performing vulnerability assessment

Learning Outcomes of the Assignment
LO2: Demonstrate ethical hacking skills and exploit the system based on vulnerability assessment using a range of techniques (P4, PLO3)
LO3: Prepare report on concepts, tools, or approaches for ethical hacking, vulnerability assessment and penetration testing (A4, PLO4)

Task 1: VAPT Proposal (LO3)

This section is Individual Task and carries 20% of total In-course mark. It requires students to conduct initial study on approaches of performing vulnerability assessment and penetration testing. Students are required to prepare a proposal by fulfilling the components in the project requirements stated below.

Project Requirements:

1- Clearly explain the selected type of pen testing, current target for penetration testing, and importance of the pen testing.
2- Propose ONE (1) methods for vulnerability assessment such as network scanning, database assessment, etc.
3- Propose ONE (1) attack methods with any suitable exploit to complete the penetration testing process.
Note: The proposal shall consist of at least ONE (1) suitable tools for vulnerability assessment and ONE (1) suitable tools for conducting the attack.

Task 1 Marking Scheme:

Task 1 Mark
Introduction 10
Vulnerability Assessment Methods 20
Exploit & Attack Method 20
Tools for Vulnerability and Attack 40
Documentation Format 10
Total Marks 100
Task 2: Technical Implementation and Report Writing (LO2)

This section is an individual task which focuses on conducting vulnerability scanning and penetration testing caring 30% of total in-course mark. Vulnerability scanning is a process of discovering, analyzing, and reporting on security flaws and known weaknesses on computer systems and networks. A penetration test, colloquially known as a pen test, pentest or ethical hacking, is an authorized simulated cyber-attack on a computer system, performed to evaluate the security of the system.
In this section you are required to conduct a vulnerability scanning on the target machine using the virtual environment (i.e., VMware, VirtualBox etc.) and conduct a penetration test based on identified vulnerabilities. Select ONE (1) from penetration testing methods proposed in Task 1. You must demonstrate the procedure for scanning victim device’s vulnerabilities in terms of system, network, etc. along with the use of proper tools that were proposed in task 1 to simulate the access to the victim machine. You are required to prepare a technical documentation for this activity.

Project Requirements:
1- Clearly explain penetration testing purposes, target application, penetration testing plan (targeted time and date), and person, application or any server involved during the activity.
2- Conduct vulnerability scanning on target machine. Print screen all steps with detail explanation. Discussed the details of all detected vulnerabilities.
3- Conduct required steps for penetration testing as a pen-tester. Print screen al steps with detail explanation. Discussed the details of the findings from the penetration testing activities.
4- Proposed some recommendations and proposed solutions for the client with highlighting the level of importance.

Task 2: Marking Scheme:

This section carries 30% of total in-course mark for this module as follows:
Task 2 Mark
Introduction/Scope 10
Vulnerability Scanning 20
System Attack 30
Countermeasures Proposed 15
Documentation 15
Presentation (Demo) 10
Total 100

Documentation Guidelines:
Document the results of your work in a professional and systematic manner, in the form of a computerized report. ONE (1) softcopy of your documentation is to be submitted.

Task 1 and task 2 should be submitted separately in 2 documents. Your complete documentation should at least contain the following:
1) Cover page
2) Table of content
3) Write up for Task 1 and Task 2 with proper numbered sections and subsections. Each Task should have the following structure at minimum:
a) Introduction
b) Structured write up content (with appropriate referencing and in-text citations)
c) Conclusion
d) References
e) Appendix

Submission Requirements
1. Your report must be typed using Microsoft Word with Times New Roman font size 12. Report should be in 1.5 spaces. Expected length is approximately 3,500 words (excluding diagrams, appendixes and references). You need use to include a word count at the end of the report.
2. The report has to be well presented and should be computer typed. Submission of reports that are unprofessional in its outlook (dirty, disorganized, inconsistent look, varying coloured paper and size) will not fare well when marks are allocated.
3. Ensure that the report is printed on standard A4 (210 X 297 mm) sized paper. Paper weight of 80 grams and above is highly recommended.
4. The report should have a one (1”) margin all around the page as illustrated below:

5. Every report must have a front cover. A transparent plastic sheet can be placed in front of the report to protect the front cover. The front cover should have the following details:-
a) Name
b) Intake code.
c) Subject.
d) Project Title.
e) Date Assigned (the date the report was handed out).
f) Date Completed (the date the report is due to be handed in).
6. All information, figures and diagrams obtained from external sources must be referenced using the APA referencing system accordingly.

Marking Criteria:

Distinction (75% and above) Credit (65-74%) Pass (50-64%)
Demonstrate a comprehensive research with detailed evidence. High level of analysis performed, exceptional and thorough knowledge and understanding displayed with regard to the case study. Documentation presented in a professional manner and following proper sequencing and flow. Adequate research conducted with fair detail of evidence presented. Moderate level of understanding, analysis and knowledge displayed. Some level of relevance included in terms of subject areas. Moderate level of analysis and evaluation of facts followed by results comparison. Good level of documentation presented. Some level of reflection was evident in the documentation. Moderate level of critical appraisal. Low level research conducted. Some evidence of research displayed. Basic level of understanding and knowledge analysis displayed. Satisfactory level of documentation. No evaluation and analysis of facts, no results comparison performed. Satisfactory or low level of reflection displayed. No level of critical appraisal demonstrated.
What should be included in the report for Task 1:
Conduct the attack for the vulnerabilities exist on the victim machine
Successful attack and solid carefully analyse the vulnerabilities along with screenshots which describe details
Discuss technical steps. What should be included in the report for Task 1:
Ability to simulate the attack on the victim machine
Discuss technical steps along with screenshots.
What should be included in the report for Task 1:
Ability to conduct attack partially accomplished on the victim machine
Discuss technical steps
Network. System monitoring, but not in detail with no screenshots.

What should be included in the report for Task 2:
Proper methods and tools to gather the relevant evidence.
Stepwise technical steps.
Detailed discussion on forensic analysis of collected data.
Result correlation and cross analysis on what tools, methods they have used to do the technical steps.
In addition, how ethically they have been during the technical steps. What should be included in the report for Task 2:
Methods and tools to gather the relevant evidence.
Technical steps.
Provide a discussion on evidence analysis along with justifications on findings and technical steps.

Result correlation and cross analysis on what tools, methods they have used to do the technical steps. What should be included in the report for Task 2:
Fail to discuss methods and tools to gather the relevant evidence.
Fail to provide data gathering process in detail.
Fail to provide a discussion on analysis of technical steps.

Fail to provide result correlation and cross analysis on what tools, methods they have used to do technical steps.

Leave a Comment

Your email address will not be published. Required fields are marked *

+1 587-331-9072
We will write your work from scratch and ensure that it is plagiarism FREE, you just submit the completed work.