Maintaining a proactive approach on security requires that an organization perform its own hacking footprinting to see how much information is available to potential hackers. Some organizations do this using internal staff; however, it is much more common to see organizations hire external security consultants to perform these types of security reviews. This allows a truly unbiased outsider to attempt to gather as much information as possible to formulate an attack.
Assume that you have been selected as the security consultant to perform a comprehensive security review for an organization of your choosing. Ensure that the organization that you select has a public website that you can access and at least one web application that you can use for this task. You will review the security of the organization’s website and any related web applications and consider security risks such as structured query language (SQL) injection and social engineering techniques.
To complete this task, you will need to perform a footprinting analysis of your selected company. Your comprehensive security review will involve a series of tasks that are described in detail below.
A. Create a multimedia presentation (e.g., PowerPoint, Keynote) (suggested length of 12–15 slides) in which you do the following:
1. Summarize your findings of a footprinting analysis you performed on your chosen organization.
2. Discuss how the information gathered during your footprinting analysis could be used to initiate an attack against the organization.
3. Discuss social engineering techniques that could be utilized to gather information regarding the organization’s computer systems.
a. Present appropriate countermeasures that should be used to combat such social engineering techniques.
4. Prescribe a series of countermeasures and remedies that could be utilized to counter this type of footprinting attack.
5. Present common web server vulnerabilities that the organization is most susceptible to.
6. Present common threats against web applications that pose the greatest risk to the organization’s web applications.
7. Illustrate how SQL injection could be used to obtain or destroy information from a web application’s database.
8. Discuss how SQL injection techniques could pose a potential threat to the organization’s web applications.