangers are present inside the E-commerce network. As per the network diagram presented the objective will be to evaluate the e-commerce web program server plus the Cisco Network including the five remote spots. This will become accomplished by testing not only the net servers, nevertheless firewalls, gain access to points and if applicable cellular networks (Searle, n. deb. ).
The objective is to provide E-commerce Sales a comprehensive report of what vulnerabilities are present and classify them simply by degree of risk potential to the corporation as a whole. After the testing and report can be complete E-commerce Sales will have reports to help these groups: в–Є Boost their security of all technical devices. в–Є Determine and sort vulnerabilities that exist. в–Є Impartial analysis without bias.
в–Є Amend all their security plan and suitable use insurance plan accordingly.
The Vulnerability and Penetration test will provide way to E-commerce Sales to enhance security of their system and improve organization practices. To complete the goals and objectives set forth Moccia Security Talking to will use a thorough methodology to generate proper reviews. The Penetration test will incorporate three levels as illustrated in Figure 1, test preparation, screening, and test analysis. [pic]
(Bacudio, Yuan, Chu & Jones, 2011)
Considering this Penetration Evaluation Plan particulars most of the Evaluation Prep Period, this area with the plan will detail information gathering (footprinting), vulnerability examination, and weakness exploits with test research being detailed in the credit reporting section of this plan of action.
Information gathering, also known as footprinting is the passive, noninvasive gathering of the concentrate on organizations network and software details. These techniques contain but are certainly not limited to: вЂў DNS Issue: With understanding of a domain name testers can obtain affiliated IP address. вЂў Reverse DNS Problem: With a great IP address range testers can acquire...
References: Bacudio, A., Yuan, X., Chu, B., & Jones, Meters. (2011). A summary of penetration testing. Intercontinental Journal of Network Security & The Applications, 3(6), 19. Retrieved from http://airccse.org/journal/nsa/1111nsa02.pdf
Dobison, Meters. (2011, September 9). http://www.fireworkswebsites.com.au/images/example-penetration-security-testing.pdf. Retrieved coming from http://www.fireworkswebsites.com.au/images/example-penetration-security-testing.pdf
Federal government Office info Security. (n. d. ). Study: A penetration tests model. Recovered from http://www.slideshare.net/kushwahaa/a-penetration-testing-model
Infond Securite Informatique. (2010, May 20). tutorial footprinting - passive information gathering before a pentest. Recovered from http://www.infond.fr/2010/05/toturial-footprinting.html
Northcutt, T., Shenk, L., Shackleford, D., Rosenberg, Big t., Siles, 3rd there’s r., & Mancini, S. (2006, June). Penetration testing: Examining your overall protection before attackers do. Retrieved from http://www.sans.org/reading_room/analysts_program/PenetrationTesting_June06.pdf
Penetration Assessment Execution Normal. (2012, March 13). Pre engagement. Retrieved from http://www.pentest-standard.org/index.php/Pre-engagement
Penetration Assessment Execution Regular. (2012, October 13). Credit reporting. Retrieved from http://www.pentest-standard.org/index.php/Reporting
Searle, J. (n. d. ). Ami penetration test program. Retrieved via http://www.smartgrid.epri.com/doc/AMI-Penetration-Test-Plan-1-0-RC3.pdf
Wirelessdefence. org. (2010). Penetration tests tools real estate. Retrieved coming from http://www.wirelessdefence.org/Contents/PenTest_ToolsList.htm[pic]