Assignment
BolAdi_07
OriginalityReport.pdf
4/10/2021 Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=05ff2730-b7e8-4ea4-89af-92631bd9928… 1/5
%25
%14
%2
SafeAssign Originality Report Spring 2021 - Emerging Threats & Countermeas (ITS-834-B04) - Seco… • Week 6 Research Paper
%41Total Score: High riskPraveenaditya Bolisetty Submission UUID: d1119948-86b4-7861-43de-d5638096f962
Total Number of Reports
1 Highest Match
41 % PenAttack and CyberTerrorism.docx
Average Match
41 % Submitted on
04/10/21 05:05 PM EDT
Average Word Count
1,538 Highest: PenAttack and CyberTerrorism.d…
%41Attachment 1
Institutional database (6)
Student paper Student paper Student paper
Student paper Student paper Student paper
Internet (3)
co haasland lazarusalliance
Global database (1)
Student paper
Top sources (3)
Excluded sources (0)
View Originality Report - Old Design
Word Count: 1,538 PenAttack and CyberTerrorism.docx
2 8 1
6 10 7
4 3 5
9
2 Student paper 4 co 8 Student paper
Pen Attack and Cyber Terrorism 1
Pen Attack and Cyber Terrorism 2
Pen Attack and Cyber Terrorism Praveenaditya Bolisetty
ITS-834-B04- Emerging Threats & Countermeasures
Dr. James Webb
University of the Cumberland's
04/10/2021
Pen Attack and Cyber Terrorism
Introduction Penetration testing, which is basically identified as a pen test or ethical hacking, is considered to be a simulated cyberattack that is authorized on a
given system of a computer, and it is carried out in order to have the system security evaluated, it is not same as an assessment of vulnerability. It is a test that is con- ducted in order to find out present weaknesses inclusive of the probability of parties that are not authorized gaining entry into the features of the system in addition to data alongside strengths. This makes it possible to have a completion of an entire risk evaluation (Ayala et al., 2020) Pen Testing
When in relation to the web application safety context, the pen test is considered to be popularly utilized in augmenting a web application firewall. This penetra-
tion testing mainly involves the given breaching that is attempted of any particular figure of the systems of application such as backend/frontend servers and applica- tion protocol interfaces which tend to be susceptible to the attacks of code injection This particular process mainly gets to identify the system that is targeted in addi
1
2
1
3
4
4/10/2021 Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=05ff2730-b7e8-4ea4-89af-92631bd9928… 2/5
Source Matches (27)
tion protocol interfaces, which tend to be susceptible to the attacks of code injection. This particular process mainly gets to identify the system that is targeted in addi- tion to a specific objective, then gets to review the information that is present as well as undertaking different means into attaining the given objective. The target of a pen test might end up being a white box on how the system, as well as background information, gets to be offered prior to the tester. It might also be a black box whereby only the information that is basic of any apart from the organization Identity gets to be offered. Within a gray box pen test, it happens to be a combo of both whereby knowledge that is limited gets to be shared with a given auditor. Penetration tests are capable of identifying the vulnerabilities available in a system to attack and estimate the extent of its openness. The safety concerns that tend to be discovered through a pen test are supposed to be formally reported to the particular sys- tem owner. The reports might also evaluate the probable impacts to the specific institution and offer suggestions on countermeasures to mitigate risk. The insights offered are capable of fine-tuning the safety policies of WAF and patching the vulnerabilities that have been detected. Ethical hacking has goals that differ based on the kind of activity that is approved for any particular engagement. However, the fundamental objective is identifying vulnerabilities capable of being exploited through an actor that is nefarious alongside notifying the client regarding the vulnerabilities in addition to strategies for mitigation that are more appropriate. Pen tests are considered a component of an entire security audit (Fischer et al., 2020). Stages of pen tests
The process involved in penetration testing might be classified into five phases. They include planning and surveillance, which mainly focus on defining the goals and scope of a given test and the systems that are to be tackled, and the methods that are to be utilized in testing. It also involves collecting intelligence such as domains and networks' identities to have an efficient understanding of how a given target operates and the weaknesses that might be present. The information acquired can be utilized in more appropriately attacking the given target. For instance, the search engine's open source can be utilized to find data that might be utilized within an attack of social engineering. The second phase is scanning, which involves understanding how the targeted application responds to different intrusion attempts.
