The following general steps will guide you through a security assessment. Consider using them as steps in a report. The report will become a section in your final project report.
A. Risk Identification
Identify assets (e.g. web application)
Identify threat sources (e.g. SQL injection)
Construct risk scenarios (e.g. Attacker performs SQL injection on web application to download sensitive user data)
B. Risk Analysis
Determine likelihood
Determine impact
Use a Risk Matrix to prioritize risk of scenarios
Discuss what are you going to do about each of the scenarios
C. Pen-Test Your System
Try to test for vulnerabilities in your project by using wmap, zaproxy, or any of the tools in the list of OWASP vulnerability scanning tools)
Fix at least one vulnerability that you find; ideally one that is high in your prioritization cf. to your risk analysis
Pen testing:
Group o group o -[checks]-> Group s Group S
Group s Group S -[checks]-> Group t our group name
The following general steps will guide you through a security assessment. Consider using them as steps in a report. The report will become a section in your final project report.
A. Risk Identification
Identify assets (e.g. web application)
Identify threat sources (e.g. SQL injection)
Construct risk scenarios (e.g. Attacker performs SQL injection on web application to download sensitive user data)
B. Risk Analysis
Determine likelihood
Determine impact
Use a Risk Matrix to prioritize risk of scenarios
Discuss what are you going to do about each of the scenarios
C. Pen-Test Your System
Try to test for vulnerabilities in your project by using wmap, zaproxy, or any of the tools in the list of OWASP vulnerability scanning tools)
Fix at least one vulnerability that you find; ideally one that is high in your prioritization cf. to your risk analysis
Pen testing:
Group o group o -[checks]-> Group s Group S
Group s Group S -[checks]-> Group t our group name