Project Id: - 508544

E Commerce Website of Genviss

A INTERNSHIP REPORT

Submitted by

Aryan Banawadi

210120107504

In partial fulfillment for the award of the degree of

BACHELOR OF ENGINEERING

In
Computer Engineering Department
Gandhinagar Institute of Technology
Gandhinagar

Gujarat Technological University, Ahmedabad

May, 2023-24
Project Id: - 508544

Gandhinagar Institute of Technology

Moti Bhoyan Road, Gandhinagar ,Gujarat
(Affiliated with GTU)

COMPUTER ENGINEERING DEPARTMENT

CERTIFICATE
This is to certify that the work of Project/Internship entitled “E Commerce Website of

Genviss” has been carried out by Aryan Banawadi (210120107504) under my guidance in

partial fulfilment for the degree of Bachelor of Engineering in Computer Engineering, 8th

Semester in the Gandhinagar Institute of Technology, Moti-Bhoyan, Gandhinagar, Gujarat,

during the academic year 2023-2024 and his/her work is satisfactory. This student has

successfully completed all the activity under my guidance related to Project/Internship for 8th

semester.

Internal Guide External Guide

Ms. Niral Jadav Mr. Amit Parmar

Head of the Department

Dr. Madhuri Chopade

I
Project Id: - 508544

II
Project Id: - 508544

Acknowledgement

I have taken efforts in this Internship/Project. However, it would not have been possible
without the kind support and help of many individuals and organizations. I would like to extend
my sincere thanks to all of them.
I am highly indebted to Ms. Niral Jadav (Internal Guide) & Mr. Amit Parmar (External
Guide) for their guidance and constant supervision as well as for providing necessary
information regarding the Internship. I take this opportunity to thank all my friends and
colleagues who started me out on the topic and provided extremely useful review feedback and
for their all-time support and help in each and every aspect of the course of my project
preparation. I am grateful to my college Gandhinagar Institute of Technology, for providing
me all required resources and good working environment.
I would like to express my gratitude towards Head of Department, Dr. Madhuri Chopade
for her kind co-operation and encouragement which help me in this Internship.

Thank You
Aryan Banawadi

III
Project Id: - 508544

IV
Project Id: - 508544

Gandhinagar Institute of Technology

Moti Bhoyan Road, Gandhinagar ,Gujarat
(Affiliated with GTU)

DECLARATION

We hereby declare that the Internship report submitted along with the Internship entitled E-
Commerce Website of Genviss submitted in partial fulfillment for the degree of Bachelor of
Engineering in Computer Engineering to Gujarat Technological University, Ahmedabad, is a
bonafide record of original project work carried out by me at Weborion Innovation Pvt Ltd under
the supervision of Mr. Amit Parmar(External) / Ms. Niral Jadav (Internal) and that no part of
this report has been directly copied from any students’ reports or taken from any other source,
without providing due reference.

Name of the Student Sign of Student

Aryan Banawadi

V
Project Id: - 508544

Internship Content

Title Page I

Certificates(College) II

Certificates(Company) III

Acknowledgement IV

Declaration V

Content VI

List of Figures VII

List of Table VIII

1 Introduction 1

1.1 Internship Summary /Introduction of Company 1

1.2 Aim and Objectives 1

1.3 Organization Intro 1

2 Introduction to Internship 2

2.1 Internship Summary 2

2.2 Purpose & Objective 2

2.3 Tools & Technologies and Language Intro 3

2.4 Internship Planning 6

3 Internship Implementation 7

3.1 Weekly Task 7

3.2 Flowchart / Pseudo code of the task 9

3.3 Roles & Responsibilities 9

3.4 Internship Scheduling (Gantt Chart/PERT/Network Chart) 10

4 Design 11

4.1 System Flow Diagram 11

4.2 Data Dictionary 12

4.3 User Interface 15

VI
Project Id: - 508544

5 Testing 17

5.1 Testing Plan/Strategy 17

5.2 Test Results and Analysis 18

6 Outcomes 20

6.1 Results & Screenshots 20

7 Conclusion & Discussion 29

Conclusion
7.1 29
Summary of Internship Work
7.2 29
Problem Encountered and Possible Solutions
7.3 29
Dates of Continuous Evaluation (CE-I and CE-II)
7.4 29
Limitation & Future Work
7.5 30
References
8 31
31
Bibliography (Include only website links or book name magazine name)

