Penetration Testing Penetration Testing
Report on Web Application Penetration Testing and Incident Response
52 Pages9148 Words85 Views
Added on 2022-08-14
About This Document
The OWASP Top 10 is basically a standard awareness document that can be used by the developers, also it can be utilized for the security of a web application. The OWASP Top 10 is basically a standard awareness document that can be used by the developers, also it can be utilized for the security of a web application.
Penetration Testing Penetration Testing
Report on Web Application Penetration Testing and Incident Response
Added on 2022-08-14
ShareRelated Documents
Running head: Penetration Testing
Penetration Testing
Name of the Student
Name of the University
Author Note
Penetration Testing
Name of the Student
Name of the University
Author Note
Penetration Testing 1
Executive Summary:
The purpose of this paper is to discuss about penetration testing. It is also called as pen test. It
is basically a simulated cyber attack that is against the computer systems for checking the
vulnerabilities that are exploitable. The OWASP Top 10 is basically a standard awareness
document that can be used by the developers, also it can be utilized for the security of a web
application. The organisations should adopt the start process and document to ensure that the
web applications minimize the risks. The Top 10 OWASP are as follows:
Injection: The Injection flaws such as NoSQL, SQL, LDAP injection, OS can occur the time
when the non- trusted data has been sent to one of the interpreter. The hostile data of the
attacker is able to trick the interpreter in to execution of access data or commands that are
unintended without proper authorization.
Broken authentication: The functions of the applications are having relation with the
session management as well as authentication that are often implemented incorrectly. It
provide allowance to the hackers that they can compromise keys, password or session tokens
or for exploiting other flaws of implementation for assuming identities of other users.
Sensitive data exposure: Many of the APIs and web applications don’t protect the sensitive
data properly. The hackers may modify or steal the data that are weakly protected.
XML External Entities (XXE): Many of the XML processors that are old or poorly
configured can evaluate the references of external entity within the XML documents.
Brocken access control: The restrictions on user who are authenticated are having
allowance to do are not enforced properly. The hackers may exploit the flaws for accessing
the functionalities or data that are not authorised.
Executive Summary:
The purpose of this paper is to discuss about penetration testing. It is also called as pen test. It
is basically a simulated cyber attack that is against the computer systems for checking the
vulnerabilities that are exploitable. The OWASP Top 10 is basically a standard awareness
document that can be used by the developers, also it can be utilized for the security of a web
application. The organisations should adopt the start process and document to ensure that the
web applications minimize the risks. The Top 10 OWASP are as follows:
Injection: The Injection flaws such as NoSQL, SQL, LDAP injection, OS can occur the time
when the non- trusted data has been sent to one of the interpreter. The hostile data of the
attacker is able to trick the interpreter in to execution of access data or commands that are
unintended without proper authorization.
Broken authentication: The functions of the applications are having relation with the
session management as well as authentication that are often implemented incorrectly. It
provide allowance to the hackers that they can compromise keys, password or session tokens
or for exploiting other flaws of implementation for assuming identities of other users.
Sensitive data exposure: Many of the APIs and web applications don’t protect the sensitive
data properly. The hackers may modify or steal the data that are weakly protected.
XML External Entities (XXE): Many of the XML processors that are old or poorly
configured can evaluate the references of external entity within the XML documents.
Brocken access control: The restrictions on user who are authenticated are having
allowance to do are not enforced properly. The hackers may exploit the flaws for accessing
the functionalities or data that are not authorised.
Penetration Testing 2
Security misconfiguration: The misconfiguration of security is an issue that can be seen
most commonly. It is basically a result default configuration that are insecure.
Cross site scripting XSS: The flaws of XSS occur when an application includes data that are
untrusted in an internet page which is new with out proper escaping or validation and updates
that are existed in the web page.
Insecure deserialization: The deserializations that are not secure can lead to remote
execution of code of remote. They can be utilized for performing attacks that are including
injection attacks, replay attacks.
Using Components with Known Vulnerabilities: The components like frameworks
libraries can run the similar privileges just like the application. The APIs and applications
that are having known vulnerabilities can undermine the defences of application.
Insufficient Logging and monitoring: The insufficient logging as well as monitoring is
coupled with ineffective or missing integration with the response of incident that gives
allowance to the attackers to attack further to the systems, tamper, pivot, destroy or extract
data.
This penetration testing is mainly focused on the contents which is malicious and it is used to
find vulnerabilities. It is specially done to protect the IT infrastructure organization and make
the security of the organization strong. It is related to an ethical hacking technique where the
main aim of penetration testing is to focus on the information of the system which is
penetrating.
Security misconfiguration: The misconfiguration of security is an issue that can be seen
most commonly. It is basically a result default configuration that are insecure.
Cross site scripting XSS: The flaws of XSS occur when an application includes data that are
untrusted in an internet page which is new with out proper escaping or validation and updates
that are existed in the web page.
Insecure deserialization: The deserializations that are not secure can lead to remote
execution of code of remote. They can be utilized for performing attacks that are including
injection attacks, replay attacks.
