Building your scenario [3 marks]
‹ Each of you will need to build their own scenario for a company.
‹ Your scenario must have the following requirements:
- Yourscenariopublicwebsiteis https://cwscenario.site/ – ONLY TO CONDUCT OSINT
- Adatabaseandwebservices
- Users
‹ You should define the following assumptions for your scenario:
- Type and size of business:
- itcouldbeanytypeofbusinessaslongasyoudefine
- Thisisimportantasitwillalsodefinethetypeofusersanddataforyourinformationsystem
- Forexample:Aschool,anestateagent,anengineeringcompany,.
- Thesizeoftheorganisationisimportantasitwilldictatehowmanyusersthereare,wheredotheyaccess,.
- Forexampleabusinesscanbeastartupwith10usersworkinginoneoffice,asmallschoolwith20teachersand200studentsoramulti-nationalcompanywiththousandsof
- Type of data:
- Thetypeofdataisrelevanttothebusinesstypeyou
- Forexampleaschoolwillholdinformationabout theThis couldbefinancialinformation,personalinformationormarksandprogress records.
- Thetypeofdatatheorganisationholdswilldictatethetypeofcontrolsyouputtoprotectyour
- Type of users:
- Thetypeofusersisrelevanttothebusinesstypeyou
- Forexampleaschoolcanhaveteachersandparentsas
- Thetypeofuserstheorganisationhavewilldictatehowcomplexaccessingyoursystem
- itcouldbeanytypeofbusinessaslongasyoudefine
- Thisisimportantasitwillalsodefinethetypeofusersforyourinformationsystem
- Forexample:Aschool,anestateagent,anengineeringcompany,.
‹ The idea for each of you to have your own scenario is because, although you are all conducting the same activities, the impact of those activities on users in an E-Commerce business, for example, is different than the impact of those activities on users in a hospital.
- InanE-Commercebusiness,alltheCIAtenetsareimportant;however,thereisnoriskoflifeifanygetsviolatedatsomeForexample,theconfidentialityofcustomers’dataisimportantandvaluable.Integrityisalsocrucialsinceyouwanttoensurethatbusinesstransactionsarevalidandgenuineatalltimes.Availabilityisimportantbecauseifusersloseaccessforsometime,theymightgoandconducttheirE-Commercebusinesssomewhereelse,leadingtoalossofbusinessforthecompany.
- Inahospital,alltheCIAtenetsarecritical!Confidentialityofpatients’data,integrityofthatdata,andthesystemmustbeavailableatalltimes!
‹ Below is a scenario example with all the assumptions and requirements defined.
My company was hired to conduct a penetration test for a medium sized estate agent company with many branches across the UK. Their web application allows their potential customers to search for properties and book appointments. The website does not hold any financial data for the properties owners but stores personal information for potential customers who are interested in a property. Staf can access the web application to manage properties on the web application. Staf receive potential customers enquiries by email. Staf credentials are stored on the database.
‹ You must not use the same example for your assignment.
Requirements and Deliverables
- OSINT Activities
‹ Show two examples of your Open-Source Intelligence (OSINT) investigation activities you have carried out on your scenario example. [3 marks]
‹ Research and evaluate how OSINT can be effective and explain why it is one of the first activities that penetration testers carry out. [3 marks]
‹ Scenario assessment: In your opinion, how dangerous are the information you were able to obtain for your allocated scenario [2 marks]
- Website Reconnaissance
‹ Show some of the information you were able to obtain simply by browsing the applications in the lab and observing and analysing code and transactions. [3 marks]
‹ Scenario Assessment: Explain how the information obtained by observing and analysing the web applications can be used at a later stage to exploit the company’s web services. Provide an example of information that can be relevant to your scenario. [2 marks]
- Port Scanning and Enumeration
‹ Show that you have identified the ports you found in the lab running on the server machine. [3 marks]
‹ Research and explain what an open port means and identify threats an open port can potentially causes? [3 marks]
‹ Scenario assessment: Explain the threats of the open ports you have identified when carrying the port scanning and how dangerous they are for your scenario and the data your scenario company holds. [3 marks]
- Server side exploits
- Data tampering
‹ Identify if the application is vulnerable to data tampering and exploit it if possible. [3 marks]
‹ Briefly research and explain data tampering vulnerability. Which Cyber Security tenet this vulnerability violates? [2 marks].
‹ Scenario assessment: What is the vulnerable information for data tampering that attackers can obtain when this activity is carried out and how dangerous they are for your scenario? [2 marks]
- SQL injection
‹ Identify if the application is vulnerable to SQL injection and exploit it if possible. [3 marks]
‹ Briefly research and explain SQL injection vulnerability. Which Cyber Security tenet this vulnerability violates? [2 marks].
