Pentesting Prevention Proposal Project

By @rosinni and other contributors at 4Geeks Academy

Estas instrucciones estan disponibles en español

Before you start...

We need you! These exercises are built and maintained in collaboration with contributors such as yourself. If you find any bugs or misspellings please contribute and/or report them.

🌱 How to Start This Project

This exercise aims to consolidate everything learned in the previous three pentesting exercises by proposing mitigation and prevention measures for the detected attacks. The goal is to develop a report that details the identified vulnerabilities, the exploitation techniques used, and the recommendations for preventing future exploits.

This final project will not only reflect your competence in pentesting but also your commitment to continuous security and system improvement.

📝 Instructions

• Open this URL and fork the repository https://github.com/breatheco-de/pentesting-report-prevention-proposal-project

A new repository will be created in your account.

• Clone the newly created repository into your localhost computer.
• Once you have cloned successfully, follow the steps below carefully, one by one.

Let's start! 🤓

• Review your previous reports: Make sure you clearly understand the findings from the reconnaissance (Phases 1 and 2) and exploitation (Phase 3) stages.
• Vulnerability documentation: List all vulnerabilities detected and exploited in The Lovers.
• Include flags: All flags found must be present in the report as evidence, with their context and location.
• Analyze each vulnerability: Explain how it was discovered and its impact.
• Propose prevention measures: Strategies to prevent these vulnerabilities from being introduced in the future.
  • Examples:
    • Secure development (input sanitization, validations).
    • Strong password policies.
    • Code review and regular audits.
• Define mitigation measures: Solutions to reduce the impact of existing vulnerabilities.
  • Examples:
    • Applying security patches.
    • Secure configurations for services (Apache, SSH, MySQL).
    • Network segmentation and access control.

Final Report Writing

• Table of contents: Clear guide to sections and subsections.
• Introduction: Summarize the objective and scope of the pentest in The Lovers.
• Methodology: Describe the phases carried out and the main tools used.
• Pentesting phases: Briefly explain what was done in Reconnaissance, Enumeration, and Exploitation.
• Detected vulnerabilities: Detailed list with evidence.
• Flags: Evidence of each flag found.
• Prevention proposal: Strategies to reduce future risks.
• Mitigation proposal: Practical solutions to correct the findings.
• Potential impact: Reflection on the impact of the measures on system security.
• Conclusion: Reflect on the importance of continuous security.

🚛 How to submit this project?

• In the root of the forked project, upload the report in .pdf format named pentesting-report.pdf. Make sure to include screenshots, detailed descriptions, and any other resources that support your proposals.

💡 Including links to tools and additional resources used in the analysis will be considered a plus.

Contributors

Thanks goes to these wonderful people (emoji key):

1. Rosinni Rodríguez (rosinni) contribution: (build-tutorial) ✅, (documentation) 📖

2. Alejandro Sanchez (alesanchezr), contribution: (bug reports) 🐛

This project follows the all-contributors specification. Contributions of any kind are welcome!

This and many other exercises are built by students as part of the 4Geeks Academy Coding Bootcamp by Alejandro Sánchez and many other contributors. Find out more about our Full Stack Developer Course, and Data Science Bootcamp. You can alse deepdive in the world of cybersecurity with our Cybersecurity Bootcamp