VA PT

Vulnerability Assessment and Penetration Test

Web Application

This assessment is designed to identify, quantify and prioritize vulnerabilities of a web application by validating and verifying the effectiveness of the application’s security controls.

Es.
- Web Portal (cms, custom website etc.)
- CRM, ERP, TTS

Network

The network pen-test provides suggestions to better protect sensitive data and prevent take-over of systems by identifying real-world opportunities that can compromise systems and networks.

Es.
- Public Subnet
- Private Subnet (LAN, DMZ, etc)

Black Box

In this assignment, there is no internal knowledge of the target system. Testers are not provided with any architecture diagrams or source code that is not publicly available. A black-box penetration test determines the vulnerabilities in a system that are exploitable from outside the network.

Grey Box

A grey-box test is made with the access and knowledge level of a user, potentially with elevated privileges on a system. Grey-box pen-testers typically have some knowledge of a network’s internals, potentially including design and architecture documentation as well as an account internal to the network.

White Box

During a white box test, pen-testers are given full access to source code, architecture documentation and so forth. The main challenge with white-box testing is sifting through the massive amount of data available to identify potential points of weakness.

HOW DOES IT WORK?
Activity Flow

- Definition of activities and scope
- Definition of the rules of engagement
- Project execution
- Reporting

Methodologies

- OWASP (Open Web Application Security Project)
- OSSTMM (Open Source Security Testing Methodology Manual)

Classification

- CVSS3 (Common Vulnerability Scoring System Version 3.0)