A

PRACTICAL TRAINING REPORT

AT

INFOTACT SOLUTIONS

“Submitted in partial fulfillment of the requirement for the award of degree of

Bachelor of Technology In Computer Science to Rajasthan Technical University,
Kota”

Submitted By:
Sarvang Gupta (22CS074)

Department of Computer Science & Engineering

Anand International College of Engineering, Jaipur

2025-26
 Acknowledgment

It is a great pleasure and privilege for me to present this practical training report carried
out at “Infotact Solutions” and submitted in partial fulfillment of the requirement for the
award of the degree of the Bachelor of Technology in Computer Science & Engineering
to Rajasthan Technical University, Kota.

We express our sincere thanks to H.O.D. Computer Science & Engineering Department
of our college for his kind co-operation and valuable suggestions.

We are very much thankful to Vasudev Jha for his encouragement and inspiration at
every step to a great extent. This training would not have been possible without his
support and able guidance. He was very supportive throughout the given period in
sharing their knowledge and technical aspects.

Finally, we express earnest and sincere thanks to the whole “Infotact” for the generous
help and co-operation in every possible manner.
Sarvang Gupta

22CS074

CANDIDATE’S DECLARATION

I hereby declare that the work, which is being presented in the practical training report carried out at
“Infotact Solutions” and submitted in partial fulfillment of the requirement for the award of the
degree of the Bachelor of Technology in Computer Science & Engineering to Rajasthan Technical
University, Kota is a record of my training carried under the Guidance of Mr. Vivek
Bhojak/HOD/Computer Science & Engineering of Anand International College of Engineering.

Sarvang Gupta
22CS074

Mr. Vivek Bhojak

HOD Computer Science& Engineering
Anand International College of Engineering

CERTIFICATE

This is to certify that the report of the training submitted is the outcome of the practical training
done at “Infotact Solutions” in “Cybersecurity” is carried out by Sarvang Gupta bearing Roll
No.: 22EDACS075 under the guidance and supervision of “Mr. Vivek Bhojak” for the award of
Degree of Bachelor of Technology ([Link].) in Computer Science from Anand International
College of Engineering, Jaipur (Raj.), India affiliated to Rajasthan Technical University,
Kota during the academic year 2024-25.
 ABSTRACT

This practical training report presents the comprehensive learning and hands-on
experience gained during my training at Infotact Solutions Pvt. Ltd. The objective
of the training was to acquire practical exposure to enterprise-level cybersecurity
practices, tools, and methodologies. The training was structured into three major
projects: (1) Vulnerability Assessment of a Small Business Network, (2) Web
Application Penetration Testing with OWASP Top 10 focus, and (3) Secure
Linux Server Setup and Hardening.
In the first project, a simulated enterprise IT infrastructure was analyzed to identify
and prioritize vulnerabilities using tools such as Nmap and OpenVAS, followed by
drafting a client-style vulnerability assessment report. The second project focused on
testing vulnerable web applications like DVWA and OWASP Juice Shop against
common security flaws, including SQL Injection, Cross-Site Scripting, and
Broken Authentication, leveraging Burp Suite for reconnaissance and exploitation.
The third project involved deploying and securing a Linux server by implementing
SSH hardening, firewall rules, intrusion detection mechanisms (Fail2ban,
Auditd), and compliance checks using CIS benchmarks.

The outcome of this training was not only the development of technical expertise in
cybersecurity tools but also an enhanced understanding of real-world security
workflows, documentation practices, and remediation strategies. This report
consolidates the methodologies, tools, results, and key learnings, serving as both a
record of achievement and a foundation for future specialization in the field of
cybersecurity.

Chapter Index
S. No. TITLE PAGE NO.

