NETWORK SECURITY

Why do i need VA & PT?

Globally, statistics show that more than 70 per cent of the applications either have vulnerabilities which could potentially be exploited by a hacker, or worse, they have already been exploited. The data losses due to this are typically of two types. Either the data is confidential to the organisation or it is private to an individual. Regardless of the category, data losses result in the loss of money or reputation.

​

What is Vulnerability Assessment or VA?

Network Vulnerability Assessment or VA in general is a systematic & proof of concept based approach to find loopholes in organisation's Network or IT infrastructure and help organisations to effectively manage the risks and secure their Infrastructure.

​

What is Penetration Testing or PT?

Penetration Testing, on the other hand, is going ‘one step further’ than the Vulnerability Assessment. Where the VA focuses on finding the obvious and hidden vulnerabilities, a penetration test will go ahead and try to confirm and establish the discovered vulnerability and evaluate the level of impact that vulnerability could pose if the vulnerability was to be exploited by a real-world adversary.

​

Our approach & Methodology on VA & PT.

​

​

​

​

​

​

​

​

​

​

​

​

​Our approach is based on both manual and automated checks on critical IT assets to access and rate the vulnerabilities and help our clients mitigate and manage the discovered issues.

Typically, Vulnerability Assessment is a non-intrusive process and we make sure that any VA we undertake will have a minimum impact on the organisation's IT infrastructure by throttling the tests in real-time to avoid any disruption in the normal business process.

Our careful approach in performing Penetration tests will help our clients to realise the impact of vulnerabilities. Generally, Penetration tests are noisy and can create some disruption, hence our fine-tuned approach & experience in performing penetration tests ensures that the client organisation will have little or no impact during the phase of penetration testing.

​

Intelligence Gathering

This phase of our network pentesting methodology consists of extensive information gathering, in-depth port scanning, services fingerprinting & enumeration, host and service discovery to get a full list of all the devices and to gain as much information as possible. The main goal here is to gain extensive information in line with the scope and map the possible entry points and enumerate attack vectors.

​

Threat modelling

The output of results from the intelligence gathering phase, forms the input in this phase. Here, the assets are categorised into threat categories and confirmed on the basis of manual testing methodologies and estimates of threats that the asset can have are evaluated.

​

Vulnerability Analysis

This phase involves analysis and documenting the discovered vulnerabilities, confirming their existence and performing further tests to confirm the existence of reported vulnerabilities.

​

Exploitation

The vulnerabilities from the previous stage that have been confirmed to exist are then put to test and analyze the extent that an attacker can abuse to cause harm to the business. It is the Penetration testing (PT) phase as we call it.

​

This phase includes testing of discovered issues not limited to - password auditing, SQL injection, Cross Site Scripting (XSS), Exploiting unpatched vulnerabilities, Bypassing Access controls, etc.