University Semester.

Verified

Added on 2023/02/01

AI Summary

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

University
Semester
Networking
Student Name:
Register Number:
Submission Date:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Table of Contents
Introduction................................................................................................................................................2
Potential Risks and Threats........................................................................................................................2
Penetration Testing Tools...........................................................................................................................3
a) Description of Tools and Technologies...........................................................................................3
b) Other case episode of their usages.................................................................................................3
Expected Outcomes from the Penetration Testing....................................................................................4
Resources to Complete the Penetration Testing........................................................................................4
Expected Business Benefits........................................................................................................................5
Conclusion and Future Work......................................................................................................................6
References..................................................................................................................................................7
1

Introduction
The main objective of this project is to prepare a report on how to perform penetration testing
on the ecommerce website and Linux based FTP web server, to identify the security breaches and
vulnerabilities.
Mr. Gromer runs a chain of clothing shops in Australia. He has recently taken an interest in
online business. So, Mr. Gromer has approached the PureHacking.com to assess his new e-commerce
website and report any vulnerability in this website. His website is using the Woo commerce Plugin
implemented in word press website platform and the overall website is running on Linux web server.
The web developers are using FTP to upload the website contents to the Linux server.
In this project, the user is a new IT engineer at PureHacking.com. So, the user needs to prepare
the report on how penetration testing is performed on the e-commerce website and Linux based FTP
web server, to identify the security breaches and vulnerabilities, by using the Penetrating tools and
technologies.
Potential Risks and Threats
In e-commerce websites, website security is the most important aspect. Basically, the e-
commerce websites are susceptible size to attack because the e-commerce website has credit card
information, email address and passwords for user accounts. So, it is very susceptible to attackers. If the
e-commerce websites are not properly secured, the user accounts information is taken by attackers and
the email’s password combinations can be tried on the other websites. The most common threats of e-
commerce websites are listed below [1].
Phishing Attacks
The phishing scams are often in the form of an email that look legitimate and also phishing
occurs through the phone calls. Such scams usually include the link to a page and when it is accessed it
can take over an email account or install malware on the user’s computer, where the attackers can steal
user’s personal information, log keystrokes, access their camera and microphone.
DDOS (distributed Denial of Service) Attacks
Basically, the DDOS attacks aims to take the e-commerce website by overwhelming the serves
with the request. The DDOS attack overloads the client-server, slowing them down significantly on
2

taking the client website temporarily offline and preventing legitimate users from accessing the e-
commerce website or completing the orders.
Bad Bots Targeting E-commerce
The bots are common for all the client internet and it has both good and bad bots, the good bots
are used by search engine sites like Bing and Google to crawl and index the client website for their
search results. The Bad Bots access the client database and gather the list of user account logins that can
be resold later [2]
Malware
The malware is the malicious software that the attackers are inserting into the client web pages
or files once they have gained access to the website. The malware can be installed on the client’s
websites, it performs an extremely wide range of activities to steal the credit card and user account
information from the website users.
Penetration Testing Tools
To perform penetration testing on the client e-commerce website, by using the Netsparker
penetration tool.
a) Description of Tools and Technologies
The Netsparker penetration tool is one of most penetration testing tool and it is dead accurate
automated scanner, which is used to identify the vulnerabilities such as Cross-site scripting and SQL
injection in websites and web applications [3]. It uniquely verifies the identified vulnerabilities proving
they are real or false. By using the Netsparker vulnerability scanner, the web server misconfiguration can
also lead to a successful web application hack attack and it easily scans the websites and the web server
with the help of the vulnerability scanner. It scans the hidden XSS, SQL injections and other exploitable
vulnerabilities, works with web 2.0, customer mode web applications FTP and HTML and compatible
with applications built on PHP, Java, .net and other languages.
b) Other case episode of their usages
The Netsparker is used to provide the web application security solution based on three aspects
such as,
 Automatic - It automatically verifies the vulnerabilities with proof based scanning technology.
 United - It uses the variety of integrations to collaborate and streamline the penetration testing
3

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

process.
 Scalable - It easily manages the client web sites and web applications security [4].
It also manually verifies the vulnerability assessments results by using the proprietary proof
based scanning technology which is used to automatically verify the false positives and scale up the user
efforts with scaling up your team. It has the accuracy that enables the user to automate the process. It is
the pioneer of web application security scalabilities and automation. It creates the closed loop
vulnerabilities assessment solutions and it can easily integrate with SDLC and DevOps environment.
Expected Outcomes from the Penetration Testing
The Netsparker is used to provide the advanced security solution that can easily scale up and
automatically determine the vulnerabilities in web services within a hours and it can easily integrated
with secure SDLC. The Netsparker penetration testing is used to provide the following outcomes such as,
 Accurate reports with Proof based scanning technology [5].
 It scans all the client web site assets before malicious hackers do.
 The technology of advanced scanning and crawling which is used to crawl and find the
vulnerabilities in all type of web applications include the single page applications, web 2.0 and
FTP server.
 It identifies the most complex vulnerabilities by using the advanced scanning technology.
 It include the all the team to boost security and it easy to keep all the team in the loop and
manage it.
 It automates the vulnerabilities triage and management to finding the vulnerabilities.
 It creates the closed loop application security solutions to integrate with the solutions in SDLC
and DevOps environments.
Resources to Complete the Penetration Testing
In Netsparker, for optimizing the penetration testing effectiveness to investigate the challenging
security vulnerability by using the advanced web security testing resources such as [6],
 HTTP request builder
4

