The Results from the Penetration Test of the Ernst and Young Credit Union
- 2338 Words
- 9 Pages
This report documents the results from the penetration test of the Ernst and Young Credit Union external website (http://10.55.3.101). Full authorisation has been given to conduct the test, which was carried out in a manner that simulates an attack from a malicious user. The objectives were to:
- establish if a remote attacker could penetrate the security mechanisms of the Ernst & Young Credit Union.
-evaluate the impact of such a breach on the security of confidential information and on the infrastructure of the website. This report contains an overview of the testing process and issues that were found, details of the testing process, results found, the risks associated with the vulnerability and recommendations for rectifying the vulnerability. The results of the test can be of assistance to Ernst & Young when making decisions regarding information security.
1. Overview of Testing Process and Most Serious Security Issues:
1.1 While assessing the security of the Ernst & Young website, it was found that the
“Branch Locator” page is vulnerable to SQL injection attacks. This is a serious vulnerability which involves inserting malicious SQL statements into an input field for execution. By appending SQL statements to the URL of the Branch Locator page, information about the structure of the underlying database was collected. This information was then used to generate further malicious statements. The list of database objects, tables and columns were returned. The
- Decent Essays
Essay on student
- 793 Words
- 4 Pages
The likelihood of an attack or breach dealing with the current infrastructure of the company’s
- 793 Words
- 4 Pages
Decent Essays - Decent Essays
Kaiser Permanente : Largest Integrated Healthcare Delivery Systems
- 2011 Words
- 9 Pages
A root-cause analysis of the security breach revealed multi-factorial issues at the technical, individual, group, and organizational levels. At the technical level, the applications and web-tools
- 2011 Words
- 9 Pages
Decent Essays - Satisfactory Essays
Nt1310 Project Design
- 724 Words
- 3 Pages
Phase 6 - conduct a vulnerability assessment according to NIST SP 800-115: Technical Guide to Information Security Testing;
- 724 Words
- 3 Pages
Satisfactory Essays - Decent Essays
The Role Of Racial Profiling In Business
- 322 Words
- 2 Pages
Additionally, visiting these sites opens our computer systems to hacking, theft, and fraud, which could result in a catastrophic breach of confidential data such as client information and employee profiles.
- 322 Words
- 2 Pages
Decent Essays - Better Essays
Equifax Data Breach Analysis
- 1363 Words
- 6 Pages
West, J., & Mar, S. (2017). Fundamentals of a cybersecurity program. Internal Auditor. Retrieved from
- 1363 Words
- 6 Pages
Better Essays - Good Essays
Salina Family Healthcare Center Case Study
- 556 Words
- 3 Pages
The purpose of the report is to explore the current vulnerabilities in the information system network and outline potential
- 556 Words
- 3 Pages
Good Essays - Better Essays
Mis 515 Information Security
- 398 Words
- 2 Pages
The second instalment of lab exercise for the MIS 515, Information Security in Private and Public Sector involved a general fact finding about a selected target. It was intended to get us familiar with the various tools we could use to in assessment of networks and websites. We were asked to follow some steps given to us in the assignment narrative and see what we could find on our own.
- 398 Words
- 2 Pages
Better Essays - Decent Essays
Privacy Analysis Worksheet
- 747 Words
- 3 Pages
While strong security standers are necessary, they must be tested from time to time to evaluate their effectiveness. This is where vulnerability assessments come into play; by performing penetration testing on current systems/networks, security risks can be identified and addressed before cybercriminals are able to take advantage of them (Database Security,
- 747 Words
- 3 Pages
Decent Essays - Decent Essays
Social Engineering Security Breach
- 1807 Words
- 8 Pages
It is recommended that we conduct a test that would simulate that breach. The test results should be anonymous as the goal of the test is to improve the company's security posture in a way that improves the entire company's security. After the test is complete, the results should be used to assist in designing training for employees on understanding and dealing with potential social engineering attacks. After developing the training, new policies and procedures should be disseminated, then the training can include understanding and reviewing the new policies and procedures. After the training is completed another test should be done to measure engagement and effectiveness of the social engineering training. This information should be used to improve training. The goal of the training would be to empower employees with situational awareness skills that would assist them in identifying potential social engineering attempts and how to respond
- 1807 Words
- 8 Pages
Decent Essays - Decent Essays
Quality Web Design Essay
- 1197 Words
- 5 Pages
My paper focuses on a security assessment of Quality Web Design (QWD), which is a very successful company that is well-known for its magnificent and appealing websites; they work
- 1197 Words
- 5 Pages
Decent Essays - Better Essays
Cis 502 Web Server Application Attack
- 1492 Words
- 6 Pages
In this era of globalization and cut-throat world of competition, it is virtually impossible to do business without using the internet and web applications. Internet gets used for processing the credit card or debit card sale and even for using to save the data of customers to the merchant’s database for future reference and to send promotional offers to the previous and patron customers. And on the other hand, hackers are trying their best to get the data stored on the merchant’s server by spoofing
- 1492 Words
- 6 Pages
Better Essays - Decent Essays
Phoenix Lutho Executive Summary
- 396 Words
- 2 Pages
The rigorous third-party examinations were administered by the professional IT assurance and compliance staff at 360 Advanced, a respected national Qualified Security Assessor, HITRUST CSF Assessor and Certified Public
- 396 Words
- 2 Pages
Decent Essays - Satisfactory Essays
Senate Data Breach Case Study
- 522 Words
- 3 Pages
In recent years breaches in data security have become common place. When breaches occur, a consumer’s personal and financial information are put at risk. Cyber criminals most frequently target retailers that make a practice of storing a customer’s credit card information beyond the necessary time frame and in many cases do have in the place appropriate security protocols.
- 522 Words
- 3 Pages
Satisfactory Essays - Good Essays
Penetration Testing Or Pen Testing Essay
- 1143 Words
- 5 Pages
This test will simulate an inside attack behind the firewall done by an authorized user who is having standard access
- 1143 Words
- 5 Pages
Good Essays - Better Essays
Web Application Attack Scenario
- 1093 Words
- 5 Pages
Data systems such as the web application and data servers are faced by a number of threats, some of these threats are discussed below:
- 1093 Words
- 5 Pages
Better Essays