This is carried out through static analysis that inspects a code of the application to approximate how it behaves during its operations. They are tools capable of scan- ning a code's entirety within a single pass. There is the dynamic analysis that inspects a code of application within an operating state. It is a way that is more
practical in scanning since it offers an actual-time view into the performance of an application. The third phase includes gaining access through the use of data collec- ted within the scanning and surveillance stage. The hacker is capable of using a payload to exploit the targeted system. Like Metasploit is utilized in automating at- tacks on weaknesses that are identified. It is a phase that utilizes the attacks of web applications like backdoors besides injecting SQL in identifying the drawbacks of a target. The testers end up making attempts to have the failings exploited, which is basically through escalation of privileges, data theft, traffic interceptions, among others, among others, into knowing the damage they are capable of causing (Stolte and Cox, 2020) The fourth phase is basically access maintenance which needs to take the steps that are required in enabling one to be persistent within the environment of the target so as to collect all the data as much as it is possible.
2
2
The objective of this phase is getting to know whether the weaknesses might be utilized in attaining a presence that is persistent within the system that is exploited for a long duration so that a hacker is capable of gaining access that is in-depth. The goal behind this is imitating persistent threats that are advanced, that most
times end up remaining within a system for some duration so as to steal data that is most sensitive within an institution. The final stage is the analysis which involves the compilation of pen test to get a detailed report whereby specific weaknesses get to be exploited, any sensitive data that had earlier on being accessed in addition to the duration that the pen tester and the ability to stay within the system without getting detected. The information gets to be analyzed by safety personnel to assist in configuring the WAF settings of an enterprise as well as different safety solutions of an application into patching weaknesses in addition to safeguarding against at- tacks in the future. There is also a need to cover tracks whereby the attacker is supposed to ensure any traces have cleared that compromise the system of the victim, the type of collected data as well as the log events into remaining anonymous. Methods of pen test
There are various methods used in penetration testing which include: External testing mainly targets the visible assets of an organization. It has the objective of
gaining access as well as extracting data that is valuable. Internal testing whereby a tester has access to an application behind a given firewall ends up simulating
an attack through a malicious insider. Another method is blind testing, whereby a tester gets to be provided with an organization's identity that is considered the tar- get. This is known for giving the security personnel a look at the actual time regarding how a simple assault of an application might occur. Double-blind
testing, the personnel of security tend not to have any prior knowledge of the simulated attack. The last method is targeted testing, whereby the security personnel and the tester function alongside each other and ensure they appraise one another regarding their movements. It is a valuable training exercise that offers the
team of security with actual-time feedback from a hacker's perception. Testing as well as firewalls of web application
Pen tests and the WAFs are considered exclusive, though they have mutual beneficial measures of security. For most penetration testing types, apart from
double-blind and blind trials, a tester has high probabilities of utilizing WAF data like logs into locating and exploiting the weak points of an application. Addition-
ally, the administrators of WAF are capable of benefitting from data of penetration testing. After completing a test, WAF configurations were updated to secure
against the weak spots identified within the performed test (Verhegge et al., 2021). Conclusion
The pen testing tends to satisfy various requirements of compliance for procedures of safety auditing, inclusive of SOC 2, the DSS, plus the PCI. Particular stand-
ards get to be satisfied via utilization of a WAF that is considered to be certified. Nevertheless, this does not guarantee an ethical hacking to be less useful because of the benefits linked to it as well as the capability to advance on the configurations of WAF.
