Is4560 Develop an Attack & Penetration Test Plan

2111 Words9 Pages
Develop an Attack & Penetration Test Plan Chris Wiginton ITT Technical Institute, Tampa FL Instructor: Robert Campbell 14 December, 2014 Attack and Penetration Test Plan Table of Contents I. Scope II. Authorization Letter III. Client Questionnaire IV. Test Plan Scope V. Goals and Objectives VI. Test Plan Tasks VII. Test Plan Reporting VIII. Project and Test Plan Schedule I. Scope Production e-commerce Web application server and Cisco network. Located on ASA_Instructor, the e-commerce web application server is acting as an external point-of-entry into the network: * Ubuntu Linux 10.04 LTS Server (TargerUbuntu01) * Apache Web Server running the e-commerce Web application server * The test will be intrusive without Compromise * Penetration test to be conducted between 2 a.m. and 6 a.m. EST Weekends only. II. Authorization Letter See Appendix A III. Client Questionnaire # | QUESTIONS | ANSWER | COMMENT | 1) | What is the business requirement for this penetration test?1. This is required by a regulatory audit or standard?2. Proactive internal decision to determine all weaknesses?3. Is the driver for this to comply with an audit requirement, or are you seeking to proactively evaluate the security in your environment? | | | 2) | Will this be a white box test or a black box test?White Box: a test where specific information has been provided in order to focus the effort.Black Box: a test where no information is provided by the client and the approach is left entirely to the penetration tester (analyst) to determine a means for exploitation. | | | 3) | How many IP addresses and/or applications are included as in‐scope for this testing? Please list them, including multiple sites, etc. | | | 4) | What are the objectives?a.) Map out vulnerabilitiesb.) Demonstrate that the

    More about Is4560 Develop an Attack & Penetration Test Plan

      Open Document