Premium Essay

Pen Test Plan

In: Computers and Technology

Submitted By mpatt11
Words 402
Pages 2
Megan Patterson
IS4560 Monday E1 Class
Week 1-Penetration Test Plan
June 17, 2013

Attack and Penetration Test Plan
Megan Patterson
June 17, 2013

External Penetration testing tests the security surrounding externally connected systems from the Internet, as well as within a corporate network. Controlled tests are used to gain access to Internet resources and ultimately to the DMZ, which is an internal network; by going through and around firewalls from the Internet. External Penetration Testing involves the finding and exploitation of actual known and unknown vulnerabilities from the perspective of an outside attacker. The External Attack and Penetration testing Process is as follows: * Phase 1-Discovery * Analysis * Footprint * Identify * Phase 2-Services * Ping * Map * Scan * Phase 3-Enumeration * Extract * Collect * Intrusive * Phase 4-Application Layer Testing * Manual * Depth * Blind * Phase 5-Exploit * Attack * Penetrate * Compromise

The purpose of the External Attack and Penetration testing plan is to outline on what to do for an external penetration test within a corporate network.
The goals for this plan if it is successful, is that to go ahead and deploy whatever the tester is testing after documentation has been written, saved, and reviewed by the IT staff. If the plan is not successful, then the tester needs to go through the steps of retesting the application and correcting any bugs that are present in the application.
Penetration testing will occur when any new patch, version, or new application is developed or deployed.

Lab 1 Questions 1. Formulate the plan, do some recon, launch the attack, evaluate the results, source 2. Run a scan, look at the logs 3. Ping, map 4. By that it can gain information on what goes in and…...

Similar Documents

Premium Essay

Penetration Test Plan

...Malcolm Testing Solution’s Penetration Test Plan Customer: The Fitness Club Introduction: The Fitness Club has already been victim to hacking that took place on their web server. They are unsure if this occurred due to a former administrator who quit or if by an external party. Malcolm Testing Solutions has been tasked with creating a penetration test plan to prevent further acts of attack on the Fitness Club’s network. The objective of the assessment is to provide feedback to The Fitness Club with respect to its ability to preserve the confidentiality, Integrity, and availability of the information maintained by and used by its origination. Malcolm Testing Solutions will test the use of security controls used to secure sensitive data. Services Overview: This project shall include 1 consultant for a time period of 2 days onsite at a single customer location to provide internal penetration test services. Malcolm Testing Solutions will provide tools, knowledge and expertise to execute an internal penetration test on customer designated devices. Malcolm Testing Solutions will attempt to compromise the access controls on designated systems by employing the following methodology: 1. Enumeration – Once Malcolm Testing Solutions has arrived for The Fitness Club’s assessment they will connect to the network via the data port provided by the customer. Once connected, Malcolm Testing Solutions will run a variety of information gathering tools in order to enumerate computers and......

Words: 566 - Pages: 3

Premium Essay

Test Plan

...Test Plan 1. Scope of Testing Unit and Integration are the two levels of testing. The main purpose of unit testing is to remove all errors in programming and logic. This will allow the end-user to have easy-to-use and functioning software application. The login pages will be tested as well as the staff and client login. The database will also be tested and verified that it is able to send and retrieve the proper data. The staff are of the application was also checked so that they are able to make any changes to their personal information. As far as integration testing goes, the main purpose is to ensure that the website is fully-functional before the site is actually live and working. This means that the software and hardware that are needed to support the integration will be working as to give the end-user a website that runs smoothly. We will also be testing the website with various browsers to ensure that it looks and works properly. 2. Unit Test Policy Purpose: The purpose of this testing is to make sure that the website works properly and effectively without any programming or logic errors. Policy: The purpose of the policy is to be able to make any changes that are necessary that may cause any errors with the website. Testing should be recorded and include who did the testing, time recorded, the outcome as well as the corrections. * Insert data – Use insert statements to insert data into tables as well as verify the insert statement with a......