1 Acknowledgment 2

2 Candidate’s Declaration 3

3 Certificate 4

4 Abstract 5

5 Introduction 7-10

6 1.1 Overview
 7 1.2 Layout & Features

8 1.3 Scope

9 Training Methodology 11-

10 Vulnerability Assessment of a Small Business Network 13-15

11 Web Application Penetration Testing (OWASP Top 10) 16-19

12 Secure Linux Server Setup & Hardening 20-23

13 Outcomes, Learnings & Challenges 24-28

14 Conclusion & Future Scope 29

15 References 30

CHAPTER 1
INTRODUCTION

1.1 Company Details – Infotact Solutions

Infotact Solutions Pvt. Ltd. is a growing IT services and cybersecurity company that focuses on
delivering secure, reliable, and innovative solutions to enterprises. The company operates with the
vision of becoming a trusted partner in the field of information security by offering services ranging
from consulting to implementation.
Infotact specializes in areas such as network security, vulnerability assessment, penetration
testing, security operations center (SOC) services, server hardening, and IT infrastructure
management. The organization is also committed to training and capacity building in
cybersecurity, providing students and professionals with exposure to real-world security
challenges and enterprise tools.
The company serves a diverse range of clients, including small and medium-sized enterprises
(SMEs), startups, and educational institutions. By simulating enterprise-level environments and
security practices, Infotact Solutions creates an ecosystem where interns and trainees can learn
hands-on skills that are directly applicable in industry.
The product and service portfolio of Infotact Solutions includes:

Vulnerability assessment and penetration testing (VAPT)

Web application and network security audits
Cloud security consulting
Linux server deployment and hardening
Security awareness and training programs
Development of customized security checklists and compliance solutions

By working with both business clients and academic trainees, Infotact Solutions bridges the gap
between theoretical knowledge and practical industry requirements.

1.2 Layout of Training Program

The training program at Infotact Solutions was designed to replicate enterprise-level projects and
provide structured learning. The layout of the program was divided into weekly modules, ensuring
progressive skill development. Each week focused on specific tasks, tools, and deliverables.
 Week 1: Setup of a virtual lab environment using VirtualBox/VMware. Installation of Kali
Linux and vulnerable applications like Metasploitable and OWASP Juice Shop. Introduction
to scanning tools such as Nmap and OpenVAS.
 Week 2: Performing network scans, port enumeration, and vulnerability assessments.
Collecting and documenting initial findings.
  Week 3: Prioritization of vulnerabilities using CVSS scores and researching mitigation
strategies. Conducting penetration testing on web applications, identifying flaws such as
SQL Injection, XSS, and Broken Authentication.
 Week 4: Linux server deployment and hardening by implementing SSH security, firewalls,
Fail2ban, and auditd monitoring. Preparing final documentation and mock client
presentations.
This structured layout ensured balance between learning and implementation, where theory was
supported by hands-on tasks. Each project followed a problem–solution approach, enabling me to
understand both the vulnerabilities in IT systems and the practical steps to secure them.

1.3 Products and Customers

Infotact Solutions delivers solutions and training that cater to both commercial clients and
students/professionals.
 Products/Services for Enterprises:
o Security monitoring services (SIEM, SOC operations)
o Web application security testing
o Infrastructure vulnerability assessments
o Cloud security deployment and audits
o Compliance solutions (based on CIS, ISO standards)
 Training Programs for Students/Professionals:
o Practical cybersecurity workshops
o Enterprise lab simulations
o Projects on network scanning, penetration testing, and server security
o Exposure to widely used industry tools like Burp Suite, OpenVAS, Nessus, and
Kali Linux
The customers of Infotact Solutions include organizations that want to strengthen their
cybersecurity posture as well as individuals who want to enhance their career prospects in this
field. By working closely with both groups, the company has positioned itself as both a service
provider and a training partner.

1.4 Importance of Cybersecurity Training in Industry

In today’s digital age, every organization relies heavily on IT infrastructure. With this reliance
comes an increasing risk of cyberattacks, data breaches, and unauthorized access. According to
industry reports, cybercrime damages are expected to grow into trillions of dollars annually, making
cybersecurity a critical business priority.
Cybersecurity training ensures that students and professionals are equipped with the right skills to
address these threats. Unlike classroom-only teaching, practical training provides exposure to real-
world attack scenarios and the use of enterprise-grade tools. For example, understanding how an
SQL Injection attack works on a vulnerable application and then learning to prevent it develops
problem-solving abilities that are directly applicable in industry.
Organizations increasingly demand professionals who are not only certified but also capable of
handling practical challenges. Hence, training programs like the one at Infotact Solutions fill a
vital gap between theoretical education and professional skill requirements.

