CT119-3-3 Assignment Asia Pacific University of Technology & Innovation : Vulnerability Assessment & Penetration Testing Individual Assignment
| University | Asia Pacific University of Technology and Innovation (AUTI) |
| Subject | CT119-3-3 Vulnerability Assessment |
Learning Outcomes of the Assignment
LO2: Propose suitable technique to conduct vulnerability assessment and penetration testing on the selected domain (A3, PLO5)
LO3 Demonstrate the ability to perform exploitation in penetration testing using suitable tools (A3, PLO6)
Synopsis:
The objective of this assignment is to provide students with hands-on experience in conducting vulnerability assessments and penetration testing. The assignment aims to develop student skills in identifying and assessing vulnerabilities in a target system, as well as conducting simulated attacks to exploit those vulnerabilities. By completing this assignment, students will gain a practical understanding of the concepts and techniques used in vulnerability assessments and penetration testing.
Task 1: VAPT Proposal (LO2)
This section is Individual Task and carries 30% of total in-course mark. It requires student to theoretically conduct initial study on approaches of performing vulnerability assessment and penetration testing. Each student is required to prepare a proposal by fulfilling the components in the project requirements stated below:
1- Each student should select a target system for the vulnerability assessment and penetration testing. The target system can be a web application, network infrastructure, or an IoT device. The system must be legally owned or obtained permission for testing purposes. Document the details of the target system, including its purpose, operating system, software, and services running on it. Clearly explain the selected type of penetration test, current target for penetration testing, scope of the test and importance of the pen testing.
2- Each student is required to outline the approach that will be employed to conduct the
vulnerability assessment along with the list of tools that are suitable to conduct the
vulnerability scanning (e.g., Nessus, OpenVAS, Nexpose).
3- Each student is required to propose and describe the attack method along with tools and techniques to be utilized during each phase of the assessment and testing process (e.g., Metasploit, BurpSuite, Armitage).
Important Notes:
The proposal shall consist of at least ONE (1) suitable tool for vulnerability assessment and ONE (1) suitable tool for exploitation.
Your proposal should be well-structured, concise, and supported by relevant research and industry best practices.
Any proposal related to wireless penetration testing is prohibited in this assignment.
Task 1 Marking Scheme:
| Task 1 | Mark |
| Introduction | 20 |
| Vulnerability assessment method and tools selected | 30 |
| Exploit & attack method and tools selected | 30 |
| Documentation Format | 10 |
| Proposal Presentation | 10 |
| Total Marks | 100 |
Are You Searching Answer of this Question? Request Malaysian Writers to Write a plagiarism Free Copy for You.
Task 2: Exploitation (LO3)
This section is also an Individual Task carrying 30% of total in-course mark. It focuses on conducting a comprehensive vulnerability assessment and penetration testing of the target system based on the proposal submitted in Task 1. In this section you are required to identify and document the vulnerabilities discovered, including their severity and potential impact, providing a detailed report summarizing the vulnerabilities found.
Based on the vulnerabilities identified in the assessment, plan and perform penetration tests on the target system. Select suitable tools (e.g., Metasploit, Burp Suite) to carry out the penetration testing. Exploit the identified vulnerabilities in a controlled manner to gain unauthorized access or
demonstrate potential risks. Document the techniques used and the results obtained during the penetration testing. Prepare a report highlighting the successful exploits and their potential impact on the target system’s security. Based on the vulnerabilities and successful exploits, propose
countermeasures to mitigate the identified risks. Provide recommendations for improving the security posture of the target system. Explain how the proposed countermeasures and recommendations can address the vulnerabilities and prevent future exploitation.
You are required to prepare technical documentation for this activity.
Project Requirements:
1- Clearly explain penetration testing purposes, target application, penetration testing plan (targeted time and date), and person, application, or any server involved during the activity.
2- Conduct vulnerability scanning on the target machine. Print screen all steps with detail explanation. Discussed the details of all detected vulnerabilities.
3- Conduct required steps for penetration testing as a pen tester. Print screen all steps with detailed explanation. We discussed the details of the findings from the penetration testing activities.
