Assess the primary cyber threats and vulnerabilities associated with an organization’s mission-critical information systems and corrective measures.
(2) Increase hands-on skills and defense strategies by attacking a web application to steal "sensitive" data.
Competencies: Teambuilding skills, Systems thinking, hands-on
(1) Review the entire interactive case study for Jacket-X Corporation (both parts) presented in the Course Content area of the classroom (Click the “Case Studies” link).
Analyzes and reports on the threats and vulnerabilities of the enterprise network for the Jacket-X Corporation and recommend countermeasures to address these threats and vulnerabilities.
(2) A healthcare website has vulnerabilities besides the late delivery. As a group of ethical hackers, your responsibility is to help the organization to secure the web application. The first step for you is to identify the vulnerabilities. Now go to the website to “steal” as much data as you can.
http://vlab02.pneumann.com/patients13/?bill_month=8&sec=HSPO15(This website is preset for this class only. The data are not real. Do not attempt to attack any public websites.)
The target. The target website is setup for this exercise only. It is not a real healthcare website and there is no real data in the system. So students are free to practice.
Is the information (url) sufficient? Yes, an ethical hacker usually knows no more than a URL.
I have no idea how to "steal" the data. That's why we form a group. Actually it could be very easy to get some data from the website. (Will provide hints later if you couldn't figure out.) Having said that, there are other data in the system that may not be easy to "steal".
The goal The goal for this group exercise it to understand vulnerabilities in IT systems and most importantly looking for solutions to secure web applications. Not doing so will lead to data bleaches such as Target and many others.
After finishing the vulnerability assessment, your group needs to provide recommendations as for how to fix the problems.
The deliverable for each team is a written report. The report contains two parts: Jacker-X and Ethical Hacking. The length of this paper should be 10-15 pages double spaced. Page count does include the title page, table of contents, abstract and reference pages. (Note: including the table of contents and abstract are preferred but not required.) The page count DOES NOT include figures and tables.
Prepare your report in Word. Include a minimum of 10 sources. The citations and the reference list in the report should be formatted in accordance with APA 6th edition guidelines.
Before you submit your paper, you will need to run your assignment (part 1, Jacket-X Corporation) through Turnitin.com and receive an originality report. DO NOT WAIT TO THE LAST MINUTE TO DO THIS. It might take several hours to do this. Resubmissions can take a day or more.
For instructions, go to the "Turnitin Instructions" conference and review the posting entitled "Basic Turnitin Instructions."
After it meets all of the stated criteria, upload the paper and the originality report in the assignment folder.