VII
Project Id: - 508544

Fig. Description Page

No. No.
4.1 Working of PHP 11
4.2 Entity Relationship Diagrams 12
4.3 Vulnerability Checking Interface 15
4.4 Vulnerability Checking Processing Interface 15
4.5 Security Fixing File Inclusion Vulnerabilities 16
6.1 Homepage 20
6.2 Getting Started Page 21
6.3 Tools and Security Scanner 21
6.4 Vulnerability Check 22
6.5 Flex Box 22
6.6 Homepage of Genviss 22
6.7 Welcome and Intro. Page 23
6.8 Intro. Page details 23
6.9 Images in rotation or marquee and footer 24
6.10 About us Part 24
6.11 About us Detail Part 25
6.12 Details of Website putting as per client requirements and 25
given content
6.13 Images as per Client requirements added as given by them 26
6.14 Our Services Part 26
6.15 Our Services Content 27
6.16 Our Services Range of Spares Content 27
6.17 About us Section Hover Effect 28
6.18 Products Section Hover Effect 28

VIII
Project Id: - 508544

Chapter 1 Introduction

1.1 Internship Summary /Introduction of Company

• Weborion is committed to helping businesses of all sizes secure By Doing Penetration

Testing. We have a proven track record of delivering Best Results and analysis that
meet the needs of our clients. If you are looking to make your company’s website,
apps, and cloud to be Secured You Should definitely choose Weborion.

• We are proud of the role we have played in the success of many brands, businesses,
and corporations. Our clients’ satisfaction is a testament to the quality of service we
provide, and it reflects our dedication to excellence.

• We specialize in Testing Websites, Apps, Cloud, API etc.

1.2 Aim and Objectives

1. Enhancing Cybersecurity Posture: The primary aim is to enhance the

cybersecurity posture of client organizations through robust assessment, consultation,
and implementation of effective security measures.

2. Mitigating Risks: To identify, assess, and mitigate cybersecurity risks proactively,

ensuring the protection of sensitive data, critical infrastructure, and intellectual
property.

3. Empowering Clients: Empower clients with the knowledge and tools necessary
to understand, manage, and respond to evolving cybersecurity threats effectively.

4. Building Trust: Establish and maintain trust with clients by providing reliable,
transparent, and tailored cybersecurity solutions aligned with their business
objectives.

5. Continuous Improvement: Pursue continuous improvement through research,

innovation, and adaptation to emerging cyber threats and industry best practices.

1.3 Organization Intro

• Web OrionTM Innovation Pvt Ltd– Trusted brand since 2012 for Cyber Security
Services.

• We assist firms in protecting their websites, networks, and mobile apps by performing
extensive penetration testing.

• Our team is OSCP, CISSP, MILE2 CPTE, CEH, and APISEC certified, so all security
tests are performed in accordance with OWASP and CREST standards.

1
Project Id: - 508544

Chapter 2 Introduction to Internship

2.1 Internship Summary

• The Cyber Security Consultancy System This project offers a comprehensive

cybersecurity assessment for your organization.

• Our team of experts will meticulously examine your web applications, APIs, apps,
and cloud environments to identify and prioritize potential security weaknesses. This
cybersecurity assessment project from Weborion offers a powerful solution to bolster
your organization's defenses.

• The system provides a basic website vulnerability scanner which scans the website
from the given domain or Ip and then does a basic vulnerability assessment and
provides a report which indicates the details about vulnerability and give grade to the
website according to severity.

2.2 Purpose & Objective

As a leading cybersecurity consultancy, we specialize in providing comprehensive testing
services to ensure the security and resilience of our clients' web applications, mobile apps,
cloud environments, and APIs. Our scope of services encompasses a wide range of
assessments and testing methodologies designed to identify vulnerabilities and mitigate
potential risks.

