What is VAPT?
Vulnerability assessment and penetration testing are both security testing activity that focuses on identifying the weakness in the network, server, network infrastructure and applications.
ISO 9001:2015
Penetration Test:-
PEN testing is a security testing in which assessors mimic real-world attacks to identify methods for circumventing the security features of an application, system or Network.
PEN Test Phases:-
1.Planning
2.Discovery
3.Attack
4.Reporting
Approches of PEN Test:-
1. Internal Vs External
2.Web and Mobile application assessments
3.Social Engineering
4.Wireless Network , Embedded Device & IOT
5.ICS Penetration
Security Assessement:-
Web app penetration Testing:-
Web application penetration testing involves a methodological series of steps aimed at gathering information about the target system, finding vulnerabilities or faults in them, researching for exploits that will succeed against those faults or vulnerabilities and compromise the web application.
Secure code review:-
Secure Code Review is a process which identifies the insecure piece of code which may cause a potential vulnerability in a later stage of the software development process, ultimately leading to an insecure application. Different studies and surveys shows that approximately 75% of attacks happen due to an insecure application, inside which includes insecure code. This way, it becomes a very essential part of SDLC which should be performed rigorously.
Application code audit:-
A code audit is a comprehensive analysis of source code in a programming project with the intent of discovering bugs, security breaches or violations of programming conventions. It is an integral part of the defensive programming paradigm, which attempts to reduce errors before the software is released.
Minimum base line document:-
Minimum Security Baselines are standards for all systems in network, ensuring that they meet a set of minimum requirements in order to avoid putting entire network at risk. These baselines will allow organizations to deploy systems in an efficient and standardized manner.
Vulnerability Assessment and penetration Testing:-
Vulnerability Assessment and Penetration Testing (VAPT) are both security services that focus on identifying vulnerabilities in your infrastructure. VA and PT differ from each other in two aspects. A vulnerability assessment is a systematic review of security weaknesses in an information system. It evaluates if the system is susceptible to any known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends remediation or mitigation, if and whenever needed. A penetration test, also known as a pen test, is a simulated cyber attack against your computer system to check for exploitable vulnerabilities. Insights provided by the penetration test can be used to fine-tune your WAF security policies and patch detected vulnerabilities.
Configuration Review:-
Secure configuration refers to security measures that are implemented when building and installing computers and network devices in order to reduce unnecessary cyber vulnerabilities.
Infrastructure Penetration Testing:-
Infrastructure penetration testing includes all internal computer systems, associated external devices, internet networking, cloud and virtualization testing.