1. WHAT IS VAPT?
• Vulnerability assessment and penetration testing is a technique to
protect your organization against external and internal threats by
identifying the security threats. It is an on-demand activity and EGS
offers a broad range of network infrastructure, web application, and
mobile application security assessment services designed to detect
and gauge security vulnerabilities.
2. Why do you need VAPT?
• Considering the recent hacks
across the globe, it has become
imperative for companies to keep
their information secure. VAPT
helps in:
• Prevention from damage to an
organization’s reputation
• Fixing the issues caused by an
attack
• Preventing confidential data and
intellectual property from being
stolen
• Prevention of revenue loss due to
service disruption
3. What is Essential Terminology?
• Vulnerability :
The vulnerability refers to a weak point, loophole or a cause in any system or
network which can be helpful and utilized by the attackers to go through it. Any
vulnerability can be an entry point for them to reach the target.
• Exploit :
Exploit is a breach of security of a system through Vulnerabilities, Zero-Day
Attacks or any other hacking techniques.
• Payload :
The payload referrs to the actual section of information or data in a frame as
opposed to automatically generated metadata. In information security, Payload
is a section or part of a malicious and exploited code that causes the potentially
harmful activity and actions such as exploit, opening backdoors, and hijacking.
4. Essential Terminology :
• Daisy Chaining :
Daisy Chaining is a sequential process of several hacking or attacking
attempts to gain access to network or systems, one after another, using
the same information and the information obtained from the previous
attempt.
• Zero-day vulnerability:
A zero-day vulnerability, at its core, is a flaw. It is an unknown exploit
in the wild that exposes a vulnerability in software or hardware and
can create complicated problems well before anyone realizes
something is wrong. In fact, a zero-day exploit leaves NO opportunity
for detection ... at first.
5. What is the CIA Triad?
• The CIA triad is a model that shows the three
main goals needed to achieve information
security. While a wide variety of factors
determine the security situation of information
systems and networks. The assumption is that
there are some factors that will always be
important in information security. These factors
are the goals of the CIA triad, as follows:
• Confidentiality
• Integrity
• Availability
6. Confidentiality :
• We want to make sure that our secret and sensitive data is secure.
Confidentiality means that only authorized persons can work with
and see our infrastructure’s digital resources. It also implies that
unauthorized persons should not have any access to the data. There
are two types of data in general: data in motion as it moves across the
network and data at rest, when data is in any media storage (such as
servers, local hard drives, cloud). For data in motion, we need to
make sure data encryption before sending it over the network.
Another option we can use along with encryption is to use a separate
network for sensitive data. For data at rest, we can apply encryption
at storage media drive so that no one can read it in case of theft.
7. Integrity Availability
• We do not want our data to be
accessible or manipulated by
unauthorized persons. Data
integrity ensures that only
authorized parties can modify
data.
• It applies to systems and data. If
authorized persons cannot get
the data due to general network
failure or denial-of-service(DOS)
attack, then that is the problem
as long as the business is
concerned. It may also result in
loss of revenues or recording
some important results.
8. We can use the term “CIA” to remember these basic yet
most important security concepts.
9. 1. Information gathering (Scoping)
• Scoping is the primary step of any security assessment activity. In order to execute a VA or PenTest, the first
step is to identify the scope of the assessment in terms of infrastructure against which the assessment is to
be conducted, for example, servers,network devices, security devices, databases, and applications.
• This stage includes finding out information about the target system using both technical (WhoIS) and
nontechnical passive methods such as the search engine.
• This step is critical as it helps in getting a better picture of the target infrastructure and its resources. As the
timeline of the assessment is generally time bound, information captured during this phase helps in
streamlining the effort of testing in the right direction by using the right tools and approach applicable to
target systems.
• This step becomes more important for a Black box assessment where very limited information about the
target system is shared. Information gathering is followed by a more technical approach to map the target
network using utilities such as pings and Telnet and using port scanners such as NMAP. The use of such tools
would enable assessors to find a live host, open services, operating systems, and other information.
10. 2. Scanning
• This stage involves the actual scanning of the target infrastructure to identify existing
vulnerabilities of the system. This is done using Network scanners such as Nmap. Prior to
scanning, the tool should be configured optimally as per the target infrastructure
information captured during the initial phases.
• Care should alsobe taken that the tool is able to reach the target infrastructure by
allowing access through relevant intermediate systems such as firewalls.
• Such scanners perform protocol TCP, UDP, and ICMP scans to find open ports and
services running on the target machine and match them to well-known published
vulnerabilities updated regularly in the tool’s signature database if they exist in the target
infrastructure.
11. 3. Vulnerbility analysis
• Defining and classifying network or System resources.
• Assigning priority to the resource( Ex: - High, Medium, Low)
• Identifying potential threats to each resource.
• Developing a strategy to deal with the most prioritize problems
first.
• Defining and implementing ways to minimize the consequences if
an attack occurs.
12. Vulnerability Assessment
• Advantages of Vulnerability
Assessment
Open Source tools are available.
Identifies almost all vulnerabilities
Automated for Scanning.
Easy to run on a regular basis.
• Disadvantages of Vulnerability
Assessment
High false positive rate
Can easily detect by IDS Firewall.
Often fail to notice the latest
vulnerabilities.
13. 4. Vulnerability exploitation (Penetration Testing)
• Penetration Testing is the next step to Vulnerability Assessment aiming to
penetrate the target system based on
• Exploits available for the identified vulnerabilities. For exploitation, our own
knowledge or publicly available exploits of well-known vulnerabilities can be
utilized.
• Penetration Testing or Vulnerability Exploitation can be broadly divided into
phases such as pre exploitation, exploitation, and post exploitation.
• Activities in the pre-exploitation phase are explained in phases 1 to 4, that is,
enumerating the infrastructure and identifying the vulnerability.
• Once any vulnerability is exploited to gain access to the system, the attacker
should aim to further detail the network by sniffing traffic, mapping the internal
network, and trying to obtain a higher privilege account to gain the maximum
level of access to the system.
14. 5. Report generation
• After completing the assessment as per the scope of work, final
reporting needs to be done covering the following key areas:
• A brief introduction about the assessment
• The scope of assessment
• The management/executive summary
• A synopsis of findings with risk severity
• Details about each finding with their impact and your
recommendations to
• Fix the vulnerability with remediation.
15. Benefits of Penetration Testing
• Test network or system using the tools and techniques that attackers
use.
• Demonstrate at what depth vulnerabilities can be exploited.
• Validate vulnerabilities.
• Can provide the realism and evidence needed to address security
issue.
16. Weaknesses of Penetration Testing
• Labor intensive, require great expertise.
• Dangerous when conducted by inexperienced
• Tester. Revel source code to third party.
• Expensive.
• Some tools and methods may be banned by
• Agency regulation. Conducted in limited time period.
• If a service is not tested then there will be no information about its
security or insecurity.
17. Reasons for Vulnerability Existence
• Insecure coding practices
• Developer education not focused on security
• Limited testing budget and scope
• Disjoined security processes More resources outside than inside
• Misconfigurations Not updated.
18. Different Types of Vulnerabilities
• Missing data encryption
• OS command injection
• SQL injection
• Missing authentication for critical function
• Missing authorization
• Unrestricted upload of dangerous file types
• Reliance on untrusted inputs in a security decision
• Cross-site scripting and forgery
• Download of codes without integrity checks
• Use of broken algorithms
• URL redirection to untrusted sites
• Path traversal
• Bugs
• Weak passwords
• Software that is already infected with virus