1.5 Objective of this Practical Training

The main objectives of undertaking this training at Infotact Solutions were:
 To gain hands-on exposure to cybersecurity tools and technologies used in enterprises.
 To understand the complete workflow of vulnerability assessment, penetration testing,
and server hardening.
 To analyze and simulate real-world attack scenarios and identify security gaps.
 To practice documenting findings and preparing client-style reports.
 To develop a strong foundation for a future career in cybersecurity and information
assurance.

1.6 Scope of the Report

This report presents the activities, methodologies, findings, and outcomes of the training. The
scope is limited to three projects that were part of the internship:
1. Vulnerability Assessment of a Small Business Network
2. Web Application Penetration Testing based on the OWASP Top 10
3. Secure Linux Server Setup and Hardening
The report details the tools used, step-by-step procedures followed, results obtained, and the key
learnings from each project. It also highlights the importance of cybersecurity practices in modern
enterprises and how such training enhances industry readiness.

Chapter – 2
Training Methodology

2.1 Overview of Training Approach

The training at Infotact Solutions was designed with a balance of theory and practice. Instead of
only learning concepts, the program emphasized hands-on implementation using enterprise-grade
tools and real-world scenarios. The training was structured into weekly milestones, each covering
specific tasks, tools, and reviews.
The methodology adopted was:
1. Virtual Lab Setup – configuring a controlled environment using VirtualBox/VMware.
 2. Weekly Tasks – focusing on scanning, penetration testing, and server security.
3. Continuous Reviews – mid-week checks and Sunday evaluations ensured progress.
4. Final Deliverables – reports, presentations, and documentation prepared in a client-style
format.

2.2 Virtual Labs and Weekly Tasks

The training relied heavily on virtualization technology to create a safe, isolated environment for
cybersecurity experiments.
 Week 1:
o Setup of VirtualBox/VMware
o Installation of Kali Linux (attacker machine) and vulnerable systems like
Metasploitable 2 and OWASP Juice Shop
o Initial reconnaissance using Nmap and basic OpenVAS setup
 Week 2:
o Conducting network scans and port enumeration
o Running vulnerability assessments using OpenVAS
o Drafting initial findings for vulnerabilities

 Week 3:
o Researching mitigation strategies for discovered vulnerabilities
o Performing web application testing using Burp Suite
 o Preparing Proof-of-Concepts for web exploitation

 Wee
k 4:

o Deploying and hardening a Linux server (Ubuntu/CentOS)

o Implementing firewall, Fail2ban, auditd
o Preparing final reports and presentation
2.3 Tools & Technologies Used
The training program provided exposure to a wide variety of industry-standard cybersecurity tools:
  Kali Linux: A Debian-based distribution containing penetration testing tools for
reconnaissance, exploitation, and reporting. Widely used by ethical hackers and security
analysts.
 Nmap: Network mapper used for discovering hosts, services, and open ports.
 OpenVAS (Greenbone Vulnerability Manager): Open-source vulnerability scanner
capable of performing deep assessments.
 Burp Suite: Web penetration testing framework for crawling, intercepting, and exploiting
web applications.
 DVWA & OWASP Juice Shop: Intentionally vulnerable applications used for practicing
OWASP Top 10 attacks.
 Ubuntu/CentOS Servers: Used to simulate enterprise servers for security hardening
practices.
 VirtualBox/VMware: Hypervisors for virtualization and lab setup.
 UFW, Fail2ban, Auditd: Linux hardening and intrusion detection tools.

2.4 Lab Setup and Network Topology

The lab setup consisted of one attacker machine (Kali Linux) and multiple victim machines
(Metasploitable, DVWA, OWASP Juice Shop, Linux server). All machines were connected within
a host-only virtual network created in VirtualBox/VMware.
 Attacker: Kali Linux VM (IP: [Link])
 Victim 1: Metasploitable VM (IP: [Link])
 Victim 2: OWASP Juice Shop / DVWA (IP: [Link])
 Victim 3: Linux Server (Ubuntu/CentOS) (IP: [Link])
This network emulated a small business IT environment where vulnerabilities could be scanned and
mitigated.

2.5 Review and Evaluation

Each week concluded with a review session:
 Progress was checked against project deliverables.
 Vulnerabilities identified were documented.
 Screenshots and evidence were collected for reporting.
 Feedback was given to improve methodology and presentation.
This iterative evaluation helped ensure that all objectives were achieved systematically.

