CTEC3410 Web Application Penetration Testing

CTEC3410 Web Application Penetration Testing
Penetration Test Coursework Specification
Web Application Penetration Testing
Please read all sections of this specification carefully before starting to work.


You may work on the pentest coursework in pairs. You must make it clear in your report who your partner is. I will assume that each partner has contributed equally unless you tell me otherwise. Include a brief appendix that describes how the work was divided. After reading this coursework specification, I strongly suggest you make yourself a check-list of the submission requirements.

Learning outcomes
On successful completion of this module the student will be able to:
1 Understand penetration testing strategies and methodologies
2 Implement penetration testing methodologies to perform a penetration test
3 Explain the role and importance of a scoping document
4 Craft a suitable technical report outlining discovered problems and suggest mitigation

Objectives
• Write a scoping document outlining what can and cannot be tested in the pentest. Include all information that is relevant.
• Analyse the given web application (via URL/port 80/port 443) for vulnerabilities.
• Produce a report describing and analysing the processes you used, the vulnerabilities you found and the exploits you used.
• Produce an executive summary summarising your findings.

Background
You have been approached by a nascent e-commerce business (BozBits PLC) who have had a web application created to support and facilitate their business. However, the business’ management has become suspicious of the quality of the application produced by a web development bureau, and have approached you, as a pentesting consultant, to conduct a web application penetration test. The business has no expertise in webtech and the CEO is technically illiterate.

Requirements

You will prepare, for signing, a scoping contract document, covering the above requirements (any other requirements you identify are for you to create).

You will then plan, execute and document a penetration test of the given web application, following a formal methodology. Which methodology you choose is up to you, but you must give a brief rationale as to why you have selected it. The report will also include details of both successful and unsuccessful tests. There should be sufficient detail for another tester to reproduce your findings.

CTEC3410 Web Application Penetration Testing Penetration Test Coursework Specification

Finally, you have to prepare an Executive Summary of your findings and the implications to the business, remembering that the target reader, the CEO, is not technically capable. Please note that the coursework is to assess your abilities in finding and documenting vulnerabilities using only port 80 and or port 443, ie via web-page forms or the address box. Platform You will need to download a compressed file (ctec3410_victim.vmware.zip) from the Lecturer drive – ie the same directory from which you downloaded the lab virtual machine. The compressed file contains a Virtual Machine which implements a complete operating system hosting a web-application accessible via a browser on port 80. You will need VM Player (or VM Workstation) to run the Virtual Machine containing the web-application. VM
Player is available to download from:
 http://downloads.vmware.com/d/info/desktop_end_user_computing/vmware_player/4_0
 https://vmware.dmu.ac.uk/

Sections
The workflow is divided into three main sections:
Process 1 – Planning
To aid in planning for the pentest, you will need to start by creating a scoping contract document that defines the shape and process of the pentest. This needs to briefly summarise the extent and limitations of the pentest. Remember that this is a legal document that gives you permission to perform the test. You will also need to select a pentest methodology. Process 2 – Implementation Your investigation may or may not discover any problems with the web-site. However, you must ensure that you have thoroughly documented all processes used in your investigations.
Process 3 – Reporting You have to submit (via Turnitin) a single PDF file containing three documents:

Scoping Contract
• Legal document outlining the expectations and limitations of the pentest. This should contain clauses that include all of the details discussed, and should be a maximum of 600 words.

Technical Report
• Brief rationale of the chosen methodology.
• The report of the implementation stage comprising:
 discussion of the processes undertaken to complete the investigation
 brief descriptions of the tools used and the commands implemented
©cfi/dmu 2
ctec3410_wapt_2021-2022_coursework-specification
CTEC3410 Web Application Penetration Testing
Penetration Test Coursework Specification
 discussion of the vulnerabilities discovered
 explanation as to how the vulnerabilities were exploited
• The technical report should be a maximum of 3000 words
 not including appendices.
 NB extra details can be included as appendices.

Executive Summary
• a brief summary of the vulnerabilities you uncovered and recommendations for mitigation, together with likely cost areas and times, couched in non-technical terms, suitable for a busy MD or CEO who is technically illiterate. This summary should be a maximum of 400 words. Submission
You have to submit the three documents as a single PDF file via the Turnitin link. Each document should be standalone, ie there can be no cross referencing between the documents. You must display the word count for each on the cover page.
• Document 1: Scoping Contract – maximum 600 words
• Document 2: Technical Report – maximum 3000 words
• Document 3: Executive Summary – maximum 400 words
The Technical Report document will include (as a minimum) an introduction, summary and reference/bibliography. Ensure all imported/referenced material is correctly cross-referenced with a recognised methodology. Diagrams/screenshots should also be labelled and
referenced. See the Coursework Specification Coversheet document for date and time of submission.

