Scribd Logo
Upload

Welcome to Scribd!

  • 226 views

    Problem 2.4.1-Ecommerce Enrichment Plan of Action-Please Answer All of The Following Before You (And Your Partner) Begin Your

    Uploaded by

    Alonzo Gudino
    1. The document outlines a plan to perform a security assessment of a client's e-commerce website and web server. 2. Steps include identifying the web server, testing for vulnerabilities, documenting results, and providing recommendations to improve security. 3. The implementation section describes generating a report of the assessment findings, including screenshots of test results and vulnerabilities found, along with scripts to address any issues.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Problem 2.4.1-Ecommerce Enrichment Plan of Action-Please Answer All of The Following Before You (And Your Partner) Begin Your

    Uploaded by

    Alonzo Gudino
    226 views4 pages
    1. The document outlines a plan to perform a security assessment of a client's e-commerce website and web server. 2. Steps include identifying the web server, testing for vulnerabilities, documenting results, and providing recommendations to improve security. 3. The implementation section describes generating a report of the assessment findings, including screenshots of test results and vulnerabilities found, along with scripts to address any issues.

    Original Title

    CyberSecFinal2021Fall FINAL

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    1. The document outlines a plan to perform a security assessment of a client's e-commerce website and web server. 2. Steps include identifying the web server, testing for vulnerabilities, documenting results, and providing recommendations to improve security. 3. The implementation section describes generating a report of the assessment findings, including screenshots of test results and vulnerabilities found, along with scripts to address any issues.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    226 views4 pages

    Problem 2.4.1-Ecommerce Enrichment Plan of Action-Please Answer All of The Following Before You (And Your Partner) Begin Your

    Uploaded by

    Alonzo Gudino
    1. The document outlines a plan to perform a security assessment of a client's e-commerce website and web server. 2. Steps include identifying the web server, testing for vulnerabilities, documenting results, and providing recommendations to improve security. 3. The implementation section describes generating a report of the assessment findings, including screenshots of test results and vulnerabilities found, along with scripts to address any issues.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    of 4

    Name(s): Alonzo Gudino

    Problem 2.4.1-ECommerce Enrichment

    Plan of Action- Please answer all of the following before you (and your partner) begin your
    assignment(s):

    Identify
    1 . Web server: How will you determine that the customer's information architecture is
    sufficient? I will ask to create a new account if they haven’t already, and encrypt their data so only
    the employee and customer can see it.
    2 . In other words, how will you determine whether their public and private data are sufficiently
    isolated from one another? I will ask them security questions, and have their info backed up on a
    private server.
    3 . How will you determine whether the hosts are configured and secured properly? Make sure
    they will have protected firewalls, strong passwords, make sure the website itself has safety
    features
    4. Website: The website is provided for you; how will you identify any vulnerabilities or
    verify that it's secure? I will check for vulnerabilities within the code, and test it to see how it
    runs to determine how specific attacks will affect it
    Detect
    5. Web server: How will you test the security of the web server software? I will use different types
    of methods, like the brute force method, SQL injections, and XXS to test its security.
    6. What tests can you perform in the browser to expose any security problems? (Refer to
    Lesson 2.2 if necessary.) I can try inputting a mac address to try and expose problems
    7 . Website: How will you test the security of the customer's website? (Refer to Lesson 2.3 if
    necessary.) I will test for and find any exploits within the website so I can come up with a
    countermeasure on how to deal with it.
    8. What exploits should you perform to test the site? I will use SQL injection, XXS exploits, disable the
    fire wall
    9. How will you record the results of a test? I will use Wireshark to see the results, and come up with a
    countermeasure.
    10. How can you use Wireshark to record the URL causing the problem to show that your pen
    test is valid? You can read the info from the packets
    Protect
    1 1 Web server: How will you recommend securing the web server software? (Refer to
    Lesson 2.2 if necessary.) I will use ISS to remove any and all exploits
    12What are some features and services provided by the server that might pose security
    risks? SMPT, captcha protection, and SQL
    13. What are the specific security measures you recommend to secure the server? I will use ISS
    14 Website: How will you recommend securing vulnerable web pages? (Refer to Lesson 2.3
    if necessary.) I will identify webpages with exploits and identify that exploit.
    15. What coding practices do you recommend?
    Respond with a Report
    16. How will you provide evidence of your pen test results? I will write a report on my results and take
    screenshots
    17. How will you provide recommendations to secure the server? I will inspect the server and based
    on my results from the pen testing, determine what needs to be done to secure it
    18.How will you document exploited web pages, the evidence of the test in
    Wireshark, and the recommended script that fixes the exploit?
    I will write a detailed report with screenshots to document and provide evidence
    Implementation- Time to put your plan into action. During your pen test, please identify the web
    server host, determine firewall liS configurations, and test for exploited web pages.
    Document your findings in a pen test report for your customer, Bikes, Boards, and Beyond.

    YOUR REPORT SHOULD INCLUDE ALL OF THE FOLLOWING INFORMATION:


    Briefly describe the tasks you perform.
    • Using the Connections folder
    o Identify which machine hosts the web server. What is it?
    o Use the shortcut to access the pen test site with the credentials
    admin/password. What do you see?

    • '·;" · · · Include screenshots of your test results. The customer should be able to
    review all tests, the results of the tests, and recommended actions you suggest.
    Specifically, you should document the following screenshots:
    o For the web server:
    • Evidence from browser tests that show the web server
    software is securely configured (or not). Documentation:
    • Server Manager configurations showing any relevant security
    features that need to change to secure the server.
    Documentation:
    o For the website:
    • The web page(s) that contain an exploit. Any page you
    encounter can contain any of the four exploits:
    • Command execution:
    • SQL injection:
    • XSS reflected:
    • XSS stored:
    • Wireshark showing the packets containing the exploited
    URL(s). Documentation:
    • The high-security script(s) that fix the exploit, matched to the
    correct exploit. Documentation:

    PLEASE TYPE YOUR FORMAL REPORT IN THE SPACE BELOW: The machine being used is
    TargetWindows01 and the website has free coupon codes and gives you a return policy. There is
    also a message board for any comments as well as retrieve order box for your orders. For the
    webserver, I had databases and backup files created. The server manager does not show any security
    features that need to be changed, so therefore, the security is up to date. For the website, wireshark
    captured the exploited packets, but the issue has now been fixed with high security scripts.

    You might also like