Oversee a penetration test
- or -
Post a project like this- Posted:
- Proposals: 4
- Remote
- #1346893
- Expired
Description
1/ Security Audit of office. Find and then try to exploit all possible issues of their office network. 1 Public IP with multiple services being offered publicly.
What I require from you:
Careful scoping of the test environment to establish the exact extent of the testing exercise.
A range of manual tests using a methodology closely aligned with the Open Source Security Testing Methodology (OSSTM).
A series of automated vulnerability scans.
Immediate notification of any identified critical vulnerabilities to help you take action quickly.
A detailed technical report that identifies and explains the vulnerabilities (ranked in order of significance).
A list of recommended countermeasures to address any identified vulnerabilities.
An executive summary that explains what the risks mean in business terms – perfect for your management team.
2/ Web application Security testing. Reviewing their public website for any security issues, for example brute force of authentication, and or information leakage, SQLI.
What I require from you:
Careful scoping of the test environment to establish the exact extent of the testing exercise.
A range of manual tests closely aligned with the OWASP methodology.
A series of automated vulnerability scans.
Immediate notification of any identified critical vulnerabilities to help you take action quickly.
A detailed technical report that identifies and explains the vulnerabilities (ranked in order of significance).
A list of recommended countermeasures to address any identified vulnerabilities.
An executive summary that explains what the risks mean in business terms – perfect for your management team.
3/ Phishing of staff and targeted phishing of up to 3 staff, with a generic phishing attempt for the rest. (Approx 42 people in total.)
What I require from you:
The design and development of a targeted phishing campaign, which simulates a popular phishing attack vector (e.g. a ‘drive-by-download’). The actual vector deployed will be agreed after a scoping discussion with the client.
The identification of ‘high-risk’ employees who respond to the campaign.
An executive summary of the outcomes of the campaign, explaining what the risks mean in business terms – perfect for your management team.
I would like your cover letter to confirm that you can do all of the above along with examples of how this has been achieved in the past.
I would also like a summary of how long you think this will take using the requirements above.
Please respond as detailed as you can.
Look forward to hearing from you.
Regards
Extra notes: This job will be done remotely. Due to the sensitive nature of such a job I can't give out any more details and will not respond to anyone who does not have a proven track record.
Again - you will oversee this project to its conclusion aiding in writing a final report to the clients. This is not a long job perhaps a total of 10 hours but I hope to form a relationship with someone that will be very fruitful in the future.
Extra notes:
Sean H.
0% (0)New Proposal
Login to your account and send a proposal now to get this project.
Log inClarification Board Ask a Question
-
Hi
Please update me if any -
Hi Sean,
I can do that all off the above as per reqirments network security and penetration testing and can complete in 8 Hrs for complete task
Web application Security testing Activties :
Test all links in your webpages are working correctly and make sure there are no broken links. Links to be checked will include -
1)Functionality Testing
Outgoing links
Internal links
Anchor Links
MailTo Links
Test Forms are working as expected.
Testing cookies (sessions) are deleted either when cache is cleared or when they reach their expiry.
Delete cookies (sessions) and test that login credentials are asked for when you next visit the site.
2. Usability testing:
Test the site Navigation
Test the Content:
3.Interface Testing:
Application: Test requests are sent correctly to the Database and output at the client side is displayed correctly
Web Server: Test Web server is handling all application requests without any service denial.
Database Server: Make sure queries sent to the database give expected results.
4.Database Testing:
Test if any errors are shown while executing queries
Data Integrity is maintained while creating , updating or deleting data in database.
Check response time of queries and fine tune them if necessary.
Test data retrieved from your database is shown accurately in your web application
5. Compatibility testing.
Same website in different browsers will display differently. You need to test if your web application is being displayed correctly across browsers , javascript , AJAX and authentication is working fine. You may also check for Mobile Browser Compatibility
6.Performance Testing:
Website application response times at different connection speeds
Load test your web application to determine its behavior under normal and peak loads
Stress test your web site to determine its break point when pushed to beyond normal loads at peak time.
Test if a crash occurs due to peak load , how does the site recover from such an event
7. Security testing:
Security testing is vital for e-commerce website that store sensitive customer information like credit cards.Testing Activities will include-
Test unauthorized access to secure pages should not be permitted
Restricted files should not be downloadable without appropriate access
Check sessions are automatically killed after prolonged user inactivity
On use of SSL certificates , website should re-direct to encrypted SSL pages.
Test password quality rules
Test remember me functionality
Test password reset and/or recovery
Test password change process
Test CAPTCHA
Test multi factor authentication
Test for logout functionality presence
Test for default logins
Test for out-of channel notification of account lockouts and successful password changes
I am confident in my ability to deliver the outcome as stated in the specifications and I am confident of delivering this job successfully with quality deliverable
Many thanks in Advance,
Samala