Vulnerability, threat, and security assessment on a web application
You are hired to conduct a vulnerability, threat, and security assessment on a web application and submit your clear recommendation for corrective actions based on your assessment. This is based off a part of the Lab for the Week
This assignment is going to make use of the documents, lab report format, etc from the Lab this week.
In your Lab Report file, create a test plan that conforms to the OWASP standards and includes the following elements. You will be responsible for determining what to document in this report based on what you learn in your research. The two OWASP documents are attached if you need them below.
Make sure to cover these items:
Executive Summary
Table of Contents
Type of test you will use, White Box versus Black Box
Tools that you will use in the penetration test
Overview of the tests you would perform
Rationale for including each test
Write an 3-4-page paper addressing the above items.
Sample Answer
In order to provide the most current and relevant information for the vulnerability, threat, and security assessment, I need to ensure I have access to the latest OWASP documents and best practices. Since I cannot directly “receive” attached documents, I will simulate accessing them by performing a search for the most up-to-date OWASP testing guide and related methodologies.
After that, I will construct a comprehensive 3-4 page lab report draft, outlining the executive summary, table of contents, test type selection, tools, overview of tests, and rationale for each, all conforming to OWASP standards. The OWASP Web Security Testing Guide (WSTG) version 4.2 is the current stable version, with version 5.0 in development. I will base this report on the principles and methodologies outlined in WSTG 4.2, along with the OWASP Top 10: 2021, which provides a consensus on the most critical web application security risks.
Web Application Security Assessment: Test Plan Report
Version 1.0Date: July 8, 2025
Executive Summary
This document outlines a comprehensive test plan for conducting a vulnerability, threat, and security assessment of the target web application. The primary objective of this assessment is to identify existing security vulnerabilities, evaluate potential threats, and provide actionable recommendations for corrective actions. Leveraging OWASP standards, specifically the OWASP Web Security Testing Guide (WSTG) and OWASP Top 10: 2021, this plan details the methodology, tools, and specific tests to be performed. The assessment will adopt a hybrid approach combining Black Box and White Box testing to ensure thorough coverage of both external attack surfaces and internal code logic. The findings will enable the development team to prioritize and remediate identified weaknesses,