Security & Penetration Testing of Web Application

Closed
BoardSpace
Ottawa, Ontario, Canada
Pat Crosscombe
Founder & CEO
(29)
4
Project
Academic experience or paid work
80 hours per learner
Learner
Anywhere
Advanced level

Project scope

Categories
Website development Security (cybersecurity and IT security) Information technology Databases Networking
Skills
ethical hacking penetration testing nmap nessus preparing executive summaries open web application security project (owasp) vulnerability research
Details

A standard practice for web based tools is to conduct what is known as penetration tests at least once a year. This is a white-hat hacking approach in which a firm is given special permission to try and break into, exploit, or otherwise attempt to break a given product via security vulnerabilities.

  • First, we would like students to get familiar with our product. Sign up, play around with it, understand generally how it works.
  • Second, students should spend time conducting research on state of the art pen testing technologies. They should look into common vulnerability lists such as OWASP Top 10, and common security tools such as Nmap, Burp Suitar, Nessus, and Wireshark.
  • Third, students should have a written attack plan and present it to us so we can confirm we understand what the test will do and what might be uncovered.
  • Fourth, students are free to attack our product as per the presented plan
Deliverables

Before testing begins, students should present a testing plan to us. This should include tools they will use, techniques for exploration, what categorical vectors of attack will they go after, and any other information they feel like they need to present. This should be presented to us via a small slide deck or other means.

After testing is complete, the final deliverable should be a written report detailing how the test was conducted, what tests passed, what tests failed, recommendations for mitigation strategies, and any further notes from the testers. Other items to consider for a final report should be:

  • An executive summary detailing overview, timeline, key findings
  • Categorizing all findings into vulnerability levels such as critical, high, medium, low
  • High detailed summaries of any findings
  • Low detailed summaries of any tests conducted with no findings
  • A recap of any tools used
Mentorship

A walk through of the product, as well as lighter technical details of it will be provided to students before they begin testing.

Common vulnerability knowledge such as exploration into OWASP Top 10 and common testing tools will be provided to students as a starting point.

Students will be able to ask questions at any point during the process.

About the company

Company
Ottawa, Ontario, Canada
2 - 10 employees
Technology, It & computing

BoardSpace is an online portal for the volunteer directors and administrators of condos, HOAs, non-profits and charities. BoardSpace overcomes the daunting task of looking after hundreds of documents, attending lots of meetings, preparing agendas, approving minutes and keeping on top of to-lists by providing boards with the tools to get their work done more efficiently and in less time.

Pat Crosscombe founded BoardSpace due to her experience on a condo board. BoardSpace is on a mission to organize the boards of directors of the world and was built by a team that understands the needs of condo and non-profit boards.