A Penetration Tester evaluates the security of an information infrastructure by intentionally, and safely, exploiting vulnerabilities.

Penetration Testing Plan

A Penetration Tester evaluates the security of an information infrastructure by intentionally, and safely, exploiting vulnerabilities.

 

Take on the role of Penetration Tester for the organization you chose in Week 1.

 

Complete the Penetration Testing Plan Template to create a Penetration Testing Plan for the organization you chose.

 

Research/Consider and include the following:

 

• Pentest Pre-Planning

 

• Engagement timeline: Tasks and who performs them

 

• Team location: Where will the penetration team execute their tests? Team location

 

    can be the location of the teams involved with testing such as IT Operations. It’s not

 

    uncommon for teams to operate in separate locations. Therefore, for this assignment 

 

    the team location can be San Francisco, CA or it can be at the company

 

    headquarters such as Seattle, WA. This part is all fictional data so feel free to complete

 

    this portion of the assignment however you like. If you need ideas, you can look at

 

     larger public companies such as Amazon, Google, Microsoft, Apple, etc. as they tend

 

     to share a good deal of information on their websites about their organizations, office

 

     locations, corporate offices, etc.

 

• Organization locations tested: multiple locations, countries (export restrictions and

 

    government restrictions). Organization location can be the headquarters of the

 

    corporate office (e.g. Seattle, WA).

 

• Which pentest technologies will be used? Consider the following as you research

 

    options:

 

• Scanning Tools: Nmap, Nikto

 

• Credential Testing Tools: Hashcat, Medussa, John the Ripper, Cain and Abel

 

• OSINT Tools: Whois, TheHarvester

 

• Wireless Tools: Aircrack-ng, Kismet

 

• Networking Tools: Wireshark, Hping

 

• What client personal are aware of the testing?

 

• What resources provided to pentest team?

 

• Test Boundaries:

 

• What is tested?

 

• Social engineering test boundaries? What is acceptable?

 

• What are the boundaries of physical security tests?

 

• What are the restrictions on invasive pentest attacks?

 

• What types of corporate policy affect your test?

 

• Gain Appropriate authorization (Including third-party authorization)

 

• Pentest Execution Planning: Given the scope and constraints you developed in your

 

   Pentest Pre-Plan, plan the following pentest execution activities

 

• Reconnaissance

 

• Scanning

 

• Gaining Access

 

• Maintaining Access

 

• Covering Tracks

 

• Pentest Analysis and Report Planning:

 

• Analyze pentest results

 

• Report pentest results

 

• Project sponsor can be CIO, CISO, CEO, the board, etc.

 

• Business context for penetration test is a business statement for why the test is needed.

 

• Project scope description can be application testing, internal/external network testing,

 

    wifi testing, physical security testing, social engineering testing. These are common

 

   scopes for real-world penetration testing.

 

• Date prepared & prepared by are the current date and you can list your name.

 

• Organization location can be the headquarters of the corporate office (e.g. Seattle,

 

   WA).

 

• Team location can be the location of the teams involved with testing such as IT

 

   Operations. It’s not uncommon for teams to operate inseparate locations. Therefore, for

 

   this assignment the team location can be San Francisco, CA or it can be at the

 

   company headquarters such as Seattle, WA. This part is all fictional data so feel free to

 

    complete this portion of the assignment however you like. If you need ideas, you can

 

   look at larger public companies such as Amazon, Google, Microsoft, Apple, etc. as they tend to share a good deal of information on their websites about their organizations,office locations, corporate offices, etc.

 

      • Regarding the chart on page 2 in the template that contains ID, Activity, Resource,

 

    Labor, Material, & Total Cost, here’s what to consider for each:

 

      • ID: simple numbering system (1, 2, 3, etc.)

 

      • Activity: related activity or specific tasks required to complete the work

 

      • Resource: resources (tool, etc.) needed to complete the work

 

      • Labor: how much labor is required by individuals to complete the work

 

      • Material: what’s needed to complete the item

 

• The items related to the chart on page 2 are all directly related to the work required to complete penetration test activities and manage the effort. Please search the web for examples and some ideas. These numbers and information can be estimates.

 

Submit the assignment.

Collepals.com Plagiarism Free Papers

Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.

Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS

Why Hire Collepals.com writers to do your paper?

Quality- We are experienced and have access to ample research materials.

We write plagiarism Free Content

Confidential- We never share or sell your personal information to third parties.

Support-Chat with us today! We are always waiting to answer all your questions.