VULNERABILITY ASSESMENT PENETRATION TESTING (VAPT)

What is the Vulnerability Assessment Penetration Testing (VAPT) ? 

A website vulnerability is a weakness or misconfiguration in a website or web application code that allows an attacker to gain some level of control of the site, and possibly the hosting server.

Especially for e-commerce or registration sites.

 

We test top 10 security vulnerabilities as per OWASP Top 10:

  • SQL Injection

  • Cross Site Scripting

  • Broken Authentication and Session Management

  • Insecure Direct Object References

  • Cross Site Request Forgery

  • Security Misconfiguration

  • Insecure Cryptographic Storage

  • Failure to restrict URL Access

  • Insufficient Transport Layer Protection

  • Unvalidated Redirects and Forwards

 

 

 

 

 

 

Company Network Vulnerability Testing

 

“I thought we have a firewall”?

75% cyber-attacks directed to web application layer (Gartner)

 

Discovery

  • Understanding the key services that is running within the organization’s network

  • Perform full external discovery scans on center

  • Note any exploitable services, etc. From each exploitable service, perform full internal scans of that network.

  • Identify architecture weakness or poorly configured devices that open such vulnerabilities

  • Run sniffers on that network to gather information/credentials/etc.

 

Intrusive

 

  • Confirm exploitation... by exploiting them.

  • Install a 'dummy' host on that network to download/upload malware.

1_0.jpg
CS1.jpg
Mobile Application Security Testing 

Mobile applications store and process a spectrum of critical information ranging from credit card data, Intellectual property to medical records. This sensitive information can easily be targeted by malicious attackers. Research suggests that there are nearly 12 million mobile devices in use with active vulnerabilities

59% of Android mobile applications and 42% of iOS apps exfiltrate data

60% of mobile applications are vulnerable to attacks

78% of mobile threats come from applications

 

Security Testing includes

  • Basic static and dynamic security testing

  • Mobile app reverse engineering and tampering

  • Assessing software protections

  • Protocol analysis done on communication protocols

  • Server test on mobile backend