o The HTTP request builder is used to create own HTTP request or modify the imported
requests. It is used to identify the logical vulnerabilities on e-commerce websites.
 Decoding and Encoding Tools
o The Netsparker includes a text decoder and encoder which is used to support the
encoding of SHA521, URL, HTML and more encoding schemes.
 View state viewer
o It is used to extract the view state data from the HTTP responses and request generated
during the scan and it is used to display the data in view for further troubleshooting
while security scanning is running on Netsparker [7].
 Vulnerability Retest
o It is used to retest the individual vulnerability feature rather than launching another
complete website security scan.
Expected Business Benefits
Here, we are providing the information about the expected business benefits for Penetrating
test using the Netsparker. The Netsparker uses a chrome based crawling engine which is used to
understand any type of legacy and modern website. It can crawl and scan many websites that are
available on the HTTP and HTTPS. It provides the following benefits.
Efficiency and speed through Accuracy
The Netsparker uses the Proof based scanning technology which is used to automatically verify
the identified vulnerabilities and demonstrate that they are not false positives. This process is used to
provide the accuracy of the e-commerce websites. It has the agility to allow scale up their efforts and
scans thousands of websites effortlessly in hours.
Easy Triaging of Vulnerabilities with Integration
It has the capabilities of traditional website security and black box scanners. It even has the
built-in workflow and vulnerability management tools. These two tools are used to provide support for
issue tracking system and continuous deployment, including integration servers [8].
Effective Vulnerability Assessments
 It is used to determine whether attack is possible from outside or inside. It identify all the
resources and connected resources within the e-commerce websites.
5

 Assigns priority and value to each one.
 It provides vulnerability assessment reports across all the vulnerabilities. These reports are used
to provide the information about who conduct the fix and remove the most serious
vulnerability, otherwise address the less serious one.
Based on the penetration testing on e-commerce website, the Netsparker is easy and reliable to
use the web vulnerability scanner and it uses the proof based scanning technology to automatically
confirm the identified vulnerabilities on e-commerce websites. It identifies the issues that are more
complex like SQL injection, blind cross site scripting, DDOS and more. It customizes the attack options,
URL rewrite rules, authentication, crawling settings and more.
Conclusion and Future Work
This project presents a report on how to perform penetration testing on the e-commerce
website and Linux based FTP web server to identify the security breaches and vulnerabilities by using
the Netsparker Penetrating tools and technologies. Netsparker is one of most popular penetration tool
which is used to provide effective penetration testing on the e-commerce websites and it provides the
expected outcomes. The Netsparker tool successfully completes the penetration testing on e-commerce
websites.
In future, we can use the Burp Suite tool to do penetration testing. This tool has the most
popular tool. It performs security testing on web applications. It has various tools that work seamlessly
together to support the entire testing on e-commerce websites.
6

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

References
[1]"Penetration Testing Software | Netsparker", Netsparker.com, 2019. [Online]. Available:
https://www.netsparker.com/penetration-testing-software/. [Accessed: 30- Apr- 2019].
[2]D. Baird, "Vulnerability Assessments and Penetration Tests – What's the
Difference?", Netsparker.com, 2019. [Online]. Available:
https://www.netsparker.com/blog/web-security/difference-between-vulnerability-
assessments-and-penetration-tests/. [Accessed: 30- Apr- 2019].
[3]"Advanced Penetration Testing Web Security Tools in Netsparker |
Netsparker", Netsparker.com, 2019. [Online]. Available:
https://www.netsparker.com/features/advanced/tools-advanced-web-security-
assessment/. [Accessed: 30- Apr- 2019].
[4]"Netsparker Web Application Security Solution Benefits Overview |
Netsparker", Netsparker.com, 2019. [Online]. Available:
https://www.netsparker.com/features/advanced/overview/. [Accessed: 30- Apr- 2019].
[5]"Netsparker | Web Application Security Solution", Netsparker.com, 2019. [Online]. Available:
https://www.netsparker.com/. [Accessed: 30- Apr- 2019].
[6]J. DePriest, "19 Powerful Penetration Testing Tools (BEST Security Testing Tools
Ranks)", Softwaretestinghelp.com, 2019. [Online]. Available:
https://www.softwaretestinghelp.com/penetration-testing-tools/. [Accessed: 30- Apr-
2019].
[7]"Top Security Threats to Ecommerce Websites | Section", Section, 2019. [Online]. Available:
https://www.section.io/blog/website-security-for-ecommerce-websites/. [Accessed: 30-
Apr- 2019].
7

[8]"What is e-commerce and what are the major threats to e-commerce security?", TechGenYZ,
2019. [Online]. Available: https://www.techgenyz.com/2017/04/05/e-commerce-major-
threats-e-commerce-security/. [Accessed: 30- Apr- 2019].
8

1 out of 9

+13062052269

info@desklib.com

University Semester.

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Network Security: Phishing Detection

Prevention of DoS Attacks: Methods and Strategies

Security Evaluation for WidgetsInc Web-Store

Cyber Laws: Examples of Cybercrime, Personal Information in E-commerce, Emerging Online Frauds, Trade Secrets

Network Security and Types of Security Threats and Attacks in Information Technology

Conducting Vulnerability on Windows XP-SP2 System using Nessus and Metasploit