• Web Application Testing:

Our web application testing services aim to uncover security flaws and vulnerabilities that
could compromise the confidentiality, integrity, and availability of web-based systems.
We employ industry-standard techniques such as Dynamic Application Security Testing
(DAST), Static Application Security Testing (SAST), and manual penetration testing to
thoroughly evaluate the security posture of web applications. Our testing covers areas
such as input validation, authentication and authorization mechanisms, session
management, data protection, and compliance with security standards like the OWASP
Top 10.

• Mobile Application Testing:

With the increasing adoption of mobile devices and the growing reliance on mobile
applications, ensuring their security is crucial. Our mobile application testing services
cover both iOS and Android platforms, addressing potential vulnerabilities in the
application code, data storage, communication channels, and integration with backend
systems. We utilize advanced tools and techniques, including static code analysis,
dynamic analysis, and manual testing, to identify risks such as insecure data storage,
improper authentication, and insecure communication.

• Cloud Security Testing:

As organizations migrate to cloud environments, it is essential to ensure the security of
their cloud infrastructure and services. Our cloud security testing services cover popular
cloud platforms, including Amazon Web Services (AWS), Microsoft Azure, and Google

2
Project Id: - 508544

Cloud Platform (GCP). We assess the security configurations, access controls, data
protection measures, and compliance with industry-specific regulations and standards.
Our testing methodologies include vulnerability scanning, penetration testing, and
configuration reviews to identify potential weaknesses and provide recommendations for
hardening cloud environments.

• API Security Testing:

APIs (Application Programming Interfaces) are critical components in modern software
architectures, enabling integration and data exchange between different systems. Our API
security testing services focus on identifying vulnerabilities in API endpoints,
authentication and authorization mechanisms, data validation, and protection against
common API-specific attacks such as parameter tampering, injection flaws, and excessive
data exposure. We employ a combination of automated tools and manual testing
techniques to thoroughly assess the security of APIs.

• Our testing services are tailored to meet the unique requirements of each client, taking
into account their specific industry, regulatory landscape, and risk profile. We follow
industry best practices and leverage cutting-edge tools and methodologies to ensure
comprehensive and accurate assessments.

• Throughout the engagement, our team of highly skilled and certified security
professionals works closely with clients, providing regular updates, detailed reports,
and actionable recommendations. We prioritize identified vulnerabilities based on
their severity and potential impact, enabling clients to make informed decisions and
implement effective remediation strategies.

• By partnering with our cybersecurity consultancy, clients can gain confidence in the
security of their web applications, mobile apps, cloud environments, and APIs,
ultimately protecting their critical assets, data, and reputation from cyber threats.

2.3 Tools & Technologies and Language Intro

As a cybersecurity consultancy firm, we stay abreast of the latest technologies, industry best
practices, and research in the field of cybersecurity. Our technical and literature review
encompasses a wide range of resources, including industry standards, frameworks, research
papers, and cutting-edge tools and methodologies.

Technical Review:

1. Web Application Security:

- OWASP Top 10 Web Application Security Risks

- OWASP Web Security Testing Guide

- OWASP Application Security Verification Standard (ASVS)

- Web Application Penetration Testing Methodologies (WAPT)

3
Project Id: - 508544

2. Mobile Application Security:

- OWASP Mobile Security Testing Guide (MSTG)

- OWASP Mobile Application Security Verification Standard (MASVS)

- NIST Mobile Threat Catalogue

- Mobile Application Reverse Engineering (MARE) techniques

3. Cloud Security:

- Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM)

- NIST Cloud Computing Security Reference Architecture

- CIS Benchmarks for Cloud Service Providers

- Cloud Service Provider-specific security best practices (e.g., AWS, Azure, GCP)

4. API Security:

- OWASP API Security Project

- OWASP API Security Top 10

- NIST API Security Guidelines

- API Penetration Testing Methodologies (APIT)

5. General Cybersecurity:

- NIST Cybersecurity Framework

- MITRE ATT&CK Framework

- ISO/IEC 27001 Information Security Management System

- PCI DSS (Payment Card Industry Data Security Standard)

6. Vulnerability Management:

- Common Vulnerabilities and Exposures (CVE)