‹ Scenario assessment: What is the information that attackers can obtain when this activity is carried out and how dangerous they are for your scenario? [2 marks]
- XSS Scripting
‹ Identify if the application is vulnerable to XSS vulnerability and exploit it if possible. [3 marks]
‹ Briefly explain XSS scripting vulnerability. Which Cyber Security Tenet this vulnerability violates? [2 marks].
‹ Scenario assessment: What are the information that attackers can obtain when this activity is carried out and how dangerous they are for your scenario? [2 marks]
- Other vulnerabilities
‹ OWASP vulnerable machine contains several other vulnerabilities that can be exploited. Identify two other vulnerabilities you were able to identify in the vulnerable machine. [2 marks]
‹ Scenario assessment: Research and investigate their threats for your scenario and identify which Cyber Security tenet these vulnerabilities violate? [2 marks]
- Cryptanalysis attack
‹ Show how you can conduct cryptanalysis on your scenario environment. [2 marks]
‹ Scenario assessment: What is the impact of cryptanalysis impact on your scenario if successful? [2 marks]
- Client side exploits
- ManintheMiddleAttack(MiTM)
‹ Show how the attacker can capture traffic from a session between a genuine user and the server side of the application. [3 marks]
‹ Scenario assessment: What is the information that attackers can obtain when this activity is carried out and how dangerous they are for your scenario? [3 marks]
- Socialengineeringattack
‹ Show how an attacker can lure a normal user of the server to your computer instead of the server machine. [3 marks]
‹ Scenario assessment: What is the information that attackers can obtain when this activity is carried out and how dangerous they are for your scenario? [3 marks]
- Denial of Service attacks
- DoSthewebserver
‹ Show how an attacker can carry on a denial of service attack on the web server. [2 marks]
‹ Which Cyber Security Tenet this vulnerability violates? [1 mark]
‹ Scenario assessment: What is the impact of this attack on your scenario company? [2 marks]
- Threats mitigation techniques & recommendations
- Brieflyresearchwhatyoucandotominimisethethreatstothefndingsinthereconnaissancephasewhenyoutestedthewebapplicationinsection2.[2marks]
- Brieflyresearchhowtopreventyourcompany’sserversfromrevealingtoomuchinformationwhenanattackerconductsscanningandenumeration,similartotheactivitiesinsection3.[2marks]
- BrieflyresearchandexplainhowtoprotectyourdatabaseagainstSQLinjectionexploitedinsection2.[3marks]
- BrieflyresearchandexplainhowtoprotectyourwebapplicationagainstcrosssiteScriptingattacksexploitedinsection3.[3marks]
- Brieflyresearchandexplainhowtoprotectyourwebapplicationagainstcryptanalysisattacksexploitedinsection5.[3marks]
- Investigatewhatactivitiesasecurityanalystcancarryouttoprotect,oratleastminimizetheimpactofManintheMiddleattackcarriedoutinsection1[2marks]
- Researchtheworkthatcompaniesshoulddotoensurethattheirusersdonotfallvictimstosocialengineeringattackssimilartotheattackyoucarriedoutinsection2.[2marks]
- Researchandexplainwhatcompaniesdotoprotecttheir webservicesagainst aDoSattacksimilartotheoneyouhavecarriedoutinsection1.[2marks]
- IntrusionDetectionandPreventionsystems
‹ Explain the differences between Intrusion Detection System IDS and Intrusion prevention System IPS. [3 marks]
‹ Scenario assessment: Suggest a recommendation for the scenario you have in hand and justify your answer. [2 marks]
Learning Outcomes
The following Learning outcomes will be addressed in this assignment:
‹ LO3 Evaluate security architecture and design and provide the means to enhance operation security;
‹ LO4 Examine cryptography protocols and vulnerabilities and identify attack vectors to exploit them;
‹ LO5 Synthesise emerging trends through engagement and analysis with current research.
Instructions
‹ You should not exceed 5000 words in total excluding references page and any appendix you can include.
‹ References should follow Harvard referencing.
