This document is for Coventry University students for their own use in completing their assessed work for this module and should not be passed to third parties or posted on any website. Any infringements of this rule should be reported to facultyregistry.eec@coventry.ac.uk.
Cov Uni Logo

Faculty of engineering, Environment and Computing

Module: 5063CEM Practical Pen Testing

Assignment Brief
Module Title:
Practical Pen Testing
Group / Indivudual
Individual
Cohort
Sep-Dec
Module Code
5063CEM
Coursework Title
CW 2: Penetration Test Report
Handout Date
20/9/2021
Lecturer
Dan Goldsmith
Due Date and Time
3/12/2021
Estimated Time (hrs)
20 Hours
Coursework Type
Report
% of Module Mark
100%
Submission Arrangements

Via: Moodle

Marks release expected: None

Feedback Method: Individual Feedback Via Turnitin / Aula

Word limit: 2000

Module Learning Outcomes Assessed

  • 1. Use appropriate tools to discover the structure of a network, the services running on it, and identify and classify potential security flaws
  • 2. Demonstrate understanding of the core theoretical concepts that lead to insecurity in computer systems, and how there can be used to exploit and mitigate threats identified in a computer system or network
  • 3. Discuss common penetration testing methodologies, vulnerability risk rating systems and how they relate to the security audit process

Task and Mark Distribution

In this assignment you will need to write a comprehensive pen-test report on ONE of the challenge systems provided in the labs.

The report should be aimed at a non technical audience, and provide a detailed description of the process used to identify any vulnerabilities, methods used to exploit, and relevant suggestions for mitigation.

You should refer back to the generic pentest process discussed in the class, and discuss how the information gathered at each stage informed the decisions made.

You will also need to provide some discussion around the issues discovered. Providing an explanation of the cause of the problems, links to other similar real world examples, discussion of the risk involved.

Example Pen Test Process

A Generic Penetration test process discussed in class was:

  • Scope
  • Reconnaissance
  • Exploitation
  • Post-Exploitation

Your report should address each of these stages:

SCOPE

As there is no formal contract defined, your scope stage should discuss any assumptions you make around the process. What methods of testing are you going to use, are there elements that are out of scope etc.

Reconnaissance

Discussion of recon methodology, and any tools used. Results, and analysis of the reconnaissance phase. This may stage should also include any reconnaissance from post initial foothold on the system.

Exploitation

Description of any tools, techniques and strategies for the exploitation phase. Discussion of the vulnerabilities found, and how you were able to exploit them.

As with reconnaissance, this should include details of any further exploitation after the initial foothold.

Post Exploitation

Suggestions for mitigation, and any other post-exploit tasks carried out.

Marking Scheme

Element Marks Available
Introduction / Conclusions 10
Pen Test Report 60
*Discussion of issues Raised / Suggestions for mitigation 20
Report Structure 10

Suggested Report Structure

The recommended structure for the report is

  1. Introduction
  2. Results of the Security Audit
  3. Discussion and Suggestions for Mitigation
  4. Summary
  5. References

Marking Matrix

Grade Mark Description
No submission 0 No work submitted
Fail 0-25 Clear failure demonstrating little understanding of relevant theories, concepts and issues. Minimal evidence of research and use of established methodologies and incomplete knowledge of the area. Serious and fundamental errors and aspects missing. No evidence of research.
Near Fail 25-39 Very limited understanding of relevant theories, concepts and. Little evidence of research and use of established methodologies. Some relevant material will be present. Deficiencies evident in analysis. Fundamental errors and some misunderstanding likely to be present.
Pass 40-49 Meets the learning outcomes with a basic understanding of relevant theories, concepts and issues.. Demonstrates an understanding of knowledge and subject-specific theories sufficient to deal with concepts. Assessment may be incomplete and with some errors. Research scope sufficient to evidence use of some established methodologies. Some irrelevant material likely to be present
2:2 50-59 Good understanding of relevant theories, concepts and issues with some critical analysis. Research undertaken accurately using established methodologies, enquiry beyond that recommended may be present. Some errors may be present and some inclusion of irrelevant material. Good understanding, with evidence of breadth and depth, of knowledge and subject-specific theories with indications of originality and autonomy
2:1 60-69 Very good work demonstrating strong understanding of theories, concepts and issues with clear critical analysis. Thorough research, using established methodologies accurately, beyond the recommended minimum with little, if any, irrelevant material present. Very good understanding, evidencing breadth and depth, of knowledge and subject-specific theories with some originality and autonomy.
First 70-79 Excellent work with clear evidence of understanding, creativity and critical/analytical skills. Thorough research well beyond the minimum recommended using methodologies beyond the usual range. Excellent understanding of knowledge and subject-specific theories with evidence of considerable originality and autonomy.
Outstanding 80-90 Outstanding work with high degree of understanding, creativity and critical/analytical skills. Outstanding understanding of knowledge and subject-specific theories. Evidence of outstanding research well beyond minimum recommended using a range of methodologies. Demonstrates creative flair, originality and autonomy.
Exceptional 90-100 Exceptional work with very high degree of understanding, creativity and critical/analytic skills. Evidence of exceptional research well beyond minimum recommended using a range of methodologies. . Exceptional understanding of knowledge and subject-specific theories. Demonstrates creative flair, a high degree of originality and autonomy.

Notes:

  1. 1. You are expected to use the Coventry University APA style for referencing For support and advice on this students can contact Centre for Academic Writing (CAW).
  2. Please notify your registry course support team and module leader for disability support.
  3. Any student requiring an extension or deferral should follow the university process as outlined here.
  4. The University cannot take responsibility for any coursework lost or corrupted on disks, laptops or personal computer. Students should therefore regularly back-up any work and are advised to save it on the University system.
  5. If there are technical or performance issues that prevent students submitting coursework through the online coursework submission system on the day of a coursework deadline, an appropriate extension to the coursework submission deadline will be agreed. This extension will normally be 24 hours or the next working day if the deadline falls on a Friday or over the weekend period. This will be communicated via your Module Leader.
  6. You are encouraged to check the origianlty of your work by using the draft Turnitin links on Aula
  7. Collusion between students (where sections of your work are similar to the work submitted by other students in this or previous module cohorts) is taken extremely seriously and will be reported to the academic conduct panel. This applies to both courseworks and exam answers.
  8. A marked difference between your writing style, knowledge and skill level demonstrated in class discussion, any test conditions and that demonstrated in a coursework assignment may result in you having to undertake a Viva Voce in order to prove the coursework assignment is entirely your own work.
  9. If you make use of the services of a proof reader in your work you must keep your original version and make it available as a demonstration of your written efforts. Also, please read the univeristy Proof reading policy
  10. You must not submit work for assessment that you have already submitted (partially or in full), either for your current course or for another qualification of this university, unless this is specifically provided for in your assignment brief or specific course or module information. Where earlier work by you is citable, ie. it has already been published/submitted, you must reference it clearly. Identical pieces of work submitted concurrently will also be considered to be self-plagiarism.