Security & Penetration Testing of Website, database system and other IT
Preferred learners
- Anywhere
- Academic experience
Categories
Skills
Project scope
- What is the main goal for this project?
-
A standard practice for web-based tools is to conduct what is known as penetration tests at least once a year. This is a white-hat hacking approach in which a firm is given special permission to try and break into, exploit, or otherwise attempt to break a given product via security vulnerabilities.
- First, we would like students to get familiar with our product including website and database. Sign up, play around with it, understand generally how it works.
- Second, students should spend time conducting research on state of the art pen testing technologies. They should look into common vulnerability lists such as OWASP Top 10, and common security tools such as Nmap, Burp Suitar, Nessus, and Wireshark.
- Third, students should have a written attack plan and present it to us so we can confirm we understand what the test will do and what might be uncovered.
- Fourth, students are free to attack our product as per the presented plan
- What tasks will learners need to complete to achieve the project goal?
-
Before testing begins, students should present a testing plan to us. This should include tools they will use, techniques for exploration, what categorical vectors of attack will they go after, and any other information they feel like they need to present. This should be presented to us via a small slide deck or other means.
After testing is complete, the final deliverable should be a written report detailing how the test was conducted, what tests passed, what tests failed, recommendations for mitigation strategies, and any further notes from the testers. Other items to consider for a final report should be:
- An executive summary detailing overview, timeline, key findings
- Categorizing all findings into vulnerability levels such as critical, high, medium, low
- High detailed summaries of any findings
- Low detailed summaries of any tests conducted with no findings
- A recap of any tools used
Final Deliverables:
Provide details about what the student will upload to the platform as their final deliverable(s).
- report of findings
- suggested remediation
For students: To validate the completion of your work, please submit deliverables as uploaded files with a reflection note at the end of your project. These files can take various formats, including Word documents, PDFs, JPEG images, presentations, and more. We request tangible proof or an example showcasing your completed work. If the project involved an Non-Disclosure Agreement (NDA), please provide redacted deliverables or a sample of non-confidential work.
- What is the main goal for this project?
-
A standard practice for web-based tools is to conduct what is known as penetration tests at least once a year. This is a white-hat hacking approach in which a firm is given special permission to try and break into, exploit, or otherwise attempt to break a given product via security vulnerabilities.
- First, we would like students to get familiar with our product including website and database. Sign up, play around with it, understand generally how it works.
- Second, students should spend time conducting research on state of the art pen testing technologies. They should look into common vulnerability lists such as OWASP Top 10, and common security tools such as Nmap, Burp Suitar, Nessus, and Wireshark.
- Third, students should have a written attack plan and present it to us so we can confirm we understand what the test will do and what might be uncovered.
- Fourth, students are free to attack our product as per the presented plan
- What tasks will learners need to complete to achieve the project goal?
-
Before testing begins, students should present a testing plan to us. This should include tools they will use, techniques for exploration, what categorical vectors of attack will they go after, and any other information they feel like they need to present. This should be presented to us via a small slide deck or other means.
After testing is complete, the final deliverable should be a written report detailing how the test was conducted, what tests passed, what tests failed, recommendations for mitigation strategies, and any further notes from the testers. Other items to consider for a final report should be:
- An executive summary detailing overview, timeline, key findings
- Categorizing all findings into vulnerability levels such as critical, high, medium, low
- High detailed summaries of any findings
- Low detailed summaries of any tests conducted with no findings
- A recap of any tools used
Final Deliverables:
Provide details about what the student will upload to the platform as their final deliverable(s).
- report of findings
- suggested remediation
For students: To validate the completion of your work, please submit deliverables as uploaded files with a reflection note at the end of your project. These files can take various formats, including Word documents, PDFs, JPEG images, presentations, and more. We request tangible proof or an example showcasing your completed work. If the project involved an Non-Disclosure Agreement (NDA), please provide redacted deliverables or a sample of non-confidential work.
Supported causes
About the company
- https://oand.org
- 2 - 10 employees
- Hospital, health, wellness & medical, Non-profit, philanthropic & civil society
Bringing people together with Naturopathic Doctors to explore the
benefits of natural healing....
The Ontario Association of Naturopathic Doctors (OAND) connects people who are interested in a proactive approach to their health care to the right naturopathic doctor for them, as well as providing leadership, advocacy and support for Ontario’s licenced naturopathic doctors.