- Common Vulnerability Scoring System (CVSS)

- Vulnerability Management Lifecycle processes

4
Project Id: - 508544

7. Penetration Testing Tools:

- Web Application Scanners (e.g., OWASP ZAP, Burp Suite)

- Network Vulnerability Scanners (e.g., Nessus, OpenVAS)

- Exploitation Frameworks (e.g., Metasploit, Immunity Canvas)

- Password Cracking Tools (e.g., Hash cat, John the Ripper)

Literature Review:

1. Research Papers and Whitepapers:

- Academic research papers from reputable cybersecurity conferences and journals

- Industry whitepapers from leading cybersecurity vendors and organizations

2. Blogs and Newsletters:

- Cybersecurity blogs and newsletters from trusted sources (e.g., SANS, OWASP,
NIST)

- Vendor-specific security blogs and advisories

3. Threat Intelligence Reports:

- Cybersecurity threat reports from organizations like MITRE, FireEye, and

Mandiant

- Industry-specific threat intelligence reports

4. Regulatory and Compliance Resources:

- Regulatory requirements and guidelines (e.g., GDPR, HIPAA, PCI DSS)

- Industry-specific compliance standards and frameworks

5. Cybersecurity Conferences and Events:

- Presentations and proceedings from leading cybersecurity conferences (e.g., RSA,

Black Hat, DEF CON)

- Webinars and online events hosted by cybersecurity experts and organizations

5
Project Id: - 508544

Our team of cybersecurity professionals continuously monitors these resources, staying up-
to-date with the latest developments, emerging threats, and best practices in the field. We
incorporate this knowledge into our testing methodologies, tools, and techniques to provide
our clients with the most comprehensive and effective cybersecurity solutions.

By conducting thorough technical and literature reviews, we ensure that our services align
with industry standards, leverage cutting-edge technologies, and address the most relevant
cybersecurity challenges faced by our clients.

2.4 Internship Planning

The entire internship was planned by the company. On the first day, they gave a basic
introduction
to the company and guidelines about procedures followed in the company. After that, we
were
allocated our desks. With each phase of training, they communicated goals and learning
objectives.
An expert trainer was assigned in each phase for our task review.

6
Project Id: - 508544

Chapter 3 Internship Implementation

3.1 Weekly Task

Week: 1
1. In Last one week we have learned about various HTML & CSS properties like Hover
effect, Flex Properties, Margin padding, Flex Box, Href (Hyperlink Reference).
2. And I have implemented it on my website. we could able to develop Header & Footer with
using above properties for one of our Company's clients’ websites
3. we have even learned about VAPT Concept, pen testing & Bug Bounty Concepts
4. we have even done research on particular topics and created the cyber–Security Related
Blogs

Week: 2
1. In Last one week we have researched on various cyber–Security Related Topics to get
familiar with this field.
2. we have researched and created daily blogs & post accordingly as on given task for daily
task's
3. we have created white paper & Case Study accordingly for on trending or an attack which
is done on it.
4. we have learned various bug Bounty topics & performed online Labs

Week: 3
1. In Last one week we have done white paper on "key challenges of big data in enhancing
cyber-Security"
2. we have done group discussion on "IoT Security" we have done the case study on topic of
enhancing cybersecurity in web 3
3. And as per client Requirements we have been working developing website for using only
HTML & CSS only.

Week: 4
1. In Last one week we have done group discussion on for topic for "Integrating AI in Cyber
Security".
2. we have been working on developing site and we have been using various hyper-link and
header- footer on website to Redirect properly & the user view is better for resolution and
Compatible on all devices.
3. we have done Case Study on "Dark web"
4. we have Created various Blogs & Social media post as according to task for our research
on Cyber security

Week: 5
1. we have done developing of website on HTML & CSS using various div, wrapper class
and various another element on to it
2. we have deleted various script accordingly in website given by client to add by adding
plugins, on jQuery and main java Script into it.
3. we have added images according as given by client.
4. we have learned various Bug Bounty topics like URL Redirection, HTML Injection,
various SQL Injection Bug Bounty topics, Parameter Tampering, Like File Inclusion
Injection, Command Injection.

