CLO2 Demonstrate the ability to perform the penetration testing and
vulnerability assessment using a range of techniques (C3, PLO2)
Individual
Component
CLO3 Propose the proper tool, model or approaches for penetration testing
development. (A5, PLO4)
Group
Component
PLO2: To evaluate students’ cognitive in terms of problem solving and scientific method skills to
complete their individual project.
PLO4: to evaluate student’s interpersonal skills in terms of social skills, responsibility, and
teamwork towards completeness of the group project.
Main Case Study:
A small company has developed a new application. The company has hire you as tester to evaluate
their application and give some security suggestion based on your findings. You are required to
study on their application, do some penetration testing and finally make a proper report for the
company.
Task 1: Project Initial Study (LO4)
Project Case Study:
Select and download ONE (1) of the applications below as your target for topic of study. You may
choose your any suitable environment either Windows, Linux, etc for the selected application.
1- bWAPP: http://www.itsecgames.com/
2- IOS App: http://damnvulnerableiosapp.com/
3- Gruyere: http://google-gruyere.appspot.com/
4- Any free, opensource and LEGAL applications
This section is group component and students are required to do initial study on approaches of
conducting penetration testing. The assignment consists of TWO (2) members for each group.
Students are required to propose and discuss FOUR (4) suitable methods to perform penetration
testing for the selected application. This section weights 20% of total in-course mark.
CT086-3-3-PNT – Penetration Testing Page 2 of 8
Level 3 Asia Pacific University of Technology & Innovation 2020
Project Requirements:
1- Clearly explain project introduction, target application, client, and project scope.
2- Suggest FOUR (4) vulnerabilities testing can be conducted on System, or Network of the
selected application and discuss the importance of this testing.
3- Justify some penetration testing tools that can be used for the vulnerabilities testing
activities.
4- Proposed a proper approach for each vulnerability testing for the targeted machine.
Project Marking Scheme:
This section carries 20% of total in-course mark for this module as follows:
Task 2: Vulnerability Scanning and Penetration Testing (LO2)
Project Case Study:
This section is an individual task focuses on penetration testing and vulnerability scanning which
carries 30% of total in-course mark. A penetration test, colloquially known as a pen test, pentest
or ethical hacking, is an authorized simulated cyber-attack on a computer system, performed to
evaluate the security of the system. Vulnerability scanning is a computer program designed to
assess computers, networks or applications for known weaknesses. In plain words, these scanners
are used to discover the weaknesses of a given system.
Task 1 Mark
Introduction/Scope 15
Vulnerability Identification and Justification on
Selected Vulnerabilities
20
Tools for vulnerability testing 15
Approaches Proposed 40
Documentation 10
Total 100
CT086-3-3-PNT – Penetration Testing Page 3 of 8
Level 3 Asia Pacific University of Technology & Innovation 2020
In this assignment you are required to conduct a vulnerability scanning on victim machine on
virtual environment (i.e. WMware, and VBox etc.) and conduct required steps for penetration
testing as a pen-tester (Select ONE (1) from penetration testing proposed in part 1). You must
design the standard procedure for scanning victim device’s vulnerabilities in terms of system, and
network, etc. along with the use of proper tool to simulate the authorized access to the victim
machine. You are required to prepare a technical documentation for this activity.
Project Requirements:
1- Clearly explain penetration testing purposes, target application, penetration testing plan
(targeted time and date), and person, application or any server involved during the activity.
2- Conduct vulnerability scanning on target machine. Print screen all steps with detail
explanation. Discussed the details of all detected vulnerabilities.
3- Conduct required steps for penetration testing as a pen-tester. Print screen al steps with
detail explanation. Discussed the details of the findings from the penetration testing
activities.
4- Proposed some proper recommendations for the company with the level of importance.
Project Marking Scheme:
This section carries 30% of total in-course mark for this module as follows:
Task 1 Mark
Introduction/Scope 10
Vulnerability Scanning 20
Penetration Testing 30
Countermeasures Proposed 15
Documentation 10
Presentation (Demo) 15
Total 100
CT086-3-3-PNT – Penetration Testing Page 4 of 8
Level 3 Asia Pacific University of Technology & Innovation 2020
Documentation Guidelines:
Document the results of your work in a professional and systematic manner, in the form of a
computerized report. ONE (1) softcopy of your documentation is to be submitted through
MOODLE.
Your completed documentation should at least contain the following requirements:
1) Cover
2) Table of content
3) Write up for Task 1 and Task 2 with proper numbered sections and subsections. Each Task
should have the following structure at minimum:
a) Introduction
b) Structured write up content (with appropriate referencing and in-text citations)
c) Conclusion
d) References
e) Appendix
Submission Requirements
- Submission method is online through the webspace/module.
- Your report must be typed using Microsoft Word with Times New Roman font size 12. Report
should be in 1.5 spaces. Expected length is approximately 5,000 words (excluding diagrams,
appendixes and references). You need use to include a word count at the end of the report. - The report must be well presented and should be computer typed. Submission of reports that
are unprofessional in its outlook (dirty, disorganized, inconsistent look, varying colored
paper, size etc.) will not fare well when marks are allocated. - The report should have a one (1”) margin all around the page as illustrated below:
1 inch
The Typed Text
1 inch 1 inch 1 inch 1 inch 1 inch
1 inch 1 inch
CT086-3-3-PNT – Penetration Testing Page 5 of 8
Level 3 Asia Pacific University of Technology & Innovation 2020 - Every report must have a front cover. The front cover should have the following details:-
a) Members Name / TP Number
b) Intake code.
c) Subject.
d) Project Title.
e) Date Assigned (the date the report was handed out).
f) Date Completed (the date the report is due to be handed in). - All information, figures and diagrams obtained from external sources must be referenced using
the Harvard referencing system accordingly.