14 May CASE STUDY ASSIGNMENT
Case Study Assignment
5.1 Web Application Vulnerability Detection
As an experienced IT Security Professional, you have been given the project to develop a demonstration model to prove you are competent to be able to utilise a wide range of security and forensic tools and techniques to discover vulnerabilities in typical web applications that your clients and customers might typically use. You are to
a) Write a concise technical report (2000 words) documenting how to successfully install, configure and test a “sample” vulnerable computer system which will incorporate at least 3 of the “Top 10 OWASP Web Application Vulnerabilities” and show how both commercial vulnerability scanning tools and open source tools can be used to detect these vulnerabilities. An important part of the exercise is that you are expected to show in addition how they can be successfully mitigated against. Report should be written in a 3rd Person.
b) Produce a short animated computer screen video using either commercial, open source or freeware tools of how you used a variety of commercial and/or open source tools from particular forensic toolkits or security frameworks to detect vulnerabilities from the selected vulnerable systems.
A vulnerable system must be selected and justified along with a suitable penetration testing environment to be implemented.
You are required to produce a virtual environment with a minimum of three virtual machines as documented above and report on at least 3 of the top 10 vulnerabilities that you can discover with both conventional penetration tools such as NMAP, Backtrack(Kali), VMARE etc and/or commercial vulnerability test tools such as SAINT, to determine the vulnerabilities and present possible mitigating actions or fixes to the top 3 issues you discover. It is required that you document your findings in terms of a test plan with evidence of how the vulnerabilities were discovered and how they should be mitigated against.
The OWASP Top 10 vulnerabilities can be found at
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
and are summarised over the page.
Assessed work within this range attracts such marks because it demonstrates:
• Analysis at a penetrating level, fluently at ease with the topic.
• Arguments which are based on persuasive evidence and are lucid, coherent and convincing.
• Communication which is fluent and well-organised; if written it will be highly coherent and free of solecisms.
• Research which shows strong evidence of a full exploration of key issues and a critically incisive engagement with relevant secondary issues.
• Presentation which is almost entirely error-free and conforms to acceptable conventions of good scholarly practice (referencing, bibliography, footnotes etc.)
Report Marking Criteria
1. Evidence and Documentation of Virtual Testing Environment (10%)
2. Depth of analysis and understanding of security testing issues (including test plan) (15%)
3. Relevance of security issues found (15%)
4. Prioritisation of vulnerabilities found (!5%)
5. Research into possible exploit mitigation (15%)
6. Report Presentation/Quality (3 rd Person) (10%)
Bonus Marks Examples (10%)
1. Extra Mile References used throughout reports (Harvard Referencing)
2. Supporting evidence of testing, results and operation (hint: graphs, scans and device output)
3. Professional looking documentation (formal report format)
4. Clear and concise configurations with annotation.
Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.
About Writedemy
We are a professional paper writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework. We offer HIGH QUALITY & PLAGIARISM FREE Papers.
How It Works
To make an Order you only need to click on “Order Now” and we will direct you to our Order Page. Fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Are there Discounts?
All new clients are eligible for 20% off in their first Order. Our payment method is safe and secure.