Words: 335 - Pages: 2

Premium Essay

Sample - Test - Plan

... Test Plan Template: (Name of the Product) Prepared by: (Names of Preparers) (Date) TABLE OF CONTENTS 1.0 INTRODUCTION 2.0 OBJECTIVES AND TASKS 2.1 Objectives 2.2 Tasks 3.0 SCOPE 4.0 Testing Strategy 4.1 Alpha Testing (Unit Testing) 4.2 System and Integration Testing 4.3 Performance and Stress Testing 4.4 User Acceptance Testing 4.5 Batch Testing 4.6 Automated Regression Testing 4.7 Beta Testing 5.0 Hardware Requirements 6.0 Environment Requirements 6.1 Main Frame 6.2 Workstation 7.0 Test Schedule 8.0 Control Procedures 9.0 Features to Be Tested 10.0 Features Not to Be Tested 11.0 Resources/Roles & Responsibilities 12.0 Schedules 13.0 Significantly Impacted Departments (SIDs) 14.0 Dependencies 15.0 Risks/Assumptions 16.0 Tools 17.0 Approvals 1.0 INTRODUCTION A brief summary of the product being tested. Outline all the functions at a high level. 2.0 OBJECTIVES AND TASKS 2.1 Objectives Describe the objectives supported by the Master Test Plan, eg., defining tasks and responsibilities, vehicle for communication, document to be used as a service level agreement, etc. 2.2 Tasks List all tasks identified by this Test Plan, i.e., testing, post-testing, problem reporting, etc. 3.0 SCOPE General This section describes what is being tested, such as all the functions of a specific product, its existing interfaces, integration of all functions. Tactics List here how you will accomplish the items that you have listed in the "Scope" section. For...

Words: 1343 - Pages: 6

Premium Essay

Attack and Penetration Test Plan

...Attack and Penetration Test Plan Part 1: Table of Contents 2. Scope 3 .Goals and Objectives 4. Tasks 5. Reporting 6. Schedule 7. Unanswered Questions 8. Authorization Letter Part 2: Scope Production e-commerce Web application server and Cisco network. Located on ASA_Instructor, the e-commerce web application server is acting as an external point-of-entry into the network: • Ubuntu Linux 10.04 LTS Server (TargerUbuntu01) • Apache Web Server running the e-commerce Web application server • Credit Card transaction processing occurs The test will be intrusive, meaning specific security points will be passed. Part 3: Goals and Objectives • If security software is up to speed, and penetration is not possible, a positive result will be given. If security software is not what it should be, penetration will be easy and the results will be explained to you in a separate report. Part 4: Tasks • Determine website size • Determine code of the website Part 5: Reporting • Upon completion of the penetration test, all results found will be in a separate report written by the person whom is performing the test. Part 6: Schedule Phase One-Information Collection (2 days) 1. Client authorization letter 2. Further client information 3. Get IT infrastructure Phase Two-Test Plan Development (3 days) 1. Determine scope 2. Use IT infrastructure to gain further knowledge about what is to be penetrated 3. List things to be penetrated and things that are off limits Phase...

Words: 458 - Pages: 2

Free Essay

Physical Ability Test Plan M2A2

...Physical Ability Test Plan Individual Assessment questionnaire: 1. Prior to being hired were you asked to take any physical ability test? Yes, the position required me to lift up to 70 pounds, I also had to operate a manual transmission U.P.S. vehicle, and forklift test. 2. What do you perceive to be the physical demands of your job? The demands are injuries, stress, physical strain, and working harder and longer hours. 3. On a scale of 1 to 5, with 5 meaning very physically demanding and 1 meaning not at all physically demanding, how physically demanding would you say your job is? I say 4, because getting a strain, sprain, or rupture to your knees, back, or shoulder happens to often, considering when delivering up to 500 packages in a day, and I make about 20 stops an hour. 4. Are there physical demands you were unaware of prior to accepting your position? Yes, the stamina, body movement, and your endurance that you will need to fulfill the long hours working, and the continuous tracking of packages, and there is a high interaction with customers. 5. Do you believe physical ability tests should be given to individuals being considered for your type of work? If yes, what types of physical tests would you recommend? I would recommend a manual dexterity test, static strength test, and reaction time test. 6. This job will require the ability to perform strength, stamina functions for moderate to extended periods of......

