Security Evaluation for WidgetsInc Web-Store
Evaluate the security of a virtual machine provided by Benny Vandergast Inc for WidgetsInc and propose security measures to address any issues found.
11 Pages3970 Words239 Views
Added on 2023-06-12
About This Document
This report evaluates the security testing for WidgetsInc web-store, highlighting vulnerabilities such as password breaches, malware, and lack of encryption. The report proposes solutions to address these vulnerabilities and enhance the security of the web-store.
Security Evaluation for WidgetsInc Web-Store
Evaluate the security of a virtual machine provided by Benny Vandergast Inc for WidgetsInc and propose security measures to address any issues found.
Added on 2023-06-12
ShareRelated Documents
SECURITY EVALUATION
Insert Your Name Here
Insert Your Tutor’s Name Here
Institution Affiliation
Date
Insert Your Name Here
Insert Your Tutor’s Name Here
Institution Affiliation
Date
A report on the security testing evaluation for WidgetsInc web-store
Introduction
Web-store is the trending technologies in e-business. Most companies tend to perform their transactions
online. There is a number of advantages of incorporating e-commerce in a company. The advantages
include: increase of sales, accessing a wider market, reducing the cost of operation and increasing the
profit margin. However, the web store has some threats which could led to the failure of a system. The
failures include: password breaches, DOS attacks, ransomware, data destruction and fraud
(TechGenYZ, 2018).
The password breaches is one of the most dangerous activities with the network system. Passwords
make systems distinct from each other. The hackers tend to crack easy passwords and get the access to
the system and can steal the databases or manipulate the processes in the system. The administrative
passwords allow the users to access the hosting servers and the database servers. The password of
access the servers should be strong (Khan, 2014). The passwords should be lengthy and use high
entropy words that are hard to crack.
Secondly, DDOS attacks that means Distributed Denial of Services (Acharya and Pradhan, 2017). This
involves denying legitimate user the permission of using the system. The hackers tend to manipulate
the system and takes control of the system. The hackers inject malware by passing authentication
controls. DDoS can result to major business risks which would affect the business for long. The DDoS
attacks can take long before they are noticed by the security administrators (ZHANG and QIN, 2010).
The e-commerce site are also prone to malware and botnet attack. They would affect the transaction of
the site. There are quite a number of threats.
Security testing is quite important for the web-store application. The security testing involves testing
for the: availability of the system, confidentiality, proper authentication and the resilience of the
system. Since there are many transactions that will be performed through the web-store application the
WidgetsInc must ensure the system is secure before launching it (Giac.org, 2018).
When a system is secure then the company will be assured of customer loyalty, more customers, a
grater profit margin and less cost in the business processes. The company will also be assured of
minimal instances of downtime.
The security threats as mentioned are quite many. The system has to be safe from threats and in case of
any attack the system administrators should be aware of the problem or the attempt of an intrusion. For
assurance of the system security WidgetsInc Company delegated the test evaluation of the web-store
Introduction
Web-store is the trending technologies in e-business. Most companies tend to perform their transactions
online. There is a number of advantages of incorporating e-commerce in a company. The advantages
include: increase of sales, accessing a wider market, reducing the cost of operation and increasing the
profit margin. However, the web store has some threats which could led to the failure of a system. The
failures include: password breaches, DOS attacks, ransomware, data destruction and fraud
(TechGenYZ, 2018).
The password breaches is one of the most dangerous activities with the network system. Passwords
make systems distinct from each other. The hackers tend to crack easy passwords and get the access to
the system and can steal the databases or manipulate the processes in the system. The administrative
passwords allow the users to access the hosting servers and the database servers. The password of
access the servers should be strong (Khan, 2014). The passwords should be lengthy and use high
entropy words that are hard to crack.
Secondly, DDOS attacks that means Distributed Denial of Services (Acharya and Pradhan, 2017). This
involves denying legitimate user the permission of using the system. The hackers tend to manipulate
the system and takes control of the system. The hackers inject malware by passing authentication
controls. DDoS can result to major business risks which would affect the business for long. The DDoS
attacks can take long before they are noticed by the security administrators (ZHANG and QIN, 2010).
The e-commerce site are also prone to malware and botnet attack. They would affect the transaction of
the site. There are quite a number of threats.
Security testing is quite important for the web-store application. The security testing involves testing
for the: availability of the system, confidentiality, proper authentication and the resilience of the
system. Since there are many transactions that will be performed through the web-store application the
WidgetsInc must ensure the system is secure before launching it (Giac.org, 2018).
