Option #1: Attack and Penetration Test Plan
Prepare a written proposal for the penetration test plan that describes your firm's approach to performing the penetration test and what specific tasks, deliverables, and reports you will complete as part of your services.
Scenario: You are the owner and operator of a small information security consulting firm. You have received a request from one of your clients, Infusion Web Marketing, to provide a written proposal for performing a penetration test on the company's production Web servers and corporate network.
Environment:
Scope
Production e-commerce Web application server, thee-commerce Web application server is acting as an external point-of-entry into the network:
Ubuntu Linux 10.04 LTS Server (TargetUbuntu01)
Apache Web Server running the e-commerce Web application server
Credit card transaction processing occurs on all web servers.
Intrusive or Non-Intrusive
Intrusive. The test will include penetrating past specific security checkpoints.
Compromise or No Compromise
No compromise. The test can compromise with written client authorization only.
Scheduling
Your penetration testing plan should be two to three pages in length and should discuss and cite at least three credible or academic references other than the course materials. The Library is an excellent place to search for credible academic sources. Document and citation formatting should be in conformity with Guide to Writing and APA Requirements.