Vulnerability assessment and penetration testing (VAPT) by Ujjwal Sahay

Vulnerability Assessment And Penetration Testing (VAPT) BY Ujjwal Sahay Vulnerability assessment and penetration testing is a

phenomena in which the IT environment systems such as

computers and networks are scanned in order to identify

the presence of vulnerabilities associated with them. As per

the information provided by the latest survey more than

80% of websites are vulnerable, specially those which are

created by using any engine such as wordpress, BlogSpot

etc. leading to the leak of sensitive corporate information

and data such as passwords, credit card info etc.

Basically, Black hats are concentrating

their efforts on web-based applications -

shopping carts, forms, login pages,

dynamic content, etc. Accessible 24/7

from anywhere in the world, insecure

web applications provide easy access to

backend corporate databases.

So let’s get back on the topic VAPT. Now

we are going to explain vulnerability

assessment and penetration testing in the

form of cycle: -

First of all let you introduce with the very

initial step of VAPT which is often

preferred as modes of testing which are

categorized into three parts :-

White Box Testing: White box testing refers to the

phenomena of performing the test from within the

network with the prior knowledge of the network

architecture and the systems. This is also referred to as

internal testing.

Black Box Testing: it refers to testing from an external

network with no prior knowledge of the internal

networks and systems.

Gray Box Testing: Grey box testing is the process of testing

from an external or internal network, with knowledge of

the internal networks and systems. Basically it is a

combination of black box testing and white box testing.

INFORMATION GATHERING

Information Gathering is a method of

collecting information about the network

or the system you are testing.

Such as IP address, OS Version etc.

Basically this is applicable to all the

modes of testing as mentioned above.

VULNERABILITY DETECTION

In this phenomena many tools such as

vulnerability scanners, network scanners

etc. are used to find the associated

vulnerability in that particular network

mode,

INFORMATION ANALYSIS AND PENETRATION

TESTING

This process is used to analyze the identified

vulnerabilities, associated with the information

gathered about the IT environment systems and

networks to apply a plan for penetrating into the

network and system by the process of Penetration

Testing. In penetration testing process, the target

systems are attacked and penetrated using the plan

applied in the earlier process.

PRIVILEGE ESCALATION

After the successful penetration into the

system, privilege escalation technique is

used to identify and escalate access to gain

higher privileges, such as registry/root

access or administrative privileges to that

particular it environment system or

network.

RESULT ANALYSIS AND CLEANUP

At last in this process the root cause analysis is

performed as a result of a successful compromise

to the system leading to penetration testing and

providing suitable recommendations in order to

make the system secure by plugging the holes in

the system. Vulnerability assessment and

penetration testing involves compromising the

system, and as the result of this process some of

the files may be altered. This process ensures that

the system is brought back to the original state,

before the testing, by cleaning up or restoring the

data and files used in the target machines.

THANKS A LOT…!

FOR MORE ARTICLES ABOUT TECHNO-HACKING WORLD

VISIT: - www.thebigcomputing.com

FOR MORE DETAILS ABOUT UJJWAL SAHAY VISIT

www.thebigcomputing.com/about-ujjwalsahay/