Notes
• Read this specification in conjunction with the marking scheme, available as a
separate document.
• Always attempt to implement exploits against any vulnerability you discover.
• Make copious notes of everything that you do. It will make writing the report easier.
You should include these notes as an appendix to your report document.
• Take screenshots as you progress. Use these to illustrate your report.
• Credit will only be given for exploits accessed via ports 80 and/or 443.
• If you work as a pair, only one of you needs to submit a the report.
◦ However, you must make it very clear with whom you completed the work.
NB There is an assumption that each partner has contributed equally. If this is not the case,
please include an appendix to your report detailing who has done what.
After reading this coursework specification, I strongly suggest you make yourself a checklist of the submission requirements.
©cfi/dmu 3
ctec3410_wapt_2021-2022_coursework-specification

Order Now

Get expert help for CTEC3410 Web Application Penetration Testing Assignment and many more. 100% safe, Plag free, Order Online Now!

No Fields Found.
Universal Assignment (February 1, 2023) CTEC3410 Web Application Penetration Testing. Retrieved from https://universalassignment.com/ctec3410-web-application-penetration-testing/.
"CTEC3410 Web Application Penetration Testing." Universal Assignment - February 1, 2023, https://universalassignment.com/ctec3410-web-application-penetration-testing/
Universal Assignment July 9, 2022 CTEC3410 Web Application Penetration Testing., viewed February 1, 2023,<https://universalassignment.com/ctec3410-web-application-penetration-testing/>
Universal Assignment - CTEC3410 Web Application Penetration Testing. [Internet]. [Accessed February 1, 2023]. Available from: https://universalassignment.com/ctec3410-web-application-penetration-testing/
"CTEC3410 Web Application Penetration Testing." Universal Assignment - Accessed February 1, 2023. https://universalassignment.com/ctec3410-web-application-penetration-testing/
"CTEC3410 Web Application Penetration Testing." Universal Assignment [Online]. Available: https://universalassignment.com/ctec3410-web-application-penetration-testing/. [Accessed: February 1, 2023]

Please note along with our service, we will provide you with the following deliverables:

Please do not hesitate to put forward any queries regarding the service provision.

We look forward to having you on board with us.

Get 90%* Discount on Assignment Help

Most Frequent Questions & Answers

Universal Assignment Services is the best place to get help in your all kind of assignment help. We have 172+ experts available, who can help you to get HD+ grades. We also provide Free Plag report, Free Revisions,Best Price in the industry guaranteed.

We provide all kinds of assignmednt help, Report writing, Essay Writing, Dissertations, Thesis writing, Research Proposal, Research Report, Home work help, Question Answers help, Case studies, mathematical and Statistical tasks, Website development, Android application, Resume/CV writing, SOP(Statement of Purpose) Writing, Blog/Article, Poster making and so on.

We are available round the clock, 24X7, 365 days. You can appach us to our Whatsapp number +1 (613)778 8542 or email to info@universalassignment.com . We provide Free revision policy, if you need and revisions to be done on the task, we will do the same for you as soon as possible.

We provide services mainly to all major institutes and Universities in Australia, Canada, China, Malaysia, India, South Africa, New Zealand, Singapore, the United Arab Emirates, the United Kingdom, and the United States.

We provide lucrative discounts from 28% to 70% as per the wordcount, Technicality, Deadline and the number of your previous assignments done with us.

After your assignment request our team will check and update you the best suitable service for you alongwith the charges for the task. After confirmation and payment team will start the work and provide the task as per the deadline.

Yes, we will provide Plagirism free task and a free turnitin report along with the task without any extra cost.

No, if the main requirement is same, you don’t have to pay any additional amount. But it there is a additional requirement, then you have to pay the balance amount in order to get the revised solution.

The Fees are as minimum as $10 per page(1 page=250 words) and in case of a big task, we provide huge discounts.

We accept all the major Credit and Debit Cards for the payment. We do accept Paypal also.

