7COM1068: Penetration Testing

Assignment 1: Pentesting Planning

1|Page
Table of Contents
Task 1.....................................................................................................................................................3
Introduction...........................................................................................................................................3
Penetration Testing...............................................................................................................................3
Ethical Issues and Considerations:.........................................................................................................4
Task 2.....................................................................................................................................................6
Standard Operation Procedure – SOP...............................................................................................6
Decision Making Tree analysis:..........................................................................................................6
References.............................................................................................................................................6

2|Page
Task 1

Introduction
Many of the companies listed below, have secure security, strong security and no internet can affect
their security and performance. But this is just one story, to fill yourself, by force, for example, and
the great IT giants are not good enough to run the work of professionals. Protect and give others a
good answer. One can say that some of them do not participate because of the internet, we cannot
guarantee that they will be better in the future, it is different from your treatment. Personal safety
as runners continue to improve themselves to get into the deep industry. , businesses, research sites
and our government or country is not currently safe.

Now if we have good security experts, then we can improve our security, but sometimes we get
involved in cyber-attack, the first objective is not that the experts working in our security
environment are not in control for the work they follow, but perhaps their approach is simply to
ensure that network and security are blocked at certain levels only. As they meet the new face
where we fund some external teams for Testing and testing of servers, web applications, topology
and networks and systems to find new weaknesses and disadvantages. they have no idea about the
network and the service running on the server. Therefore, they have the time and eternity to be able
to access a system or network to detect gaps and then provide them with security measures to
compensate for them or reduce the risk.

Speaking of Cyber Security, now-a-days everyone needs this security feature, even if they don’t have
to worry about money and cash registers. As if the company’s assets for digital data are not stored
and then, what can they do online shopping and what will be the result of their export? So, lo and
behold, we have a Penetration research process or process that the IT industry follows to find
existing gaps and some visual weaknesses to block them before runners know it. So, look, we're
testing in three different approaches, namely the White-Box test, the Black-Box test and the Gray-
Box test. So, after we have a Penetration test, we will get more information about our safety and
new problems or threats that may be useful so that we can block them before some attackers or
their players.

Penetration Testing
Currently in critical content, our services are offered to companies and organizations across multiple
platforms such as Web-based applications, Network topology, servers, physical security and Wireless
Network topology. As it is not limited to one area, the main goal of conducting Scientific Research is
to find new perspectives on the current climate and what will be the impact on climate. Really who
can we put in? Now by the way of working, so there is no international law or instruction designed to
implement the use of Penetration, the reason is that we cannot agree in any way to prevent block
your assets. So here we cannot follow an individual, or a group of people who have been virtuous. In
Security, we need to update ourselves daily and all the time, where we do not know when and how-
to Cyber-Stop?

For the rest of our Penetration Models OWASP, PTES, OSSTM and more, we will discuss the
differences between our peer beliefs in the following sections, but before that, we will discuss time
to follow the test:

3|Page
 • Information Collection: Generally, we will receive from the owner of the system and the
application. Here, we collect information from online sources about web design software,
payment link organization and product information.
• Monitoring: Here, we will perform an online data analytics service and find the best ports,
os, user and unit, data analytics services going on servers or applications.
• Access: Here, we invest a lot of money in finding the wrong place and the wrong place.
There, we developed new software to use it for the capabilities of the Xero day that we
could not see.
• Access control: Here we are trying to access an application we have made longer than we
can install it. Therefore, we can develop software such as keylogger, spyware, horse trojan
and all external downloads to gain access from users or machines.
• Demonstration: Here, we will provide a detailed description of the inability to violence and
doubt. And also provide evidence of this idea to create a simple effect and provide a safe
and secure environment.

Ethical Issues and Considerations:

A contentious issue in Cyber World as a lack of space for ethics and value. The only thing that
matters is Mindset, where we can familiarize ourselves with our work and responsibilities for what
we have learned in Cyber Security as well as what comes next to achieve the security of
development in Architecture and developers.

Just as it is important only when there is a threat of human data intrusion, or someone may
accidentally dump the platform on the Internet and compromise your security. Comes with
Penetration Testing stuff, so here we believe our examiner should trust and give the best results
instead of checking their performance. Their concern is always worrying, because we provide
complete internal and security information to hack them so that they can gain access or control. It is
not easy, even if we have already written documents and contract documents. We even have a non-
disclosure agreement, maybe one person in the group takes his or her mind off the money, then
they can sell or expose the security space online and then it will reach the person it is can attack the
system without wasting any time the attackers or the criminals do.

Conflicts can occur such as:

• Uncertainty: Usually as we have done with the contract, we do not trust the inspector, so we
will be at risk when we do the Penetration process.
• Privacy: It is unknown who can compromise your security and provide information to the
outside world and people who now want to rely on the network and the app or app they can
log in anonymously and receive a warning in the firewall or in our system intrusion
detection. The.
• Privacy Dissatisfaction: This risk we always carry in our hearts, because we damage
emotional violence means they may be the best we can find or we just want. to pass the
inspection of all the ordinances, until the rest shall not rest. Therefore, here we must believe
that the staff and the team behind the system will be protected from any action.

Now, let's look at the comparison of the Penetration process with instructions:

Now considering Penet Probe we have many options available in the market. All of us have only a
few step-by-step instructions based on availability and user requirements. So, let's look at some of

4|Page
the cultural differences between many innovative methods including many experimental and
experimental products.

See EC-COUCIL Pentesting Instructions:

• Data collection in bulk

• Tests and breeds
• Take a bus
• Exercise in and out
• Display and text formatting

Now, let's take a look at the Model - PTES

Here are some things to do:

• Pre-installation process
• Intelligence data collection of intelligence
• Music finds patterns and models
• Ul to get size and dimensions
• Take a bus
• Actions Information and Publications

Although we have some Penetration Framework and Standards such as OSSTMM, Owasp Web guide
and Mobile guide, NIST 800-115, and others we have. Ultimately, all of these systems have the same
purpose, which is to store the memory and also provide the best storage solution for the
organization and IT Infrastructure. Now, let’s move on to the next section where we will provide a
step-by-step guide for logging in to the operating system as well as how to log in to a Linux server
that will provide the 3-function in the next service.

5|Page
Task 2
Here, we are working on a management project, where we will divide the plans into different
processes. As we need to monitor and evaluate our system how to do the measurement of the Linux
server provides? What steps can we take and what should we start trying?

Standard Operation Procedure – SOP

Decision Making Tree analysis:

References

6|Page