Words: 1158 - Pages: 5

Free Essay

Innovation of the Pen

...Evolution Of the Pen Regg Penn MAN 4054 Final Paper Professor Marcelo Alvarado-Vargas Where did the Pen come from? I can argue that everything that you and I know is majorly because of the existence of writing equipment and the pen. It’s clear that most of the fabric of history, was recorded by some previous form of the pen, along with some kind of paper. Pens were not always around however the concept of writing and recording images and symbols has been around since the beginning of time. Take the caveman for example; there are thousands of ‘cave paintings’ or drawings that have been either preserved or recorded so that curious individuals could see them. Those drawings were probably drawn with rock at first, then later on chiseled, which I would imagine was very time consuming. I remember learning in a History Course that Ancient Romans carved documents onto wax sculptures. As the progression and the knowledge of human beings expanded, new writing equipments became available. With invention of paper or papyrus, the pen came into existence. According to Maxfield Carroll, “The word "pen" is derived from "penna," the Latin word for a feather or plume. And that is exactly what the early pens were---quills or reeds with the tip carved to form a nib” (Carroll). The Quill was basically a bird feather being dipped into ink. The Quill pen was first used in Western Europe for writing church documents. This was sometime around 6AD. This is usually the pen that is seen in......

Words: 2450 - Pages: 10

Premium Essay


...Case Background Paint-Pen, Inc. is a company that manufactures and distributes liquid paint dispensed in ball-point tubes. The product is sold under the registered trademarks “Paint-Pen” and “Liquid Embroidery”. Aside from bearing the Good Housekeeping Seal of Approval (awarded in 1973), Paint-Pen distributes its products under the home party plan with exclusive franchise agreements with its distributors. On April 19, 1997, the company was offered for sale to Mr. Warren G. Hamer. Provided with the exhibits that contain the summary of Terms and Conditions of Sale, audited Income Statements and Balance Sheets, and Company History, Mr. Hamer needs to decide whether or not to place a bid, which is due on April 24. However, Mr. Hamer was apprehensive about the deal. Analysis To be able to arrive at a decision, Mr. Hamer needs to assess the value of the synergies the acquisition would offer. Operating Synergy Operating synergies can affect margins, returns and growth. However, in the case, we could not identify the operating synergies of the combined firm. Reason for this is that we do not know the details of Mr. Hamer’s company and to which industry it belongs in. If Mr. Hamer’s firm is also under the crafts and hobby industry, the acquisition would definitely have value by the following possibilities: economies of scale, greater pricing power, positive effect of combining functional strengths, and higher growth in existing markets. For this case, we determine the value of......

Words: 683 - Pages: 3

Premium Essay

Patriot's Pen

...Patriot’s Pen- What I Would Tell America’s Founding Fathers Founding fathers are the male participants of some historical events like the signing of the Declaration of Independence, the Bill of Rights, and the U.S Constitution. Some of the founding fathers that I hear most about are Benjamin Franklin and Thomas Paine. Only 39 individuals signed the constitution. Various people signed the U.S Constitution ranging from ages as young as 26 years old all the way up until 81 years old. The founding fathers include multiple parties with two of them being federalist and even past presidents. Some people that did not attend includes: Thomas Jefferson, John Adams and John Hancock. In my own opinion I would tell the Founding Fathers that they did a great job fighting for America. If it wasn’t for the founding fathers we wouldn’t even celebrate the simplest holiday Independence Day. We as youth wouldn’t have as many opportunities and freedom as United States citizens. Also I would tell the founding fathers that I am thankful and happy for everything they’ve done because they did not have to sign any documents, they wanted to. Those whom participated made the right decisions to put America as a whole on track and maintain structure. Have you ever thought about how it felt to live in the olden days with the Founding Fathers? Would you have made an executive decision to sign your signature for a better America? Just like in today’s society they say when you vote every vote counts. I......

Words: 317 - Pages: 2

Premium Essay

Sample Master Test Plan

...Sample Master Test Plan TEST PLAN IDENTIFIERRS-MTP01.3 REFERENCES None Identified. INTRODUCTION This is the Master Test Plan for the Reassigned Sales Re-write project. This plan will address only those items and elements that are related to the Reassigned Sales process, both directly and indirectly affected elements will be addressed. The primary focus of this plan is to ensure that the new Reassigned Sales application provides the same level of information and detail as the current system while allowing for improvements and increases in data acquisition and level of details available (granularity). The project will have three levels of testing, Unit, System/Integration and Acceptance. The details for each level are addressed in the approach section and will be further defined in the level specific plans. The estimated time line for this project is very aggressive (six (6) months), as such, any delays in the development process or in the installation and verification of the third party software could have significant effects on the test plan. The acceptance testing is expected to take one (1) month from the date of application delivery from system test and is to be done in parallel with the current application process. TEST ITEMS The following is a list, by version and release, of the items to be tested: A. EXTOL EDI package, Version 3.0 If a new release is available prior to roll-out it will not be used until after installation. It will be a separate......