Chapter – 3
Vulnerability Assessment of a Small Business Network

3.1 Problem Statement

Small and medium-sized businesses frequently run IT services on modest infrastructure (a few
servers, internal workstations, and web services) with limited security resources. The aim of this
project was to simulate a real-world vulnerability assessment of such an environment and
produce prioritized, actionable remediation guidance.
The primary goals were:
 Discover hosts and services on the target network.
 Identify vulnerabilities affecting services and applications.
 Prioritize findings using a risk-based approach (CVSS-style scoring).
 Provide clear mitigation/patching and configuration recommendations that an SME can
implement.
Scope: internal network (host-only/isolated virtual lab) comprising an attacker VM (Kali Linux)
and target machines (Metasploitable, OWASP Juice Shop / DVWA, Ubuntu/CentOS server).
External internet scanning and denial-of-service tests were excluded.

3.2 Environment & Test Plan

Lab topology (recap from Chapter 2):
 Attacker (Kali): [Link]
  Victim (mail/web host): [Link]
 Other victims (web / app / server) as previously listed.
Test plan summary:
1. Reconnaissance: host discovery & port scanning (Nmap).
2. Service enumeration: banner grabbing and fingerprinting.
3. Vulnerability scanning: OpenVAS (full scan of found services).
4. Manual verification: attempt PoC exploits (controlled, non-destructive) for high-severity
findings — including SMTP enumeration via Metasploit.
5. Reporting: create a vulnerability table with CVSS-like severity, proof notes, and
remediation.

3.3 Tools & Commands Used

Tools: Kali Linux, Nmap, OpenVAS (Greenbone), Netcat, curl, and Metasploit Framework (for
controlled PoC where required).
Key commands and explanations (include these as preformatted blocks in the report and add
corresponding screenshots):
1. Service/version detection (Nmap -sV) — scan you ran
nmap -sV [Link]
Explanation: -sV probes open ports to detect service name and version information.
 2. Interpreting Nmap output
 The Nmap -sV output identified an SMTP service listening on port 25 (or a non-standard
SMTP port if present) and reported banner information including the mail server software
and version. This guided the follow-up test using Metasploit for SMTP enumeration.
3. SMTP enumeration using Metasploit (PoC performed in lab)
 Start the Metasploit console and use the SMTP enumeration module you executed:
msfconsole

use

auxiliary/scanner/smtp/smtp_enum
set RHOSTS [Link]
set THREADS 10
run
Explanation: The auxiliary/scanner/smtp/smtp_enum module attempts to enumerate valid SMTP
accounts and uses VRFY/EXPN or other SMTP commands, depending on server behavior. The
module output showed successful enumeration of user accounts (or other metadata) and confirmed a
misconfiguration that allowed email enumeration (and in some configurations, open-relay or user
disclosure).
3.4 Example Detailed Finding — SMTP Enumeration
Vulnerability — SMTP User Enumeration / Insecure SMTP Configuration
 Target: [Link] (SMTP service)
 Discovery method: nmap -sV identified the SMTP service and banner information. Follow-
up testing with Metasploit Framework using auxiliary/scanner/smtp/smtp_enum confirmed
that the mail server responded to SMTP enumeration commands (VRFY/EXPN or similar),
returning valid usernames or user existence responses. OpenVAS also flagged related
configuration weaknesses where applicable.
 PoC evidence: Metasploit console output showing enumerated usernames and SMTP
responses. (See screenshot_msf_smtp_enum_run.png and
screenshot_nmap_smtp_banner.png.)
 Impact: An attacker can discover valid email accounts on the domain. This enables targeted
social engineering, password-guessing attacks, and increases success chances for credential-
stuffing. If the mail server also permits open-relay or unauthenticated message sending, it
can be abused to relay spam or be used as a pivot point. The ease of exploitation and
usefulness of harvested usernames justify a High severity rating.
 Remediation steps:
1. Disable VRFY and EXPN functionality on the SMTP server configuration (most
modern mail servers can disable these commands).
2. Enforce authentication for SMTP actions that reveal user state; do not disclose user
existence through SMTP responses.
3. Disable open relay; configure relay restrictions to trusted IPs or authenticated users
only.
4. Rate-limit and log SMTP commands; alert on suspicious enumeration patterns.
5. Apply available patches and upgrade mail server software to the latest secure
version.
6. Harden SMTP banner to avoid exposing version information that can be
fingerprinted by attackers.
7. Monitor logs and integrate mail logs into central SIEM for anomaly detection.
 Chapter – 4
Web Application Penetration Testing (OWASP Top 10)

