Vulnerability Assessment and Penetration Testing are conducted to identify the security vulnerabilities and potential exploits that can cause an impact by unauthorized users ranging from financial or sensitive information leakage, user account take over or complete access to the target organizations environment.
Our team will share the pre-requisite documents which mentions all the scan requirements such as connectivity, IP whitelisting, user credentials to access the application etc. You will need to fill up these documents as per the applicable assessment and share the filled documents with the team to initiate the tests.
Our tests are always non-intrusive in nature. However, at the time of these assessments, a minimal amount of network traffic may be generated. Customers can always choose whether they like the scans to be initiated during the business hours or outside business hours.
The frequency of a Vulnerability Assessment or Penetration Test is determined as per the applicable industry security standards for an organization. It also depends upon the Risk Assessment results. However, as an industry best practice, it is recommended to perform these assessments at least once a year or upon a change in the environment.
Vulnerability assessments and/or penetration tests are typically performed using a combination of manual and automated techniques and technologies to identify vulnerabilities on servers, endpoints, web applications, wireless networks, network devices and mobile devices (depending on scope and goal of the engagement).
No, we will run the assessment and share the vulnerability report so that the respective teams can work on the remediation.
For VAPT various commercial and open source tools are used.
A detailed report will be provided outlining the scope of the environment which was tested, the methodology used and a detailed explanation of the vulnerabilities detected along with a Proof of Concept (POC). The report will also cover detailed illustrative and possible recommendations to remediate the vulnerability.
OWASP Top 10, SANS 25 NIST, PCI and all applicable industry standard security frameworks are the usual standard documents that are followed for VAPT.
The approximate time required for Penetration Testing considering a network of 50 systems is 5 Days and 1 Day for Penetration Test Reporting.
The approximate time required for Vulnerability Assessment considering a network of 50 systems is 2 Days and 1 Day for Vulnerability reporting.