Words: 3503 - Pages: 15

Premium Essay

Luna Pen

...many plausible negotiation strategies that Erika Graeper could have pursued, but in my opinion DGG’s strongest BATNA was to open up communication with Mr. Feng via formal letters and phone calls and demand compensation from Global Services for past and future sales (15% royalties with proof of monthly income). In bridging partnership, DGG would grant Global Services full permission for Luna pens to be sold in the Southeast Asian market. Global Service’s BATNA would be to continue to expand the market of pens and be granted fully autonomy of the Luna pen without being pressed for legal action. DGG [Represented by Erika Graeper] and Global Service’s Interest DGG’s current interests are not to revamp the production of the Luna pen, but they are interested in receiving royalties from Global Services for past, present, and future sales. In the negotiation process, DGG must remember that their company discontinued manufacturing and selling the pen years ago and any type of compensation should be recognized as a triumph. Alternatively, Global Services’ interests are to possibly expand the pen considering its current success and to stay away from any types of litigations. In order to deter from legal action, Global Services are interested in negotiation with possible agreement to pay royalty and licensing fees. Erika’s Approach to the Negotiation Erika approached the Luna negotiation fairly effectively, but there are areas where she could have exercised more ambition and......

Words: 1024 - Pages: 5

Premium Essay

Test Plan Template

...4 1.3.3 Testing Process Management Team 4 1.4 Assumptions for Test Execution 5 1.5 Constraints for Test Execution 5 1.6 Definitions 6 2 Test Methodology 6 2.1 Purpose 6 2.1.1 Overview 6 2.1.2 Usability Testing 6 2.1.3 Unit Testing (Multiple) 7 2.1.4 Iteration/Regression Testing 7 2.1.5 Final release Testing 7 2.1.6 Testing completeness Criteria 8 2.2 Test Levels 8 2.2.1 Build Tests 8 Level 1 - Build Acceptance Tests 8 Level 2 - Smoke Tests 8 Level 2a - Bug Regression Testing 8 2.2.2 Milestone Tests 9 Level 3 - Critical Path Tests 9 2.2.3 Release Tests 9 Level 4 - Standard Tests 9 Level 5 - Suggested Test 9 2.3 Bug Regression 9 2.4 Bug Triage 9 2.5 Suspension Criteria and Resumption Requirements 10 2.6 Test Completeness 10 2.6.1 Standard Conditions: 10 2.6.2 Bug Reporting & Triage Conditions: 10 3 Test Deliverables 11 3.1 Deliverables Matrix 11 3.2 Documents 12 3.2.1 Test Approach Document 12 3.2.2 Test Plan 12 3.2.3 Test Schedule 13 3.2.4 Test Specifications 13 3.2.5 Requirements Traceability Matrix 13 3.3 Defect Tracking & Debugging 13 3.3.1 Testing Workflow 13 3.3.2 Defect reporting using G FORGE 14 3.4 Reports 16 3.4.1 Testing status reports 16 3.4.2 Phase Completion Reports 16 3.4.3 Test Final Report - Sign-Off 16 3.5 Responsibility......

Words: 5532 - Pages: 23

Premium Essay

Ballpoint Pen

...The Ballpoint Pen Guide February 20, 2015/28 Comments/in Accessories, Ballpoint Pen, Fountain Pens, Other Accessories, Pens, Reviews, Savoir Vivre, Wardrobe /by J.A. Shapira Pin It At Gentleman’s Gazette, we have a deep appreciation for all fine accessories. From the neck and bow ties we sell in our online shop, to pocket squares, cufflinks and business card cases; there really is no limit to our love for well crafted, sartorially-savvy products. One accessory that is dear to our hearts are fine writing instruments, and with that said, we are proud to introduce you to our new series on pens. In the past, we’ve discussed fountain pens on occasion, even publishing a very in-depth and comprehensive guide on Pelikan fountain pens. To kick off this new series, we’re going to begin by focusing on ballpoint pens. Something, that many pen aficionados often dismiss as being subpar to that of the other styles including fountain pens and even rollerball. However, I am inclined to disagree with the majority of these critics. While ballpoint pens are certainly not as special as fountain pens, they do have their merits which I’ll discuss in this segment. History I remember as a child thinking to myself that ballpoint pens must be a relatively recent invention. I’m not sure why I thought this, but I’d like to guess it was due to their increased popularity in the Canadian grade school system. While fountain pens continue to be used in parts of Europe; they haven’t been in the North......