4.1 Introduction
This project focused on penetration testing of intentionally vulnerable web applications, namely
DVWA (Damn Vulnerable Web Application) and OWASP Juice Shop, to practice OWASP Top
10 vulnerabilities. The aim was to simulate real-world exploitation, capture proof-of-concepts
(PoC), and provide recommendations for mitigation.
4.2 Methodology
 Reconnaissance: Browsed application endpoints and intercepted requests with Burp Suite.
 Exploitation: Tested inputs against common attack payloads (SQLi, XSS, command
injection).
 Proof-of-Concept: Documented successful exploits with screenshots.
 Remediation Guidance: Suggested fixes based on OWASP recommendations.

4.3 DVWA Exploits

(a) SQL Injection
 Payload used:
 admin' OR '1'='1' --
 Result: Authentication bypass achieved on login page.
(b) Cross-Site Scripting (XSS)
 Payload used:
 <script>alert('XSS')</script>
 Result: Alert pop-up executed in the victim’s browser.

(c) Command Injection

 Payload used:
[Link] && id
Result: Server executed arbitrary system command and displayed output.
4.4 OWASP Juice Shop Exploit (Burp Suite)
 Vulnerability: SQL Injection on search/login endpoints.
 Payload example:
 ' OR '1'='1' --
 Result: Application returned unintended data, confirming SQLi.
4.5 Key Learnings
 Injection flaws remain highly impactful and easy to exploit in poorly coded
apps.
 XSS demonstrates how user input can compromise browser security.
 Command injection highlights the danger of passing unchecked input to
system commands.
 Burp Suite is invaluable for intercepting, modifying, and replaying requests in
penetration testing.
 Chapter – 5
Secure Linux Server Setup & Hardening

5.1 Why Server Hardening is Important

Linux servers are widely deployed to host business-critical applications, databases, and web
services. However, default installations often include unnecessary services, weak configurations,
and insecure defaults. Attackers exploit these weaknesses to gain unauthorized access, escalate
privileges, and compromise sensitive data.
Examples of real-world attacks caused by weak server security:
  Brute-force SSH attacks — bots attempt thousands of password guesses on port 22 to gain
access.
 Exploiting weak configurations — outdated OpenSSH or misconfigured permissions lead to
privilege escalation.
 Unrestricted services — unnecessary services (e.g., Telnet, FTP) left running become entry
points for attackers.
 Log tampering — without proper monitoring, attackers can cover their tracks.
Thus, server hardening is essential to reduce the attack surface and enforce best practices that align
with compliance frameworks such as CIS (Center for Internet Security) Benchmarks.

5.2 Steps in Server Hardening

5.2.1 SSH Hardening
 Disable root login: Edit /etc/ssh/sshd_config → PermitRootLogin no.
 Enable key-based authentication: Generate SSH keys with ssh-keygen and disable password
login → PasswordAuthentication no.
 Restrict SSH access to specific users: AllowUsers adminuser.
 Change default port (optional): Move SSH to a non-standard port (e.g., 2222) to reduce
automated attacks.
5.2.2 Firewall Setup (UFW)
 Install UFW (Uncomplicated Firewall):
 sudo apt install ufw
 sudo ufw default deny incoming
 sudo ufw default allow outgoing
 sudo ufw allow 22/tcp
 sudo ufw enable
 Allow only essential services (e.g., HTTP/HTTPS if web server).
 Block unused ports.
5.2.3 Fail2ban for Brute-force Protection
 Install Fail2ban: sudo apt install fail2ban.
 Configure /etc/fail2ban/[Link]:
 [sshd]
 enabled = true
 port = ssh
 maxretry = 3
 bantime = 600
  Fail2ban blocks IPs after repeated failed login attempts.

5.2.4 Auditd for

Monitoring
& Logging
 Install
Auditd: sudo
apt install
auditd.
 Configure audit rules in /etc/audit/rules.d/[Link]:
 -w /etc/passwd -p wa -k passwd_changes
 -w /etc/shadow -p wa -k shadow_changes
 Start service: sudo systemctl enable auditd && sudo systemctl start auditd.
 Audit logs are stored in /var/log/audit/[Link].