When a system is secure then the company will be assured of customer loyalty, more customers, a
grater profit margin and less cost in the business processes. The company will also be assured of
minimal instances of downtime.
The security threats as mentioned are quite many. The system has to be safe from threats and in case of
any attack the system administrators should be aware of the problem or the attempt of an intrusion. For
assurance of the system security WidgetsInc Company delegated the test evaluation of the web-store
application to Benny Vandergast Inc. Benny Vandergast Inc. provides a VMware that was used in the
testing processes. There are four major practices that were taken into consideration in the testing
processes.
Investigation of the system security
The practices included noting down the issues that can’t be recreate, getting solutions for the collisions
that would happen during the testing, the testing can to be in control in case of the test matrix would
become difficult to manage and the team would ensure that the VMware used in testing would provide
smart monitoring of the activities that took place in the system. First, there are some error that can be
encountered but can be reproduced. In such cases, the errors could have cause the system to crash. So,
trying to produce the errors would be impossible. The solution to such a problem, is use of VMware
Snapshots tool. The tools allowed the team that was testing to go back and view the execution that
would lead to the system crash. The VMware Snapshot tools tends to save recorded session to view
them later. Secondly, there are some test would require to be tested simultaneously within a similar
environment. The situation seem a bit challenge by cloning and network fencing practices would be
applicable in such a scenario. The third point is, able to manage the process even when the test matrix
becomes challenging to manage. The team that was involved in the testing process came up with some
testing levels. The testing was divided into three testing levels. The First level involved, testing of the
servers and the databases. The second level involved testing the network and the third level involved
testing the work stations to be used. Using the level in testing eased the testing process. Finally, the
testing crew had to come up with a monitoring system whereby, the people involved in the testing
would easily identify any intrusion in the system. A VMware monitoring tool that was used was the
Opvizor. Also, Snap-watcher played a great role in the monitoring of the system. The Snapwatch is able
to capture the VMware snapshots. This makes the monitoring of the transaction easier.
The Set up and the configuration of virtual test environment.
Benny Vandergast Inc. had to set up the virtualization infrastructure. VMware ESXi Server was
installed in the infrastructure. There were a few prerequisites that were required in the set up process.
The recommended RAM of about 4 GB RAM. This was meant to ensure that multiple VMs would be
running on the top of the base OS. The machine is supposed to be 64-bit virtual Machine. That were set
to run on a disk array which was different from the operating system runs on. The Virtual Machine runs
on a different disk. The installer tends to create basic service which run on the host machine during the
installation process. The services were used in managing the virtual environment created. After the
installation was completed the computer was restarted and the testing crew also installed PowerCLI
testing processes. There are four major practices that were taken into consideration in the testing
processes.
Investigation of the system security
The practices included noting down the issues that can’t be recreate, getting solutions for the collisions
that would happen during the testing, the testing can to be in control in case of the test matrix would
become difficult to manage and the team would ensure that the VMware used in testing would provide
smart monitoring of the activities that took place in the system. First, there are some error that can be
encountered but can be reproduced. In such cases, the errors could have cause the system to crash. So,
trying to produce the errors would be impossible. The solution to such a problem, is use of VMware
Snapshots tool. The tools allowed the team that was testing to go back and view the execution that
would lead to the system crash. The VMware Snapshot tools tends to save recorded session to view
them later. Secondly, there are some test would require to be tested simultaneously within a similar
environment. The situation seem a bit challenge by cloning and network fencing practices would be
applicable in such a scenario. The third point is, able to manage the process even when the test matrix
becomes challenging to manage. The team that was involved in the testing process came up with some
testing levels. The testing was divided into three testing levels. The First level involved, testing of the
servers and the databases. The second level involved testing the network and the third level involved
testing the work stations to be used. Using the level in testing eased the testing process. Finally, the
testing crew had to come up with a monitoring system whereby, the people involved in the testing
would easily identify any intrusion in the system. A VMware monitoring tool that was used was the
Opvizor. Also, Snap-watcher played a great role in the monitoring of the system. The Snapwatch is able
to capture the VMware snapshots. This makes the monitoring of the transaction easier.
The Set up and the configuration of virtual test environment.
Benny Vandergast Inc. had to set up the virtualization infrastructure. VMware ESXi Server was
installed in the infrastructure. There were a few prerequisites that were required in the set up process.