7
Project Id: - 508544

Week: 6
1. In week 6 we have done the group discussion on particular given topic
2. we have learned about many new elements and tags of HTML and CSS weed on our given
client project of jQuery.
3. we have even learned about many new topics of cyber-Security
Week: 7
1. We have worked upon same project of Genviss website and now we have to add up more
Content and images as given by our guide and client
2. we have used HTML & CSS in Genviss.
3. we have and Images new blogs and social media post and other purposes self- development

Week: 8
we have learned about many new topics of Cyber Security like:

1. Cross - Site Scripting

2. SAML exploitation
3. Android exploitation
4. XML external entity injection

we have done blogs of min. 2000 words and social medias post as on daily purpose work.

Week: 9
1. we get to know about new topics on Cyber Security and worked upon the Genviss website.
2. we get to know about how on Government Organization works for a Cyber Crime and
How do they help an Individual

Week; 10
1. We made some changes on Genviss website for the week and get to know from client
about those changes made on the website in it.
2. We get to know about End point protection technology.
3. And E-mail Security privacy and Anonymity.

Week: 11
1. Now by doing the final changes on website we have finalized the site and sent the same to
client by getting approval from external guide for the same.
2. We get to know about Group Discussion on any topic upskilling of one-self from anytime.

Week: 12
1. We get to know about Blogging on any kind of topic, group discussion as per company we
have to build our portfolio and present oneself to them as per their requirement.
2. Creating each Resume giving interview in such a way to give knowledge towards as per
requirement and as per our knowledge towards one or that domain into it.

8
Project Id: - 508544

3.2 Flowchart / Pseudo code of the task

Non-Disclosure Agreement (NDA) (1)

|
Secure Access to Your Product (2)
|
Rigorous Testing Methodology (3)
|
Secure Report Generation (4)
|
Post-Testing Recheck (5)
|
Vulnerability Disclosure (6)
|
Maintenance and Support (indefinite)
3.3 Roles & Responsibilities

1. Learning and Development: Actively participating in training programs, workshops, and

self-study to acquire foundational knowledge and skills in cybersecurity principles, practices,
and tools.
2. Vulnerability Assessment: Assisting in conducting vulnerability assessments and scans
using automated tools and manual techniques to identify security weaknesses in systems,
networks, and applications.
3. Penetration Testing: Supporting senior penetration testers in conducting penetration tests,
including reconnaissance, exploitation, post-exploitation, and reporting, while adhering to
ethical standards and client requirements.
4. Documentation and Reporting: Documenting findings, observations, and
recommendations in clear and concise reports, including vulnerability assessment reports,
penetration test reports, and incident response summaries.
5. Security Tool Management: Assisting in the management and maintenance of security
tools and technologies, including security information and event management (SIEM)
systems, intrusion detection/prevention systems (IDS/IPS), and endpoint security solutions.
6. Collaboration and Communication: Collaborating with cross-functional teams, such as
IT, development, and compliance, to address security issues, share knowledge, and promote a
culture of security awareness and collaboration.
7. Research and Innovation: Staying updated on the latest cybersecurity trends, threats, and
technologies through independent research, industry publications, and participation in
cybersecurity communities and forums.

9
Project Id: - 508544

3.4 Internship Scheduling (Gantt Chart/PERT/Network Chart)

1. Getting Confidential Agreement of Access to Product (NDA)
2. Planning
3. Testing
4. Report Generation
5. Rechecking
6. Disclosing Vulnerabilities

Non-Disclosure Agreement (NDA) (1)

|
Secure Access to Your Product (2)
|
Rigorous Testing Methodology (3)
|
Secure Report Generation (4)
|
Post-Testing Recheck (5)
|
Vulnerability Disclosure (6)
|
Maintenance and Support (indefinite)

10
Project Id: - 508544

Chapter 4 Design

4.1 System Flow Diagram

Module I: New User

The new user has to register in order to login for the first time. Then he can use the service
of scanner and crawler and shows the vulnerable pages of scanned websites and also know
the types of vulnerabilities.
Module II: Existing User
In this Section user can only login the page and after that they are able to use these
services of security issues of the particular websites.