5.4 Checklist
with
Explanations
Step Action Taken Purpose
Prevent attackers from directly logging in as
Disable root login Edited sshd_config
root.
Key-based Strengthens login security and prevents brute
Configured SSH keys
authentication force.
Allowed only
UFW firewall Reduces exposed attack surface.
SSH/HTTP/HTTPS
Fail2ban Monitored SSH Blocks repeated failed attempts automatically.
Detects unauthorized changes and maintains
Auditd File and account monitoring
accountability.

Chapter – 6
 Outcomes, Learnings & Challenges

6.1 Introduction
The training at Infotact Solutions provided exposure to enterprise-level cybersecurity practices
through structured projects in vulnerability assessment, web application penetration testing, and
Linux server hardening. This chapter summarizes the technical skills gained, challenges
encountered, and how these experiences connect to real-world cybersecurity job roles.

6.2 Technical Skills Gained

The training enhanced both practical hands-on skills and conceptual knowledge. Key learnings are
listed below:
6.2.1 Vulnerability Assessment
 Proficiency in Nmap scanning (-sV, -sC, full port scans).
 Using OpenVAS/Greenbone for automated vulnerability scanning.
 Interpreting vulnerability reports, CVSS scoring, and prioritization.
 Documenting findings in client-style vulnerability reports.
6.2.2 Web Application Penetration Testing
 Understanding and exploiting OWASP Top 10 vulnerabilities (SQLi, XSS, command
injection).
 Hands-on with Burp Suite: intercepting, modifying, and replaying HTTP requests.
 Performing proof-of-concept exploits and capturing evidence.
 Recommending remediation steps aligned with industry standards.
6.2.3 Server Hardening
 Configuring secure SSH authentication (key-based, disabling root login).
 Setting up and managing UFW firewall rules.
 Installing and configuring Fail2ban to mitigate brute-force attacks.
 Using Auditd for monitoring file changes and system activity.
 Comparing hardened systems against CIS benchmarks.
6.2.4 Professional Skills
 Writing structured technical documentation.
 Presenting results in a clear, client-friendly format.
 Working systematically with weekly tasks and reviews.
 Strengthening problem-solving and analytical abilities.
6.3 Challenges Faced During Projects
Training was not without challenges; overcoming them improved both technical and personal skills:
1. Tool Installation & Configuration Issues
o Installing and configuring OpenVAS required multiple dependencies.
o Challenge: Long setup time and troubleshooting errors.
o Solution: Followed documentation, adjusted resource allocation in VirtualBox, and
reconfigured services manually.
2. Interpreting Scan Results
o Automated scans produced many false positives.
o Challenge: Distinguishing actual exploitable vulnerabilities.
o Solution: Used manual validation with tools like Metasploit and Burp Suite.
3. Web Exploitation Accuracy
o Initial SQLi and XSS payloads failed due to application security levels.
o Solution: Learned to modify payloads, switch DVWA security levels, and use Burp
for precise testing.
4. Server Hardening Conflicts
o Firewall rules initially blocked essential services.
o Challenge: Access to SSH was accidentally blocked.
o Solution: Whitelisted specific IPs and tested firewall rules incrementally.
5. Time Management
o Balancing multiple projects within four weeks was demanding.
o Solution: Followed weekly milestones strictly and maintained a log of activities.

6.4 Relevance to Real-World Cybersecurity Job Roles

The skills gained map directly to responsibilities in common cybersecurity positions:
 SOC Analyst / Security Engineer
o Monitoring systems, analyzing vulnerabilities, and responding to incidents.
o Tools like Nmap, OpenVAS, and log monitoring are widely used in SOC
environments.
 Penetration Tester / Ethical Hacker
o Conducting web application and infrastructure testing.
 o Skills with Burp Suite, SQLi/XSS exploitation, and report writing are core
requirements.
 System / DevSecOps Engineer
o Hardening servers, managing firewalls, and implementing security automation.
o CIS benchmark compliance and Fail2ban/Auditd configurations are part of
DevSecOps workflows.
 Consultant / Security Auditor
o Assessing client infrastructure, producing detailed reports, and giving remediation
advice.
o Documentation and presentation practice during the training mirrored real consultant
work.
Conclusion of this section: The training simulated realistic enterprise tasks, giving me skills that are
directly transferable to industry roles, improving my career readiness.
 Chapter – 7
Conclusion & Future Scope

