Penetration Testing and Security Assessment of a Legal Services Website

his project focuses on assessing the security posture of a legal web application through structured penetration testing techniques aligned with Governance, Risk, and Compliance (GRC) principles. The primary objective is to identify potential vulnerabilities that could impact the confidentiality, integrity, and availability of the system.

The assessment begins with the reconnaissance phase, where publicly available information about the target website is collected using passive and active techniques. This includes identifying domain details, subdomains, IP addresses, and exposed services. Reconnaissance helps build a clear understanding of the target’s attack surface without directly exploiting the system.

Following this, the project applies network scanning techniques to discover live hosts, open ports, and running services. Tools such as network mappers and vulnerability scanners are used to analyze the system for misconfigurations and potential entry points. This phase helps in identifying weaknesses such as outdated services, unnecessary open ports, or insecure protocols.

The findings are then evaluated from a GRC perspective by assessing associated risks and recommending mitigation strategies that align with security policies and compliance requirements. The project emphasizes ethical practices, ensuring that all testing is conducted within legal boundaries and with proper authorization.

Overall, this project demonstrates how reconnaissance and network scanning can be effectively used to support risk management and improve the security of legal web platforms.