testing cycle. Reconnaissance is the first phase of the penetration test cycle and involves
gathering information about your target to gain a better understanding. There are two
methods of reconnaissance – Active and Passive. You will also discuss why penetration
testing is important from a business perspective.
One of the first steps in a penetration test is to develop a project timeline and a business
case that justifies the need for a penetration test. This helps the client know what they can expect from you, as the penetration tester, in regards to the duration and deliverable
dates.
Acme Corp. has hired you as a penetration tester to test its exciting new system. They
believe they are completely secure and ready to publish but are required to have a
penetration test done per company policy. They are also worried about what kinds of tests you will be doing. They want to know what you will be doing when you are looking at their company.
In this paper:
Prepare a business case justifying the need for a penetration test. Remember, the project manager is usually NOT excited about the test and is only doing it to check a box. Make sure they are aware of why it is necessary, and what benefits it brings them. In this business case, be sure to include why Penetration Testing is important from the business perspective, not just the security perspective.
Develop a project timeline. Use project management software such as Microsoft Project, Zoho Projects, Team Gantt, or any other similar piece of software to develop a Gantt Chart showing the timeline. This project is due to take 5 weeks (Weeks 2-6 of our course).
Define what deliverables the organization can expect from you. At what points in your timeline can they be expected (be sure to include these in your timeline above!), and what will they contain?
Discuss the difference between active and passive information gathering. What activities are conducted in each type of information gathering?
Discuss what OSINT is and what kinds of tasks it entails.
Paper Requirements:
Written Communication: Write in a professional manner using APA 7th Edition and formatting with correct grammar, usage, and mechanics.
Resources: Identify at least two scholarly resources (peer-reviewed. Scholarly journals, not news articles, Wikipedia, blog posts, etc…) and two industry resources (whitepapers, industry (e.g., Cisco, Palo Alto Networks, etc…) blog posts, Cybersecurity professionals (Troy Hunt, Bruce Schneier, etc…) blogs, etc…).
APA Formatting: Resources and citations are formatted according to APA 7th Edition.
Length: 3-5 Pages (not including Title Page, References, and any Abstract/Executive Summary)
Font and font-size: Any of the acceptable APA7 fonts.