Vulnerability Assessment & Penetration Testing
Every VAPT (Vulnerability Assessment & Penetration Test) is tailored to the application being tested.
Apart
from the standard security tests, we stress on the importance of tailor
building security tests considering customer requirements, industry
addressed by the customer and potential threats depending on the nature
of business and technology exposure.
Our Security Testing
including VAPT and consulting is based on the OWASP (Open Web
Application Security Project) Testing Methodologies and the OWASP
Testing Framework.
A usual audit we perform over 3000+ tests that
have been classified on the basis of type of vulnerabilities found.
Each active test is followed by several sub-tests as the case may be.
Our
team of security auditors, ethical hackers, infrastructure consultants
and software developers maintain an ethical, professional and value
oriented approach towards security audits and consulting.
Services Offered
- A comprehensive testing strategy developed by a senior CISSP/CISA professional with a proven track record.
- Complete coverage of OWASP Top 20 vulnerabilities checks for web and infrastructure applications.
- Complete coverage of OWASP Top 10 Mobile vulnerabilities for mobile applications
- Approximately 2 weeks of attempts to hack infrastructure, web and mobile applications with an array of tools by a team managed by a Certified Ethical Hacker.
- Infrastructure vulnerability checks with an array of tools to check various components including both hardware and software being used.
- Verification of business logic and devising tests around business logic.
- Rudimentary compliance checks against any one popular security standard
- Static and dynamic code analysis of source code used for vulnerabilities.
- Consulting on fixes from a purely security perspective to meet compliance and ensure that final tests pass without any major concerns raised by any test or tool.
- Setting up a best practices environment for continuous security auditing and VAPT services for future
- Report of all activities with recommendations for the future.
All
services are delivered with a combination of both professional and
commercial tools as well as popular open source tools. The exact
combination of tools are only decided after careful consideration and
understanding of customer requirements and environment.
We further classify the deliverables across these activities.
Information Gathering:
Use a series of tools and applications that would lay test bed for a
list of activities that could help a potential hacker access or break
into the system. We will simulate an environment to create a test bed
for a hacker.
Vulnerability Analysis: Vulnerability is a state or condition of being exposed to the possibility of being attacked or harmed
Web Application/API Analysis
These tools identify and access websites through the browser to check any bug or loophole present
Password, application and system vulnerabilities
We test each system from VMs, physical servers and containers to access both applications and infrastructure.
Wireless Attacks:
Use tools are wireless security crackers, like breaking wifi – routers, working and manipulating access points
Reverse Engineering
Reverse Engineering is to break down the layers of the applications or
software, and attempts will be made especially on mobile applications
Exploitation Tools
These tools are used to exploit different systems like personal
computers and mobile phones. These tools can generate payloads And
Backdoors.
Sniffing and Spoofing
Secretly
accessing any unauthorized data over the network is sniffing. Our team
will attempt to do the same with your network and point out flaws if
any. Once identified we will help you mitigate the shortcomings.
Social
Engineering vulnerabilities: As the name suggests these tools generate
similar services that people use in daily life and extract personal
information using those fake services. We can tell you how your web
application can be misused