Words: 6250 - Pages: 25

Premium Essay

Clique Pens

...For the exclusive use of K. Larsen, 2016. 9-914-525 DECEMBER 16, 2013 FRANK V. CESPEDES JAMES KINDLEY Clique Pens: The Writing Implements Division of U.S. Home A fierce thunderstorm had just brought brief relief to the sweltering mid-August temperatures in Tampa, Florida, as Elise Ferguson, president of the writing implements division of U.S. Home, Clique Pens, stared at the notepad in front of her. She had jotted some thoughts about just whose needs were more important for Clique to satisfy—its retailers or its consumers? Fortunately, the 2013 back-to-school sales of her core writing implements product lines appeared to be on goal for a 3% increase over 2012. These sales were not without a cost, however, as various discounts, allowances, and other off-invoice deals had pushed gross profit margin down from 42% in 2010 to just over 36% in 2012. (See Exhibit 1.) Another one of Ferguson’s primary goals for Clique was to stop this decline in gross profit margin percentage and grow its overall gross profit by 4%. She hoped to accomplish this by growing revenues and increasing the gross profit margin. At this point, she felt it was unlikely that the latter would happen this year (2013). Ferguson wondered, were all these “giveaways” to retailers necessary? If so, couldn’t the monies be shifted to a form referred to generally as Market Development Funds (MDF), which would in theory allow Clique to have more control over their use in driving sales of its......

Words: 5477 - Pages: 22

Premium Essay

Classic Pen

...overall profitability of Classic Pen company goes down despite of the introducing of its new two products, RED and PURPLE pens, which show more profitable than the traditional BLUE and BLACK product. These two new products are expected to be sold at premium selling prices about 3% and 10% respectively in the order and the new line, particularly PURPLE, in fact, showed much higher margin over the others. The problem was addressed is that the production technology required for the RED and the PURPLE pens demand specifications. Especially, making the RED color needs more changeovers, which leads to waste lots of time on purchasing and scheduling and management activities as well as money. In order to come up with a management decision under this situation, the controller is considering of using the activity-based costing (ACB) system to create the financial statement instead of using the traditional, job order costing system. Unlike the job order costing which maintains records and allocate cost on top of direct labor, ABC focuses on activities. Therefore, it leads more cost pools to be used to assign overhead costs to products. Four cost drivers which directly related to activity cost pools to assign overhead costs could be used for this case. As a result, costs are assigned more directly on the basis of the cost drivers used to produce each product. II. Strengths, Weaknesses, Opportunities and Threats 1. Strengths and Weaknesses Classic Pen Company has a production......

Words: 484 - Pages: 2

Free Essay

Luna Pen

...9-396-156 REV: FEBRUARY 7, 2005 KATHLEEN MCGINN MICHAEL WHEELER Luna Pen (A) A Puzzling Request Erika Graeper absently twirled the Luna in her fingers. It was not as massive as the Mont Blanc’s Meisterstück or the most expensive Pelikans, but the Luna had a comfortable heft and balance. It was handsome, as well. The pen’s midnight blue barrel was accented by a gold clip, and an elegant crescent moon was inlaid at the top of the cap. Erika smiled to herself, as the Luna tripped memories of both pleasure and small embarrassment. It had been given to her by her grandmother a dozen years ago when she had been about to start university. Erika had promptly used the pen to write a thank you note on crisp white stationery and had solemnly said that it would be a great help in her studies. Once at school, however, she had reverted to ball point pens and mechanical pencils. Since then, the Luna had been tucked, unused, in the back of a desk drawer. The gift certainly would still have been forgotten had not an odd letter happened to come to her desk at DGG the first month she started to work for that company. Judging by the notes that had been scribbled on it, the letter had gone past three other people before being forwarded to her. Her immediate boss, Wilhelm Mann, had scribbled a cryptic instruction that said in its entirety: “Please respond—Luna out of production for years.” Mann was out of the office and was unavailable to provide more information, so Erika...

Words: 5196 - Pages: 21