Module III: Admin

Basically, work of admin is to manage the database as well as users’ problem. Admin has
the full privilege to see any users profile and can make any changes. Admin can also delete
user.

Logical Design: The most creative and challenging phase of the system life cycle is
system design. The term design describes a final system and the process by which it is
developed. It refers to the technical specifications that will be applied in implementing the
proposed system. It also includes the construction of program and designing of output,
input, code, database and process of the system

Fig. 4.1 Working of PHP

11
Project Id: - 508544

Fig. 4.2 Entity Relationship Diagrams

4.2 Data Dictionary

1. User:

o Username

o Email

o Password
2. Vulnerabilities:
o Id

o Name

o Description

o Solution

12
Project Id: - 508544

o Priority

o Priority Num

3. Tests:
o Id

o Status

o numUrlsFound

o Type

o Num_requests_send

o Start_timestamp

o Finish_timestamp

o Scan_finished

o Url

o Username

o Urls_found

4. Test_results:
o Test_id

o Type

o Method

o Url

o Attack_str

13
Project Id: - 508544

1.Key Data Entities

1. Client/Organization
- Accounts and contacts
- Client environments and assets
- Requirements and test scopes

2. Project
- Test plan and scope definition
- Scheduling and consultant allocation
- Tools and configurations used

3. Finding
- Vulnerability details and root cause
- Severity, scoring, and prioritization
- Code samples and reproduce steps
- Impacted components and attack flow
- Remediation guidance and retest status
4. Asset/Component
- Application metadata and configurations
- Component inventory across web/mobile/APIs/cloud
- Data flows, trust boundaries, user roles
5. Evidence
- Screenshots and screen recordings
- Traffic captures and proxy logs
- Code snippets and analysis artifacts
6. Testing Tools and Plugins
- Vuln scanner plugins and rules
- Test script templates and workflows
- Scan configurations and policies
7. Reporting
- Finding management workflow
- Report templates and structure
- Metrics and risk scoring calculations

14
Project Id: - 508544

4.3 User Interface

Fig. 4.3 Vulnerability Checking Interface

Fig. 4.4 Vulnerability Checking Processing Interface

15
Project Id: - 508544

Fig. 4.5 Security Fixing File Inclusion Vulnerabilities

16
Project Id: - 508544

Chapter 5 Testing

5.1 Testing Plan/Strategy

Single User vs. Multiuser:

Single User:
● Definition:
● The system supports one user at a time, typically suitable for personal or small-scale
events.
● Implications:
● Simplified data management and reduced complexity.
● Limited concurrency control requirements.
● Suitable for standalone, single-administrator scenarios.

Multiuser:
● Definition:
● The system accommodates multiple users simultaneously, essential for larger events
with multiple participants, organizers, and administrators.
● Implications:
● Requires robust concurrency control and transaction management to maintain data
integrity and consistency.
● Enables collaborative features and real-time interactions among users.
● Supports scalable growth and increased user engagement.

GUI vs. Non-GUI:

GUI (Graphical User Interface):

● Definition:
● The system features a visual interface with graphical elements like buttons, menus,
and icons for user interaction.
● Implications:
● Enhances user experience with intuitive, interactive interfaces for tasks such as
ticket purchasing, event management, and prize allocation.
● Requires frontend development expertise and frameworks to design responsive,
user-friendly interfaces.
Appeals to users who prefer visual interactions and a more engaging experience.

17
Project Id: - 508544

5.2 Test Results and Analysis

Designing a raffle ticket system involves defining the processes, programs, technologies, and
modules that will be used to build and operate the system effectively. Below is a detailed
specification for each of these components tailored for a raffle ticket system:

1. Process Specification:

● Getting Confidential Agreement of Access to Product (NDA)

● Planning

● Testing

● Report Generation

● Rechecking

● Disclosing Vulnerabilities

Stage l: Non-Disclosure Agreement (NDA)

Before commencing any project, we establish a strong foundation of trust by signing a

mutual Non-Disclosure Agreement (NDA). This legally binding agreement protects
your confidential information, including product details, intellectual property, and test
results The NDA outlines what information is considered confidential, the restrictions
on its use and disclosure, and the remedies for potential breaches.

