This project involves performing penetration testing on the production ecommerce Web server to find and fix any vulnerabilities. The scope of the project includes credit card transaction processing (CCTP), pentesting all web servers and Apache Web Server. Cyber Intrusion detection will help the company recognize the server’s ability to differentiate and respond to attacks. The potential business and operational negative effects of successful attacks are also being assessed. Report and documentation authors, project managers, data analysts, ethical hackers, network specialists, database and explanation experts and chief penetration tester are all key stakeholders.
Objectives and targets
Pentesting is a strategy to protect credit card transactions, the Apache webserver which runs the ecommerce web server application and the UL10.4 LTS server. The key goals and objectives for pentesting are the following:
1. To protect customers’ financial data
2. To secure Ubuntu Linux 10.04 LTS server
For the protection of Apache Web servers
4. Find security holes in production e-commerce website server
To ensure that the project is successful, there would be many actions. Each phase would have its own set of activities. The four-stage project structure will be broken down. Planning and consultation are two of the phases. While the first phase involves consultation and planning, the second includes information collection and reconnaissance. Meanwhile, the third phase includes planning enumeration as well as vulnerability scanning. The last step will include making recommendations and doing an analysis (Al Shebli & Beheshti, 2018). As the first step, you will need to identify the principal aims and goals of pentesting, evaluate legal and contractual requirements, as well as ensure that all examples are covered by strict non-disclosure agreements. The first phase also includes a discussion about the risks and finalization of plan’s scope. Key stakeholders are invited to participate in the process. Finally, approval of pentest plan is given. The project’s scope includes CCTP penetration testing of all web servers and Apache Web Server.
Phase 2 includes gathering public information, finding out the details of the target, as well as obtaining data from outside sources. An attack strategy is implemented to cause the malign assault. It would aim to collect as many details about the system and network as possible. This information could include everything from network topology, IP addresses, and addresses of employees. The third phase will include activities such as scanning the target network and identifying devices, identifying services, examining logs, scanning devices, and discovering vulnerabilities (Almubairik & Wills, 2016). The target network will be scan using dynamic and static analyses. Dynamic analysis involves examining the code of an application in its running state. This is crucial for providing a live view on application performance. Static analysis will inspect an application’s code to see how it behaves while in use.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