References
Ayala, J., Fourie, A., & Reid, D. (2020). Cone penetration testing on silty tailings using a new small calibration chamber. Géotechnique Letters, 10(4), 492-497.
https://www.icevirtuallibrary.com/doi/abs/10.1680/jgele.20.00037 Fischer, M., Langer, F., Mono, J., Nasenberg, C., & Albartus, N. (2020). Hardware penetration testing knocks your SoCs off. IEEE Design & Test. https://ieeexplore.ieee.org/abstract/document/9154752/ Stolte, A. C., & Cox, B. R. (2020). Towards considera-
tion of epistemic uncertainty in shear-wave velocity measurements obtained via seismic cone penetration testing (SCPT). Canadian Geotechnical Journal, 57(1), 48-60. https://cdnsciencepub.com/doi/abs/10.1139/cgj-2018-0689 Verhegge, J., Storme, A., Cruz, F., & Crombé, P. (2021). Cone penetration testing for extensive map-
ping of deeply buried Late Glacial covers and landscape paleotopography. Geoarchaeology, 36(1), 130-148.
https://onlinelibrary.wiley.com/doi/abs/10.1002/gea.21815
2
2
2
4
4 3
4
2
2
5
4
2
6 6
7 8 8
9
8 10
4/10/2021 Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=05ff2730-b7e8-4ea4-89af-92631bd9928… 3/5
Student paper 66%
Student paper 67%
Student paper 74%
haasland 62%
co 69%
Student paper 68%
Student paper 75%
1
Student paper
Pen Attack and Cyber Terrorism 1 Pen At- tack and Cyber Terrorism 2 Pen Attack and Cyber Terrorism Praveenaditya Bolisetty
Original source
Pen Attack and Cyber Terrorism Oluwaseun Mary James Pen Attack and Cyber Terrorism Oluwaseun Mary James Pen Attack and Cyber Terrorism Oluwaseun Mary James
2
Student paper
ITS-834-B04- Emerging Threats & Countermeasures
Original source
Emerging Threats & Countermeasures
1
Student paper
Pen Attack and Cyber Terrorism
Original source
Pen Attack and Cyber Terrorism Oluwaseun Mary James
3
Student paper
Introduction Penetration testing, which is basically identified as a pen test or eth- ical hacking, is considered to be a simu- lated cyberattack that is authorized on a given system of a computer, and it is car- ried out in order to have the system se- curity evaluated, it is not same as an as- sessment of vulnerability.
Original source
A penetration test , colloquially known as a pen test , pentest or ethical hacking , is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system
4
Student paper
This penetration testing mainly involves the given breaching that is attempted of any particular figure of the systems of application such as backend/frontend servers and application protocol inter- faces, which tend to be susceptible to the attacks of code injection.
Original source
Pen testing can involve the attempted breaching of any number of application systems, (eg, application protocol inter- faces (APIs), frontend/backend servers) to uncover vulnerabilities, such as unsan- itized inputs that are susceptible to code injection attacks
2
Student paper
The second phase is scanning, which in- volves understanding how the targeted application responds to different intru- sion attempts.
Original source
The second stage is basically the scan- ning phase which involves understanding the manner in which the target applica- tion is capable of responding to different attempts of intrusion
2
Student paper
There is the dynamic analysis that in- spects a code of application within an op- erating state. It is a way that is more practical in scanning since it offers an ac- tual-time view into the performance of an application.
Original source
There is also the dynamic analysis which is inspecting a code of application within an operating state It is a method of scan- ning which is more practical because it offers a view which is real-time into a performance application
4/10/2021 Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=05ff2730-b7e8-4ea4-89af-92631bd9928… 4/5
Student paper 63%
Student paper 64%
Student paper 92%
co 69%
co 62%
haasland 76%
co 74%
Student paper 65%
Student paper 66%
lazarusalliance 63%
2
Student paper
The goal behind this is imitating persist- ent threats that are advanced, that most times end up remaining within a system for some duration so as to steal data that is most sensitive within an institution.
Original source
Its aim is imitating persistent threats that are advanced, which mostly stay within a system for long so that they can steal the most sensitive data of an organization
2
Student paper
Methods of pen test
Original source
Pen testing methods
2
Student paper
It has the objective of gaining access as well as extracting data that is valuable.
