Penetration Test Summary Project
Penetration Test Summary Project
To perform a thorough penetration test (pen test) on the Bikes, Boards, and Beyond website or any chosen
website, here's a detailed plan covering identification, detection, protection, and reporting:
Evidence-
The configuration of the server:
● As a pen tester, accessing the server's IIS Manager would allow me to review various configurations such as:
● Security settings: Ensure that security features like authentication methods, IP restrictions, and SSL certificates are appropriately configured.
● Port configurations: Check for open ports and services that might pose security risks.
● Access controls: Verify that access to sensitive directories and resources is restricted appropriately.
● Logging settings: Ensure that logging is enabled to capture relevant information for monitoring and auditing purposes.
If configuration changes are required, the recommended changes:
● If any security weaknesses or misconfigurations are identified during the assessment, recommended changes may include:
● Enforcing strong password policies and enabling multi-factor authentication.
● Restricting access to sensitive directories and resources based on the principle of least privilege.
● Implementing secure protocols like HTTPS and disabling outdated or insecure protocols.
● Regularly updating server software and applying patches to address known vulnerabilities.
The web page showing the results of each exploit:
● Upon successfully exploiting a vulnerability, the results can be documented by capturing screenshots or recording the behavior of the web page.
● For example, if a SQL injection vulnerability is exploited to retrieve sensitive data from a database, a screenshot showing the retrieved data can serve as evidence.
The corresponding packet activity in Wireshark:
● Wireshark can be used to capture network traffic during exploit attempts. The packet activity in Wireshark would include:
● HTTP requests containing malicious payloads or exploit attempts.
● Server responses indicating the outcome of the exploit, such as error messages or unexpected data.
● Analyzing the packet activity in Wireshark helps validate the effectiveness of the exploit and provides evidence of the penetration test.
If an exploit is found, the web server scripts that will secure the system:
● After identifying and exploiting vulnerabilities, it's crucial to provide recommendations for securing the system. This may involve:
● Developing and implementing server-side scripts to patch or mitigate the exploited vulnerabilities.
● For example, for a SQL injection vulnerability, recommending the use of parameterized queries or input validation to prevent unauthorized database access.
● Providing sample scripts or code snippets that demonstrate how to secure the system against similar exploits in the future.
Identify
Web Server:
Review Server Configuration: Access IIS Manager to review the server's configuration, including settings related to
security, ports, and access controls.
Architecture Analysis: Assess the information architecture to ensure proper isolation of public and private data.
Verify if the hosts are properly configured and secured.
Security Checks: Perform scans using tools like Nmap to identify open ports, services, and potential vulnerabilities.
Website:
Vulnerability Assessment: Conduct a comprehensive scan using tools like OWASP ZAP or Nikto to identify common
vulnerabilities such as SQL injection, XSS, CSRF, etc.
Manual Inspection: Manually inspect web pages for security issues like improper input validation, insecure
authentication mechanisms, etc.
Testing Exploits: Utilize known exploits for common vulnerabilities and test against the website's functionalities.
Record Results: Document all identified vulnerabilities and their severity levels.
Detect
Web Server:
Security Testing: Use tools like Nessus or OpenVAS to perform vulnerability scanning specifically targeting web
server software.
Browser Tests: Use browser developer tools to inspect network requests, response headers, and JavaScript code for
any security flaws.
Wireshark Capture: Capture network traffic in Wireshark to analyze HTTP requests and responses, focusing on
potential security issues.
Website:
Exploit Testing: Execute exploits for identified vulnerabilities such as SQL injection, XSS, etc., and observe the
behavior of the website.
Record Results: Document each exploit attempt, including the URL, payload used, and response received.
Wireshark Analysis: Analyze captured packets in Wireshark to pinpoint URLs causing security problems and validate
pen test results.
Protect
Web Server:
Recommendations: Provide recommendations for securing the web server software, including patching known
vulnerabilities, disabling unnecessary services, and implementing strong access controls.
Security Measures: Recommend specific security measures such as implementing SSL/TLS, using firewalls, and
regularly updating server software to mitigate risks.
Website:
Secure Coding Practices: Recommend adopting secure coding practices such as input validation, parameterized
queries for database access, and proper session management.
Script Recommendations: Provide scripts to fix identified vulnerabilities, such as sanitizing user input to prevent SQL
injection or implementing output encoding to mitigate XSS attacks.
Report
Documentation: Provide a detailed report documenting all findings, including exploited web pages, vulnerabilities
identified, and recommended security measures.
Pen Test Results: Include evidence of pen test results, such as screenshots of configuration changes, exploit
attempts, and Wireshark packet captures.
Recommendations: Clearly outline recommendations for securing the server and website, prioritizing based on
severity and impact.
Follow-up Plan: Provide a plan for ongoing monitoring and maintenance to ensure the continued security of the
server and website.