Skip to content

caffiendkitten/PenTestReport

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

50 Commits

0.0Assessment_Information

0.0Assessment_Information

 
 

1.0Attack_Narrative

1.0Attack_Narrative

 
 

2.0Threat_Model

2.0Threat_Model

 
 

3.0Post-Exploitation

3.0Post-Exploitation

 
 

4.0Conclusions

4.0Conclusions

 
 

5.0Executive_Summary

5.0Executive_Summary

 
 

9.0Appendix

9.0Appendix

 
 

.DS_Store

.DS_Store

 
 

OWASP_WAST_Checklist.md

OWASP_WAST_Checklist.md

 
 

README.md

README.md

 
 

References.md

References.md

 
 

Web App Security Testing Checklist - Web App Security Checks.pdf

Web App Security Testing Checklist - Web App Security Checks.pdf

 
 

Repository files navigation

PenTest Report for my Flatiron School final project.

During my time at Flatiron School I created a password manager for my final project, which can be found here. Though a seemingly simple task, this threw me for a fun loop into authentication and cryptography; and now it is time to test it.

This will be a full evaluation of the security posture of the application I built compared to current industry best practices, such as THE PTES, OWASP top 10, and NIST. This will include both manual and automated testing as well as an evaluation of the vulnerabilities found and their suggested remediation.

Front End Repo can be found here.
Back End Repo can be found here.

** Disclaimer **

This project is meant to be educational to the process and should not be considered a real report.
The report will be between to fictional companies; etc/Passwd App (SEPA) and DC Security (DC).
See the References for the sample reports that I used as a base template for this project.
And please don't steal their hard work.

Section Table of Contents Page
0.0 Assessment Information................. 2
0.1 Assessment Overview 3
0.2 Confidentiality Statement 4
0.3 Disclaimer 5
0.4 Contact Information 6
0.5 Test Scope and Method 7
0.6 Finding Severity Ratings 8
0.9 Document History 9
1.0 Attack Narrative............................... 10
1.1 Overview 11
1.2 Reconnaissance 12
1.3 Threat Model 13
1.4 Exploitation 14
1.9 Summery of Findings 19
2.0 Threat Model..................................... 23
2.1 Overview 24
2.2 Versions 25
2.2.1 V1_Details 25
3.0 Post-Exploitation......................... 30
3.1 Overview 31
4.0 Conclusions...................................... 40
4.1 Most Likely Compromise Scenarios 41
4.2 Implications 42
4.3 Recommendations 43
4.4 Actions Taken 44
5.0 Executive Summary......................... 50
5.1 Overview 51
5.2 Test Outcomes 52
5.3 Security Strengths 53
5.4 Security Weaknesses 54
5.5 Prioritized Recommendations 55
9.0 Appendix........................................... 90
9.1 Appendix A: Methodology Overview 91
9.2 Appendix B: ToolKit 92
9.3 Implications 93
References....................................... 100

About

A sample report done on my final project at Flatiron School, the password manager. This will be an ongoing report until it is complete. https://flatiron-passwordmanager.netlify.app/

Resources

Readme
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published