4- Propose some recommendations and proposed solutions for the client with highlighting the
level of importance.
| Task 2 | Mark |
| Introduction/Scope | 10 |
| Vulnerability Scanning | 20 |
| System Attack | 30 |
| Countermeasures Proposed | 20 |
| Documentation | 10 |
| Presentation (Demo) | 10 |
| Total | 100 |
Documentation Guidelines:
Document the results of your work in a professional and systematic manner, in the form of a computerized report. ONE (1) softcopy of your documentation is to be submitted.
Task 1 and Task 2 should be submitted separately in TWO (2) documents. Your complete documentation should at least contain the following:
1) Cover page
2) Table of content
3) Write up for Task 1 and Task 2 with proper numbered sections and subsections. Each Task should have the following structure at minimum:
a) Introduction
b) Structured write up content (with appropriate referencing and in-text citations)
c) Conclusion
d) References
e) Appendix
Submission Requirements
1. Online submission in the Moodle.
2. Your report must be typed using Microsoft Word with Times New Roman font size 12. Report should be in 1.5 spaces. Expected length is approximately 7,000 words (excluding diagrams, appendixes, and references). You need use to include a word count at the end of the report.
3. The report must be well presented and should be computer typed. Submission of reports that are unprofessional in its outlook (dirty, disorganized, inconsistent look, varying colored paper and size) will not fare well when marks are allocated.
4. Ensure that the report is printed on standard A4 (210 X 297 mm) sized paper. Paper weight of 80 grams and above is highly recommended.
5. The report should have a one (1”) margin all around the page as illustrate below:
6. Every report must have a front cover. A transparent plastic sheet can be placed in front of the report to protect the front cover. The front cover should have the following details: –
a) Name
b) Intake code.
c) Subject.
d) Project Title.
e) Date Assigned (the date the report was handed out).
f) Date Completed (the date the report is due to be handed in).
7. All information, figures and diagrams obtained from external sources must be referenced using the APA referencing system accordingly.
Marking Criteria:
| Distinction (75% and above) | Credit (65-74%) | Pass (50-64%) |
| Demonstrate comprehensive research with detailed evidence. High level of analysis performed, exceptional and thorough knowledge and understanding displayed with regard to the case study. Documentation presented in a professional manner andfollowing proper sequencing and flow. |
Adequate research conducted with fair detail of evidence presented. Moderate level of understanding, analysis and knowledge displayed. Some level of relevance included in terms of subject areas. Moderate level of analysis and evaluation of facts followed by results comparison. Good level of documentation presented. Some level of reflection was evident in the documentation. Moderate level of critical appraisal. |
Low level research conducted. Some evidence of research displayed. Basic level of understanding and knowledge analysis displayed. Satisfactory level of documentation. No evaluation and analysis of facts, no results comparison performed. Satisfactory or low level of reflection displayed. No level of critical appraisal demonstrated |
Recent Solved Questions
- CT047-3-M: Analysis and Solutions (Proposing a Big Data Conceptual Framework): Big Data Analytics And Technology Assignment, AUTI, Malaysia
- DED5074: School Effectiveness and Improvement Report, MSU, Malaysia Henry Mintzberg opines, “Simply because all the decisions cannot be understood at one centre, in one brain
- Fundamental Concepts of ICT Assignment, APU, Malaysia Information Technology becomes one of the greatest phenomena that ever exist in the world today
- LAW434: Malaysian Legal System Assignment, UITM, Malaysia With reference to decided cases discuss the application of the doctrine of stare decisis in Malaysia
- Management Decision Science (MDS) Assignment, MMU, Malaysia
- ATF20603 BUSINESS ACCOUNTING Financial Records and Performance Analysis
- B99BP: Comparing how they can be used for rhGH production including discussion of the following elements: Bioprocessing Assignment, Malaysia
- LLB202B: Explain the legal framework governing the process of public auctions in Malaysia: FACULTY OF LAW & GOVERNMENT Assignment, HU, Malaysia
- ESEM5634 Educational Research Methodology, Research Paper, UNITAR, Malaysia
- BAGB1013: What are FOUR (4) key performance metrics mentioned in the article that indicate the recovery: Principles Of Management Essay, UIU, Malaysia