Stage 2: Secure Access to Your Product

We understand the sensitivity of granting access to your product for testing purposes.
We offer several secure options to accommodate your preferences
● Direct Access: If you're comfortable, you can provide us with direct access to your product
environment. We will utilize secure remote access tools and adhere to least privilege
principles, minimizing the access granted to our team for testing.
● Sandbox Environment: We can work within a dedicated sandbox environment that
replicates your product's functionality. This isolated environment protects your production
environment from any potential vulnerabilities discovered during testing. You would
provide sanitized data sets for testing within the sandbox.

18
Project Id: - 508544

Stage 3: Rigorous Testing Methodology

Our team of experienced security consultants employs a comprehensive testing methodology

to identify vulnerabilities across your product. This may include

● Security Risk Assessments: We assess your product's security posture, identifying

potential weaknesses and attack vectors.
● Penetration Testing: We simulate real-world cyberattacks to exploit vulnerabilities and
discover exploitable weaknesses.
● Vulnerability Scanning: We utilize automated tools to scan your product for known
vulnerabilities in code libraries and dependencies.

Stage 4: Secure Report Generation

● Test findings are documented in a detailed report that outlines identified vulnerabilities,
their severity levels, and potential remediation steps.
● This report is securely delivered to you through a designated communication channel,
ensuring confidentiality
Stage 5: Post-Testing Recheck and Vulnerability Disclosure

● We conduct a thorough recheck of reported vulnerabilities to ensure accuracy.

● Once the report is finalized, we schedule a detailed walkthrough with your team to discuss
the findings and prioritize remediation actions based on severity and risk.
● Vulnerabilities are disclosed only to authorized personnel within your organization
through the agreed-upon communication channels. We never disclose vulnerabilities
publicly without your explicit consent.

19
Project Id: - 508544

Chapter 6 Outcomes

6.1 Results & Screenshots

Fig. 6.1 Homepage

20
Project Id: - 508544

Fig. 6.2 Getting Started Page

Fig. 6.3 Tools and Security Scanner

21
Project Id: - 508544

Fig. 6.4 Vulnerability Check

Fig. 6.5 Flex Box

Fig. 6.6 Homepage of Genviss

22
Project Id: - 508544

Fig. 6.7 Welcome and Intro. Page

Fig. 6.8 Intro. Page details

23
Project Id: - 508544

Fig. 6.9 Images in rotation or marquee and footer

Fig. 6.10 About us Part

24
Project Id: - 508544

Fig. 6.11 About us Detail Part

Fig. 6.12 Details of Website putting as per client requirements and given content

25
Project Id: - 508544

Fig. 6.13 Images as per Client requirements added as given by them

Fig. 6.14 Our Services Part

26
Project Id: - 508544

Fig. 6.15 Our Services Content

Fig. 6.16 Our Services Range of Spares Content

27
Project Id: - 508544

Fig. 6.17 About us Section Hover Effect

Fig. 6.18 Products Section Hover Effect

28
Project Id: - 508544

Chapter 7 Conclusion & Discussion

7.1 Conclusion

In conclusion, the 13-week internship has been a transformative journey of learning and growth.
Through hands-on experience, collaboration with peers, and guidance from mentors, I have
honed my skills in Cyber Security & Penetration Testing and gained valuable insights into the
industry.

I am grateful for the opportunities to work on real-world projects, overcome challenges, and
receive constructive feedback that has allowed me to continuously improve. This internship has
not only expanded my technical proficiency but also enhanced my communication, problem-
solving, and time management abilities.

As I reflect on this experience, I am filled with confidence and excitement for the future,
knowing that the knowledge and skills acquired during this internship will serve as a solid
foundation for my career in Cyber Security & Penetration Testing.

7.2 Summary of Internship Work

Through our thorough website scanning solutions, we've become a trusted partner in securing the
online presence of organizations across industries. Our team's deep expertise, advanced
methodologies, and commitment to delivering tailored cybersecurity strategies have allowed
clients to operate with confidence, knowing their web assets are protected from ever-evolving
cyber threats.