The recommended RAM of about 4 GB RAM. This was meant to ensure that multiple VMs would be
running on the top of the base OS. The machine is supposed to be 64-bit virtual Machine. That were set
to run on a disk array which was different from the operating system runs on. The Virtual Machine runs
on a different disk. The installer tends to create basic service which run on the host machine during the
installation process. The services were used in managing the virtual environment created. After the
installation was completed the computer was restarted and the testing crew also installed PowerCLI
(Dekens, 2016). The PowerCLI is used to connect to the local VMware ESXi Server (Ixiacom.com,
2018). The server should be connected to 192.168.1.1 and enter the credentials. There were other tools
that were required in the testing that were installed in the VM. The process makes easier and the VM
performance is improved.
After installing was complete and successful, Benny Vandergast began the testing process. The whole
process of virtualization allowed them to consolidate the service, use minimal space, perform less
coding and less power was used (Mastering Vmware Vsphere 4, 2011).
The network interface cards of the VMware ESXi Server were installed and configured, The Operating
System ought to be updates as well as the Virtual Machine IP and DNS records were update. On the
completion of the VM configuration and the configuration of the network, a snap of the VM was taken.
The caption is require to contain the initial configuration of the VM before testing commenced. The
snapshot would be used to get back to the initial step when necessary (Keikha and Sadeq, 2015).
Creating configuration files
Data about the environment in which the testing is performed is necessary. The environment can be
given a variable name. The environment could be give $testenv. The variable can be used to store
names of the Virtual Machined created or cloned, the name of the server and the database table. The
Network Interface Card installed in the Virtual Machine was used in building the configuration file to
the executions that will take place in the future. The configuration files created would also be used in
making a report. The NIC variable is used in storing information such as IP, DNS, Subnet masks and
much more information. The scripts are the combined and the VM creates a config file with the IP
being used (Offutt, 2008).
Test and the test framework
There is much customization to execute the custom scripts. Some action can be automated by copying
the files to the Guest office. The activities that were automated included: downloading and installing
the software to be tested, the sources were synced with the test and the frameworks, the management of
Microsoft products via PowerShell API (Tachev, 2016). The executable files which include ZIP files,
dll and other files were copied into the VM’s local system. After that the set were synced to the source
control repository. Any script that was executed would point to another script or to its self. When the
script ws executed, the results returned in real time during the testing phase. One the result is display in
a various test, another snapshot s necessary (LI et al., 2014).
2018). The server should be connected to 192.168.1.1 and enter the credentials. There were other tools
that were required in the testing that were installed in the VM. The process makes easier and the VM
performance is improved.
After installing was complete and successful, Benny Vandergast began the testing process. The whole
process of virtualization allowed them to consolidate the service, use minimal space, perform less
coding and less power was used (Mastering Vmware Vsphere 4, 2011).
The network interface cards of the VMware ESXi Server were installed and configured, The Operating
System ought to be updates as well as the Virtual Machine IP and DNS records were update. On the
completion of the VM configuration and the configuration of the network, a snap of the VM was taken.
The caption is require to contain the initial configuration of the VM before testing commenced. The
snapshot would be used to get back to the initial step when necessary (Keikha and Sadeq, 2015).
Creating configuration files
Data about the environment in which the testing is performed is necessary. The environment can be
given a variable name. The environment could be give $testenv. The variable can be used to store
names of the Virtual Machined created or cloned, the name of the server and the database table. The
Network Interface Card installed in the Virtual Machine was used in building the configuration file to
the executions that will take place in the future. The configuration files created would also be used in
making a report. The NIC variable is used in storing information such as IP, DNS, Subnet masks and
much more information. The scripts are the combined and the VM creates a config file with the IP
being used (Offutt, 2008).
Test and the test framework
There is much customization to execute the custom scripts. Some action can be automated by copying
the files to the Guest office. The activities that were automated included: downloading and installing
the software to be tested, the sources were synced with the test and the frameworks, the management of
Microsoft products via PowerShell API (Tachev, 2016). The executable files which include ZIP files,
dll and other files were copied into the VM’s local system. After that the set were synced to the source
control repository. Any script that was executed would point to another script or to its self. When the
script ws executed, the results returned in real time during the testing phase. One the result is display in
a various test, another snapshot s necessary (LI et al., 2014).
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Security Evaluation for WidgetsInc Web-Storelg...
|11
|4054
|388
Computer Security System Investigationlg...
|20
|2886
|78
Assignment | Objectives Of Information Securitylg...
|4
|1500
|90
Computer Security System Investigationlg...
|18
|2613
|81
Computer Security-System Investigationlg...
|12
|1368
|37
Cyber-Security Tools in Using Automating Defense of Networkslg...
|4
|655
|77