7.1 Conclusion
The practical training at Infotact Solutions Pvt. Ltd. provided an invaluable opportunity to bridge
the gap between theoretical knowledge and practical application in the field of cybersecurity. Over
the course of the training, I was exposed to multiple dimensions of enterprise security, including
network vulnerability assessment, web application penetration testing, and Linux server
hardening.
Through these projects, I gained hands-on experience with industry-standard tools such as Nmap,
OpenVAS, Burp Suite, UFW, Fail2ban, and Auditd. More importantly, I learned how to
interpret results, validate vulnerabilities through proof-of-concept exploits, and create structured
reports with remediation recommendations.
The training also improved my problem-solving, analytical thinking, and documentation skills.
It helped me understand the importance of systematic approaches — from reconnaissance and
scanning to reporting and remediation. By simulating real enterprise projects, this program
strengthened my ability to handle the kind of responsibilities that cybersecurity professionals face
in real organizations.

7.2 Future Scope in Cybersecurity

Cybersecurity is a rapidly evolving field, with new threats emerging every day. The future scope of
learning and professional growth in this area is vast. Based on this training, the following areas
stand out as directions for further development:
1. Advanced Penetration Testing
o Expanding beyond SQLi and XSS into advanced exploitation techniques such as
insecure deserialization, server-side request forgery (SSRF), and privilege escalation
in complex environments.
2. Cloud Security
o As more organizations migrate to AWS, Azure, and Google Cloud, learning cloud-
native security tools, IAM policies, and compliance frameworks will be essential.
3. Security Automation & SOAR
o Automating incident detection and response using SIEM (e.g., Splunk, ELK) and
SOAR platforms can significantly improve efficiency.
 4. Incident Response & Digital Forensics
o Developing skills in log analysis, malware investigation, and forensic imaging to
respond to and investigate real security incidents.
5. Threat Intelligence & Red Teaming
o Understanding attacker TTPs (Tactics, Techniques, and Procedures) and practicing
red-teaming exercises to emulate advanced persistent threats (APTs).
6. Certifications & Continuous Learning
o Future learning goals may include certifications such as CEH, CompTIA
Security+, OSCP, CISSP, or cloud-specific credentials, which will further enhance
employability.

7.3 Personal Reflection

This training journey was both challenging and rewarding. Initially, I struggled with setting up tools
and understanding complex vulnerabilities, but through continuous effort, research, and practice, I
was able to overcome these hurdles. The sense of accomplishment when an exploit succeeded or
when a hardened server passed a CIS check was very motivating.
I also realized that cybersecurity is not just about technical skills, but also about mindset and
discipline. It requires curiosity to dig deeper, patience to troubleshoot issues, and persistence to
keep learning as threats evolve.
Overall, this experience has confirmed my passion for cybersecurity and inspired me to pursue it as
a long-term career. The knowledge and skills I have gained will serve as a strong foundation as I
step into the professional world, and I am determined to keep upgrading my expertise to stay ahead
in this dynamic field.
 Reference

 Nmap Project. (2024). Nmap: the Network Mapper – Free Security Scanner. Retrieved
from: [Link]
 Greenbone Networks. (2024). OpenVAS – Open Vulnerability Assessment Scanner.
Retrieved from: [Link]
 OWASP Foundation. (2024). OWASP Juice Shop Project. Retrieved from:
[Link]
 OWASP Foundation. (2021). OWASP Top Ten Web Application Security Risks – 2021.
Retrieved from: [Link]
 DVWA Project. (2024). Damn Vulnerable Web Application (DVWA). Retrieved from:
[Link]
 PortSwigger Ltd. (2024). Burp Suite Web Vulnerability Scanner. Retrieved from:
[Link]
 CIS (Center for Internet Security). (2023). CIS Benchmarks – Security Configuration
Guides. Retrieved from: [Link]
 Fail2ban Project. (2024). Fail2ban: Brute-force Protection for Linux Servers. Retrieved
from: [Link]
 Linux Audit Project. (2024). Auditd – Linux Auditing System. Retrieved from:
[Link]
 Kali Linux Project. (2024). Kali Linux Documentation. Retrieved from:
[Link]