Original source
Has an objective of gaining access as well as extracting data is valuable
4
Student paper
Internal testing whereby a tester has ac- cess to an application behind a given fire- wall ends up simulating an attack through a malicious insider.
Original source
Internal testing In an internal test, a tester with access to an application be- hind its firewall simulates an attack by a malicious insider
4
Student paper
This is known for giving the security per- sonnel a look at the actual time regard- ing how a simple assault of an applica- tion might occur.
Original source
This gives security personnel a real-time look into how an actual application as- sault would take place
3
Student paper
Double-blind testing, the personnel of se- curity tend not to have any prior know- ledge of the simulated attack.
Original source
In a double blind test, security personnel have no prior knowledge of the simu- lated attack
4
Student paper
It is a valuable training exercise that of- fers the team of security with actual-time feedback from a hacker's perception.
Original source
This is a valuable training exercise that provides a security team with real-time feedback from a hacker’s point of view
2
Student paper
Testing as well as firewalls of web application
Original source
Web application Firewalls
2
Student paper
For most penetration testing types, apart from double-blind and blind trials, a tester has high probabilities of utilizing WAF data like logs into locating and ex- ploiting the weak points of an application.
Original source
For most types of penetration testing, the tester most probably utilizes data of WAF, like logs, in locating as well as ex- ploiting the weak spots of an application
5
Student paper
Additionally, the administrators of WAF are capable of benefitting from data of penetration testing.
Original source
In turn, WAF administrators can benefit from penetration testing data
4/10/2021 Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=05ff2730-b7e8-4ea4-89af-92631bd9928… 5/5
co 65%
Student paper 70%
Student paper 100%
Student paper 100%
Student paper 71%
Student paper 100%
Student paper 100%
Student paper 91%
Student paper 100%
Student paper 84%
4
Student paper
After completing a test, WAF configura- tions were updated to secure against the weak spots identified within the per- formed test (Verhegge et al., 2021).
Original source
After a test is completed, WAF configura- tions can be updated to secure against the weak spots discovered in the test
2
Student paper
The pen testing tends to satisfy various requirements of compliance for proced- ures of safety auditing, inclusive of SOC 2, the DSS, plus the PCI.
Original source
Penetration testing is used in satisfying various requirements for Compliance for the procedures of security auditing, in- clusive of SOC 2 as well as PCI DSS
6
Student paper
Ayala, J., Fourie, A., & Reid, D.
Original source
Ayala, J., Fourie, A., & Reid, D
6
Student paper
Cone penetration testing on silty tailings using a new small calibration chamber.
Original source
Cone penetration testing on silty tailings using a new small calibration chamber
7
Student paper
https://ieeexplore.ieee.org/abstract/docu ment/9154752/ Stolte, A.
Original source
Retrieved from https://ieeexplore.ieee.org/abstract/docu ment/9057869/
8
Student paper
C., & Cox, B.
Original source
C., & Cox, B
8
Student paper
Towards consideration of epistemic un- certainty in shear-wave velocity measure- ments obtained via seismic cone penet- ration testing (SCPT). Canadian Geotech- nical Journal, 57(1), 48-60.
Original source
Towards consideration of epistemic un- certainty in shear-wave velocity measure- ments obtained via seismic cone penet- ration testing (SCPT) Canadian Geotech- nical Journal, 57(1), 48-60
9
Student paper
Cone penetration testing for extensive mapping of deeply buried Late Glacial covers and landscape paleotopography.
Original source
Cone penetration testing for extensive mapping of deeply buried Late Glacial coversand landscape paleotopography
8
Student paper
Geoarchaeology, 36(1), 130-148.
Original source
Geoarchaeology, 36(1), 130-148
10
Student paper
https://onlinelibrary.wiley.com/doi/abs/1 0.1002/gea.21815
Original source
https://onlinelibrary.wiley.com/doi/abs/1 0.1002/9780470689646