As we look ahead, our dedication to continuous improvement and innovation will ensure we
remain at the forefront of this critical domain.

7.3 Problem Encountered and Possible Solutions

I had the opportunity to work on a real -world internship project and gain practical experience in
the field of software engineering. Throughout the project, I encountered various challenges and
obstacles that required creative problem -solving skills, designing and critical thinking.
One common problem encountered is the lack of clear communication between designers and
developers, leading to discrepancies between the intended design and its implementation. This
can result in inconsistencies in layout, styling, and functionality, impacting the overall user
experience.

7.4 Dates of Continuous Evolution

1. Continuous Evaluation 1: 20-01-2024

2. Continuous Evaluation 2: 24-02-2024
3. Continuous Evaluation 3: 23-03-2024
4. Continuous Evaluation 4: 13-04-2024

29
Project Id: - 508544

7.5 Limitation & Future Work

7.5.1 Limitation & Future Work of Genviss Website

Current limitations are the unavailability of favorites (for user to bookmark selected Products),
and few more such as more products available from same categories options.
For Future Work we plan to add the user chat bot and we will add WhatsApp notification and
support inquiry which we were unable to add due to time constraints. Addressing these
limitations and focusing on future improvements can help ensure the success and competitiveness
of the e-commerce shopping website in the long term.

7.5.2 Future Work for Cyber Security

The cybersecurity landscape is rapidly transforming, necessitating adaptability and a forward-
thinking approach. We recognize the immense potential of artificial intelligence (AI) and
machine learning in enhancing our website scanning capabilities. By integrating these cutting-
edge technologies, we aim to achieve unprecedented levels of vulnerability detection, enabling us
to proactively identify and mitigate risks before they can be exploited. Complementing our AI
initiatives, we are also investing in advanced automation tools to streamline and fortify our
processes, ensuring real-time monitoring, and instantaneous response to emerging threats
targeting our clients' web assets.

While website security remains our core strength, we are actively exploring opportunities to
broaden our service offerings. As businesses increasingly embrace cloud computing and mobile
technologies, we recognize the critical need for comprehensive cybersecurity solutions that
address these evolving landscapes. Our future roadmap includes developing specialized expertise
in cloud security, mobile application security testing, and securing Internet of Things (IoT)
deployments. By expanding our capabilities, we aim to provide our clients with a holistic
approach to cybersecurity, safeguarding their entire digital ecosystem.

30
Project Id: - 508544

Chapter 8 References

8.1 Bibliography

● Books for Beginners:

1. Ethical Hacking: A Hands-On Introduction to Breaking in

2. The Pen tester Blueprint: Starting a Career as an Ethical Hacker
3. Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities
4. Hands on Hacking: Become an Expert at Next Gen Penetration Testing and Purple
Teaming
5. Real-World Bug Hunting: A Field Guide to Web Hacking
6. CEH Certified Ethical Hacker All-in-One Exam Guide, Fifth Edition
7. Getting Started Becoming a Master Hacker: Hacking is the Most Important Skill Set of
the 21st Century
8. Hardware Hacking Handbook, The: Breaking Embedded Security with Hardware Attacks
9. Gray Hat Hacking: The Ethical Hacker’s Handbook

● Books for Intermediate:

1. Practical IoT Hacking: The Definitive Guide to Attacking the Internet of Things
2. Black Hat Python, 2nd Edition: Python Programming for Hackers and Pen testers
3. RTFM: Red Team Field Manual v2

● Books for Advanced:

1. Hacking APIs: Breaking Web Application Programming Interfaces

2. Hacking Connected Cars: Tactics, Techniques, and Procedures

● Websites:

1. https://techapprise.com/cybersecurity/hacking-learning-websites/
2. Hack a Day
3. https://www.programmingoverloaded.com/best-free-websites-to-learn-ethical-
hacking/
4. Hacking Loops
5. HackInTheBox
6. 13 Best Ethical Hacking Courses Online in 2024 [Free + Paid] (hackr.io)

31