Using Components with Known Vulnerabilities: The components like frameworks
libraries can run the similar privileges just like the application. The APIs and applications
that are having known vulnerabilities can undermine the defences of application.
Insufficient Logging and monitoring: The insufficient logging as well as monitoring is
coupled with ineffective or missing integration with the response of incident that gives
allowance to the attackers to attack further to the systems, tamper, pivot, destroy or extract
data.
This penetration testing is mainly focused on the contents which is malicious and it is used to
find vulnerabilities. It is specially done to protect the IT infrastructure organization and make
the security of the organization strong. It is related to an ethical hacking technique where the
main aim of penetration testing is to focus on the information of the system which is
penetrating.
Penetration Testing 3
Table of Contents
Introduction:...............................................................................................................................4
Scenario:.....................................................................................................................................4
Penetration Testing:.................................................................................................................13
Types of penetration testing:................................................................................................13
Phases of penetration testing:...................................................................................................14
Uses of penetration testing:......................................................................................................15
Limitation of penetration testing:.............................................................................................15
Penetration testing Tools:.........................................................................................................15
Nmap:...................................................................................................................................15
Nikto:....................................................................................................................................16
SQL map:.............................................................................................................................16
Burp suite:............................................................................................................................17
OWSAP ZAP:......................................................................................................................17
Planning:..................................................................................................................................17
Vulnerabilities:.........................................................................................................................45
Conclusion:..............................................................................................................................48
Bibliography:............................................................................................................................49
Table of Contents
Introduction:...............................................................................................................................4
Scenario:.....................................................................................................................................4
Penetration Testing:.................................................................................................................13
Types of penetration testing:................................................................................................13
Phases of penetration testing:...................................................................................................14
Uses of penetration testing:......................................................................................................15
Limitation of penetration testing:.............................................................................................15
Penetration testing Tools:.........................................................................................................15
Nmap:...................................................................................................................................15
Nikto:....................................................................................................................................16
SQL map:.............................................................................................................................16
Burp suite:............................................................................................................................17
OWSAP ZAP:......................................................................................................................17
Planning:..................................................................................................................................17
Vulnerabilities:.........................................................................................................................45
Conclusion:..............................................................................................................................48
Bibliography:............................................................................................................................49
Penetration Testing 4
Penetration Testing 5
Introduction:
The purpose of this paper is to discuss about the penetration testing. Penetration test is
a method that is used for testing the network, computer system, tracing the route and
scanning the vulnerability. This method is used for cracking the password. This is one kind of
security testing. It is also known as pen testing. There are several tools to check
vulnerabilities that are existed within the system such as Nmap, ZAP, Nikto, SQLMAP, Burp
suite and many more. In this report the vulnerability of given local host site 127.0.0.1/cwk
will be tested. In this paper, there will be recommendation for the vulnerabilities that will be
found within the website.
Scenario:
A samurai VM is given for this scenario with the help of the samurai VM we have to
find the vulnerabilities that are existed in the 127.0.0.1/cwk. The Samurai VM is based on
Kubuntu. The kubuntu is an official flavor of Ubuntu OS that utilizes KDE plasma desktop in
stead of GNOME. Each of the packages of the kubuntu shares the similar repositories just
like the Ubuntu. The desktop can be customized without configuration file editing or without
extra tools. The Setup of samurai VM in VMware VM player is as follows:
Introduction:
The purpose of this paper is to discuss about the penetration testing. Penetration test is
a method that is used for testing the network, computer system, tracing the route and
scanning the vulnerability. This method is used for cracking the password. This is one kind of
security testing. It is also known as pen testing. There are several tools to check
vulnerabilities that are existed within the system such as Nmap, ZAP, Nikto, SQLMAP, Burp
suite and many more. In this report the vulnerability of given local host site 127.0.0.1/cwk
will be tested. In this paper, there will be recommendation for the vulnerabilities that will be
found within the website.
Scenario:
A samurai VM is given for this scenario with the help of the samurai VM we have to
find the vulnerabilities that are existed in the 127.0.0.1/cwk. The Samurai VM is based on
Kubuntu. The kubuntu is an official flavor of Ubuntu OS that utilizes KDE plasma desktop in
stead of GNOME. Each of the packages of the kubuntu shares the similar repositories just
like the Ubuntu. The desktop can be customized without configuration file editing or without
extra tools. The Setup of samurai VM in VMware VM player is as follows:
Penetration Testing 6
Penetration Testing 7
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
OWASP Vulnerabilities: Broken Authentication, Security Misconfiguration, Insufficient Logging & Monitoringlg...
|10
|2534
|1
Penetration Testing Reportlg...
|16
|2973
|89
System Security : Reportlg...
|13
|999
|347
Standard Operating Procedure for Penetration Testinglg...
|11
|1708
|256
Penetration Testinglg...
|8
|1625
|478
Performing a Website and Database Attacklg...
|8
|1086
|40