• Module: CMP319
• Title: Ethical Hacking 2
• Grade: A

For this module, I was tasked to carry out a penetration test on a web application that a new owner had acquired. The scenario is that an old web application had been purchased and the new owner needed a penetration tester to check for any security vulnerabilities present. The objective is to test the security of the web application using a web app penetration testing methodology and report the findings in the form of a Penetration Testing White Paper. If any vulnerabilities were found from the testing, countermeasures are to be given to the client.

I chose to use the OWASP Web Security Testing Guide(WSTG) as my methodology for conducting the web penetration test. I found it a very in-depth (maybe too in-depth) methodology to test the web app given to me for any possible vulnerabilities. Although, a good few sections were not used as it was out of scope due to me not having the source code of the web app during the pen test. My white paper goes over the methodology in more detail such as the tools I used.

My finished white paper for the hacking 2 assignment can be read below. I think this is the best white paper I've produced so far, with great help from Jamie O'Hares Report Writing Quickies, and I'm very proud of it :).