Popular Assignments

Assessment 4: Tableau Dashboard and Report

Issued:                Monday of Week 4 Due:                     11:59PM (local Time) Wednesday of Week 7 Weight:                60% Report Length: 1500 – 4000 words + Tableau *.twbx file Overview During this assessment you will produce an interactive Tableau Dashboard and an accompanying report detailing the planning of the Tableau Dashboard. Background Tableau dashboards

Read More »

Assessment 3: Critical Review of a Tableau Dashboard

Issued:                Monday of Week 1 Due:                     11:59PM (local Time) Sunday of Week 5 Weight:                20% Length:               5-10 minutes (approx. 500-3000 words) Overview During this assessment you will produce a video presentation critically reviewing a Tableau dashboard from a design planning and communication perspective. Background Tableau dashboards are used extensively for

Read More »

Wireless Communication Engineering Assignment Help

Looking for Wireless Communication Engineering Assignment Help? If you are looking for wireless communication engineering assignment help, just get it quickly online! The good news is that you no longer need to chase your professors around with confusion about assignments. Nor do you have to stress out as chase that

Read More »

Assessment 2: Planning and Creating Static Visualisations

Due:                     11:59PM (local Time) Sunday of Week 3 Weight:                20% Length:                1000-2500 words Overview During this assessment you will produce written report detailing the planning and creation of three static visualisations derived from a data table. In this assessment, the quality of the presented visualisations is not assessed, only the

Read More »

Nursing Healthcare Case Study Assignment Help

ASSESSMENT ITEM 2: DESCRIPTION Shared decision-making is a model for clinical practice which includes patients’/clients’ values and preferences and supports them to make decisions about their own care and treatment options in collaboration with their healthcare team (Geddis-Regan et al., 2020). A patient’s/client’s culture affects the way they understand health

Read More »

BSBCRT311 Apply Critical Thinking Skills in a Team Environment

Table of Contents Table of Contents…………………………………………………………………………………………………………………. 3 About the Business Services Training Package…………………………………………………………………………………………………………………. 4 About this Unit of Competency……………………………………………………………………………………………………………… 6 Chapter 1: Prepare to Address Workplace Problem…………………………………………………………………………………………………………………. 7 ………………………………………………………………………………………………………………………………………… 8 Key Points: Chapter 1…………………………………………………………………………………………………………….. 30 Chapter 1 – ‘True’ or ‘False’ Quiz……………………………………………………………………………………………………………. 31 Chapter 2: Evaluate Solutions for Workplace Problem…………………………………………………………………………………………………………………

Read More »

BSBCRT311 Apply critical thinking skills in a team environment

WORKPLACE PROJECT TASK   Student details  Student name  Student email address  Assessment Details  About this task  This workplace project requires you to use critical thinking to resolve two typical problems in the workplace.   This assessment includes the following tasks:  Task 1: Workplace Problems  Task 2: Self-reflection  You will need 2 participants who

Read More »

BSBCRT512 Originate and Develop Concepts

Contents Section 1: Scoping a relevant issue. 5 Section 2: Generating and evaluating solutions. 8 Section 3: Concept finalisation. 11 Student name:   Assessor:   Date:   Business or Community/Social group this assessment is based on:   Documentation reviewed as preparation:   Job role assumed for this assessment:   Section

Read More »

EMS5RCE – Risk Engineering (2022)

Assignment 2 Due Date: 13th February 2023, 23:59PM 1        Outline You have been tasked to evaluate the risks associated with moving from a traditional construction method for constructing concrete formwork (such as precast), to an advanced method that will be designed to take advantage of additive and/or automated and digital

Read More »

NIT3171 ICT Business Analysis & Data Visualization

Individual Assignment – Business Analysis Case Study (Stage II – 35 marks weighing 35%) Report Submission Date (through the dropbox): (10% will be deducted for each day of delay) Presentation (5 minutes each) 10 Marks: In this assignment, a Melbourne housing dataset is given to you to apply data mining

Read More »

HSC ECONOMICS The Global Economy

HSC ECONOMICS  Assessment Notification: Task 1 Subject: Economics Topic The Global Economy Nature of Assessment Task Oral presentation with a written component Weighting 25% Teacher Ms R Ali Date of Notification Term :4 Week 5A  (2022) Due Date Term 1 (2022), Week 7A,Friday (written component) and Week 8B(Oral component)  

Read More »

