Vulnerability assessment & penetration testing is performed to evaluate the security risks in software/application in order to reduce the probability of the threats. Vulnerability assessment and Penetration testing are both security testing service that focus on identifying vulnerability in the network. We at Redaallco follow following methodology to achieve our VAPT goals.
Vulnerability assessment and Penetration test is important for security of the organization, in this process we locate and report the vulnerability, which provide a way to detect and resolve security problems before attacker exploit them. In this process operating system, application software and network are scanned in order to identify the occurrence of vulnerability, which include inappropriate software design, insecure authentication etc.
Step 1. Agreement: In this phase, we sign a mutual agreement with the party; the agreement covers high-level details- methods followed and the exploitation levels, a non-disclosure agreement we sign with the party before the test starts.
Step 2. Planning and reconnaissance In this phase, we gather as much information about the target as possible. The information can be IP addresses, domain details, mail servers, network topology, etc. An expert hacker spends most of the time in this phase, this help us with further phases of the attack.
Step 3. Scanning:
Host Based
Identifies the issues in the host or the system.
This process is carried out by using host-based scanners and diagnose the vulnerabilities.
The host-based tools will load a mediator software onto the target system; it will trace the event and report it to the security analyst.
Network-Based
It detects the open port, and identify the unknown services running on these ports. Then it discloses possible vulnerabilities associated with these services.
This process is done by using Network-based Scanners.
Database-Based
It identifies the security exposure in the database systems using tools and techniques to prevent from SQL Injections. (SQL Injections: - Injecting SQL statements into the database by the malicious users, which can read the sensitive data from a database and can update the data in the Database.)
Step 4. Vulnerability Analysis: Once our penetration test is complete, our final aim is to collect the evidence of the exploited vulnerabilities and report it to the executive management for review and action. Now, it is the management’s decision on how this risk must be addressed. Whether they want to accept the risk, transfer it or ignore it.
We define and classifying network or System resources.
Assign priority to the resource (Ex: - High, Medium, Low)
Identifying potential threats to each resource.
Develop a strategy to deal with the most prioritize problems first.
Define and implement ways to minimize the consequences if an attack occurs.
We make clear and comprehensively documented reports of vulnerabilities that discovered during the assessment. We provide following types of reports after the assessment to our client:
Technical Reports: Technical Report contains details of every identified vulnerability, and potential technical impact, exhibits and actionable remedies, and help organization patch the gaps identified.
Management Reports: Management Reports contains details of identified vulnerabilities, security level, along with the business impact of each vulnerability, which also contains executive summary along with findings conclusion and guidance.
Remediation Guidelines: We provide customize remediation guidance with complete audit programs, refineries and identification steps to follow for each loophole incidents for the future assaults.
