Scope & Business Case

CIH is co-developing the continuous penetration testing service with Client XYZ and hopes to implement it in future.

The main focus of this project is to perform Web Application Penetration Testing (WAPT) on Client XYZ’s seven domains. This is done to prevent compromised data for the client and increase penetration testing skills.

Main Responsibilities

• Conduct Web Application Penetration Testing Exercises
• Write Security Assessment Reports
• Test Patched Vulnerabilities

Tools used

Web Application Penetration Testing

• Burp Suite Professional
• Macbook Air
• iPad

Security Assessment Report

• Microsoft Word Document

Test Patched Vulnerabilities

• Burp Suite Professional
• Macbook Air
• iPad

WAPT Exercise

Focus on three phases - discovery, exploitation and report writing.

Workflow

• Obtain Clearance from Client
• Configure Traffic to pass through Burp Suite
• Scan domains using Burp Suite's Scan Feature
• Perform Manual Penetration Testing
• Write Security Assessment Report
• Submit Report to Client
• Test Patched Vulnerabilities