Behaviour & Environment Case Study

Section 1: Overview of Issue of Human-Environment Relations & Proposed Intervention (Delete this and enter your text for this section here) Section 2: Identify all key stakeholders: (Delete this and enter your text for this section here) Section 3: Explain how the Intervention Strategy should be implemented (Delete this and

Read More »

Assignment BMSC Pharmacology Breakdown

  Section Word Limit Marks Research Time Writing Time Description Clarity N/A 5 10 mins 1 hr sentence structure; typographical errors; scientific style Reference N/A 5 20 mins 40 mins correct use of referencing style and in text citations; typically 5-10 references depending on the topic/experimental platform and drugs used

Read More »

Assessment Task 3: Portfolio Output 3

This task requires you to create a blog post and a 3-4 minute edited video that critically and creatively responds to one of the Digital Media Contexts from weeks 7-10 (this must be a different topic from what you chose for Portfolio Output 2). Your video is to be embedded

Read More »

Formulae Sheet

Formulae Sheet Current ratio Current assets Current liabilities     Quick ratio or acid test Cash + marketable securities + net receivables Current liabilities     Current cash debt coverage Net cash provided by operating activities Average current liabilities     Receivables turnover Net sales Average net trade receivables  

Read More »

Cashflow and Financial Analysis

Assessment Task: 20% Cashflow and Financial Analysis – Template IMPORTANT:  Preparing the cashflow statement and financial analysis template. The template is prepared to satisfy all the assignment business’s so there may be extra line items in the template. To submit the cash flow statement, you need to use the template

Read More »

Cashflow and Financial Analysis – Ship’em In&Out

Assessment Task: 20% Cashflow and Financial Analysis – Ship’em In&Out IMPORTANT:  Preparing the cashflow statement and Financial analysis To submit the cash flow statement, you need to use the template document in CANVAS. The template is prepared to satisfy all the assignment business’s so there may be extra line items

Read More »

Pros and Cons of Chat GPT Assignment Help

How great is Chat GPT Assignment Help? Chat GPT Assignment help is definitely an incredible possibility for students. It is a technological advancement that can generate essays and articles on a massive range of topics. Moreover, you can just ask any question, and you will get your answer right away.

Read More »

Question 10 – REPORTS

Complete the table below, by listing three types of financial reports that are produced in your workplace. Type of Report Content of Report Frequently of Report                  

Read More »

Question 9 – BUSINESS RECORDS

Work through the following table and indicate whether each record should be kept or destroyed. Detail the reason for your answer and how long the record should be kept (for example, legislation requirement – retain for five years). Record Keep – Yes or No Reasons Suppliers Invoices     Employee

Read More »

Question 6 – BUSINESS ACTIVITY STATEMENT

Using the following information, complete the Business Activity Statement, you may need to refer to the ATO website to help you complete. Download and complete the Business Activity Statement (BAS). It can be found separately on the course page.

Read More »

Question No 5 – BREAKEVEN ANALYSIS & MOVING

AVERAGE Activity 5.1 – Break-even Answers A. B.   Manage 8 Buildings Manage 10 Buildings Manage 15 Buildings Manage 20 Buildings Manage 25 Buildings Income           Less Variable Costs           Less Fixed Costs           Total Cost    

Read More »

Question 3 – Depreciation

You are the Licensee-In-Charge of Hope & Murphy Real Estate and wish to purchase computers for your new office in the CBD. Using the information below: Office fit out                      $120,000 Assets effective Life          4 years Purchase Date                  1st July STRAIGHT-LINE METHOD CALCULATION Years 1 to 4 – JOURNAL ENTRIES DEPRECIATION                                               

Read More »

Question 1 – PROFIT & LOSS AND BALANCE SHEET

Please note: Editing has been restricted in this document. From the information provided below, complete the following table: Account Name Classification Profit & Loss or Balance Sheet Amount Pay Superannuation Expense Profit & Loss $117,325 Pay Mobile Phone     $7,500 Pay Office Rent     $65,000 Land & Buildings

Read More »

Case Study – WORLDUCATION

Worlducation is a social startup that manufactures tablet computers for primary school students. They not only focus on the hardware, but they also have a competitive team creating software, content and activities to better engage and educate the students. Worlducation aims to change the way children learn at school by

Read More »

Can't Find Your Assignment?

Open chat
1
Free Assistance
Universal Assignment
Hello 👋
How can we help you?