VAPT - Vulnerability and Penetration Testing
Vulnerability is a weakness which allows an attacker to reduce a information assurance.
A weakness or lack of a safeguard that can be exploited by a threat, causing harm to the information systems or networks
Scanning Process :
- Port based scanning
- Penetration Testing
- Vulnerability Testing
- Application Testing
- Website Crawling
- Denial of Service
- Black Box / White Box / Grey Box Testing
Types of VAPT Testing
Black Box Testing: Using client web address to Identify the vulnerabilities and subsequently quantify the impact.
White Box testing: Using authentication and authorisation using client provided account/ access to assess the flaws.
Grey Box Testing: Gray-box testing is a combination of white-box testing and black-box testing.
What Can be Tested during VAPT?
- Application Testing
- Portal/URL Testing
- Mobile Apps
- Systems Testing
- Database Testing
- Network Testing
- Infrastructure testing
- Wireless Networks
- Telephone, IP Phones & VoIP
- Application Code Reviews
Threat: An event or activity that has the potential to cause harm to the information systems or networks
Vulnerability: A weakness or lack of a safeguard that can be exploited by a threat, causing harm to the information systems or networks
Risk: The potential for harm or loss to an information system or network; the probability that a threat will materialize
.