Section | Questions | What needs to be done | Max Mark |
Scenario | You will need to provide a fictional scenario that meets all the requirements. Your scenario public address will be cwsccenario.site and the private services are the OWASP server. | 3 | |
A- Information gathering | OSINT activities | You will need to give two examples of OSINT activities you have done. It is essential to show their relevance to your scenario. For this section, you will need to use the example domain. | 3 |
Research and evaluate how OSINT can be effective and explain why it is one of the first activities that penetration testers carry out. | 3 | ||
Scenario assessment: In your opinion, how dangerous is the information you were able to obtain for your allocated scenario? | 2 | ||
Reconnaissance | You will need to show various information you were able to identify and obtain by carrying out your reconnaissance activities. | 3 | |
Scenario assessment: You need to identify and explain how a malicious actor can use the information obtained to exploit the company’s web services. It is essential that you give examples of information that you were able to identify that will be relevant to your scenario. | 2 | ||
Port Scanning and Enumeration | Show by the mean of screenshots and a brief explanation what are the ports that are used by the server you are carrying out the assessment on. | 3 | |
Research and explain what an open port means and identify threats an open port can potentially causes. This question requires you to use external sources to justify your answer. | 3 | ||
Scenario assessment: This question requires to identify threats of open ports that are relevant to your scenario. Explain what the threat can potentially lead on your company’s web services and your scenario. | 3 | ||
B- Server-side exploits | Data tampering | Identify if the application is vulnerable to data tampering and exploit it if possible. | 3 |
Briefly research and explain data tampering vulnerability. Which Cyber Security tenet this vulnerability violates? | 2 | ||
Scenario assessment: What is the information that attackers can obtain when this activity is carried out and how dangerous they are for your scenario? | 2 | ||
SQL injection | Identify if the application is vulnerable to SQL injection and exploit it if possible | 3 | |
Briefly research and explain SQL injection vulnerability. Which Cyber Security tenet this vulnerability violates? | 2 | ||
Scenario assessment: What is the information that attackers can obtain when this activity is carried out and how dangerous they are for your scenario? | 2 | ||
XSS Scripting | Identify if the application is vulnerable to XSS vulnerability and exploit it if possible. | 3 | |
Briefly research and explain SQL injection vulnerability. Which Cyber Security tenet this vulnerability violates? | 2 | ||
Scenario assessment: What is the information that attackers can obtain when this activity is carried out and how dangerous they are for your scenario? | 2 | ||
Identify two other vulnerabilities you were able to identify in the vulnerable machine. | 2 |
h
Other vulnerabilities | Scenario assessment: Research and investigate their threats for your scenario and identify which Cyber Security tenet these vulnerabilities violate? | 2 | ||
Cryptanalysis attack | Show how to conduct a cryptanlalysis attack on your scenario envrionmentcryptanalysis | 2 | ||
Scenario assessment: Research and investigate the danger and impact of a successful Cryptanalyis attack on your scenario and identify which Cyber Security tenet these vulnerabilities violate? | 2 | |||
D-Client-side exploits | Man in the Middle Attack (MiTM) | Show how the attacker can capture traffic from a session between a genuine user and the server side of the application. | 3 | |
Scenario assessment: What is the information that attackers can obtain when this activity is carried out and how dangerous they are for your scenario? | 3 | |||
Social engineering attack | Show how an attacker can lure a normal user of the server to your computer instead of the server machine. | 3 | ||
Scenario assessment: What is the information that attackers can obtain when this activity is carried out and how dangerous they are for your scenario? | 3 | |||
C- Denial of Service attacks | Show how an attacker can carry on a denial-of-service attack on the web server. | 2 | ||
Which Cyber Security Tenet this vulnerability violates? | 1 | |||
Scenario assessment: What is the impact of this attack on your scenario company? | 2 | |||
E- Recommendations to protect the scenario company server | Provide recommendations on how to minimise the threats of an attacker using the findings of the reconnaissance phase. There are many possible answers for this question. You will need to ensure that your answer is suitable for the scenario, and you should justify your answer. You should also cite some external sources to explain your choice. | 2 | ||
Provide recommendations on how to prevent your company’s servers from revealing too much about your infrastructure. Make sure that your answers are suitable for your scenario and are relevant to your findings in the scanning and enumeration section. | 2 | |||
Explain how SQL injection can be prevented. Use external sources. | 3 | |||
Explain how Cross site scripting injection can be prevented. Use external sources. | 3 | |||
Explain how cryptanalysis attacks can be prevented Use external sources. | 3 | |||
.Identify methods used to protect and mitigate man in the middle attack. Use external sources to explain the methods you have identified. The methods you identify should be able to mitigate the attack you have carried out in the lab. | 2 | |||
Research methods and recommendations companies should follow to protect their employees against social engineering | 2 | |||
Investigate how companies protect their web services against Denial of services attacks. You should show examples and use external sources. Make sure the recommendation you provide is relevant to the DoS attack you have carried out in the lab. | 2 | |||
Intrusion Detection and Prevention systems | Explain the differences between Intrusion Detection System IDS and Intrusion prevention System IPS | 3 | ||
Suggest a recommendation for the scenario you have in hand and justify your answer. | 2 | |||
Technical contents total: | 95 | |||
Structure and ease of read | Your document should be easy to follow and understand by readers. You should have clear references to examples to justify your choices | 5 | ||
Total | 100 | |||