Providing a secure information systems environment requires taking a proactive approach to security. One way to do this is by hiring external security consultants or auditors to evaluate the security of an organization's network.
Assume that you have been selected as the security consultant to perform a security review for an organization of your choice. The organization that you select for this assignment should have a public-facing website and, at minimum, one web application that can be used for this task.
You have been asked to review the website security of the organization of your choice and any web applications that are part of this site. Security risks such as SQL injection and social engineering should be considered.
For this assignment, you should begin with a footprinting analysis (security reconnaissance) of the selected organization. Gather as much background information on the organization and its website as you can.
Tasks:
Prepare report on the following aspects:
- Summarize the footprinting analysis of the company you selected.
- Explain how the information gathered during your footprinting analysis could be utilized to initiate an attack against the organization.
- Describe potential social engineering methods that could be used to acquire information about the organization's computing environment.
- List at least 4-5 appropriate prevention techniques that can be used to thwart such social engineering techniques.
- Enumerate a series of countermeasures that can be used to avoid this type of footprinting attack.
- Identify a list of 10 web server vulnerabilities that the organization is most susceptible to.
- Determine at least 10 threats against the organization's web applications that pose the greatest risk to the organization.
- Describe how SQL injection could pose a potential security threat to the organization's web applications.