De Montfort University: CECT5804 Penetration Testing Report

This report provides a comprehensive overview of penetration testing, also known as pen testing, as a simulated cyber attack to identify exploitable vulnerabilities in computer systems. The report discusses the OWASP Top 10, a standard for web application security, and covers topics such as injection flaws, broken authentication, and sensitive data exposure. It details the types, phases, and uses of penetration testing, along with its limitations. The report includes an analysis of a scenario involving a Samurai VM and the website 127.0.0.1/cwk. It also explores various penetration testing tools like Nmap, Nikto, SQLmap, Burp suite, and OWASP ZAP. The report concludes with a discussion of planning and vulnerabilities, providing insights into ethical hacking and IT infrastructure security.