Vulnerability Assessment And Penetration Testing (VAPT) BY Ujjwal Sahay Vulnerability assessment and penetration testing is a
phenomena in which the IT environment systems such as
computers and networks are scanned in order to identify
the presence of vulnerabilities associated with them. As per
the information provided by the latest survey more than
80% of websites are vulnerable, specially those which are
created by using any engine such as wordpress, BlogSpot
etc. leading to the leak of sensitive corporate information
and data such as passwords, credit card info etc.
Basically, Black hats are concentrating
their efforts on web-based applications -
shopping carts, forms, login pages,
dynamic content, etc. Accessible 24/7
from anywhere in the world, insecure
web applications provide easy access to
backend corporate databases.
So let’s get back on the topic VAPT. Now
we are going to explain vulnerability
assessment and penetration testing in the
form of cycle: -
First of all let you introduce with the very
initial step of VAPT which is often
preferred as modes of testing which are
categorized into three parts :-
White Box Testing: White box testing refers to the
phenomena of performing the test from within the
network with the prior knowledge of the network
architecture and the systems. This is also referred to as
internal testing.
Black Box Testing: it refers to testing from an external
network with no prior knowledge of the internal
networks and systems.
Gray Box Testing: Grey box testing is the process of testing
from an external or internal network, with knowledge of
the internal networks and systems. Basically it is a
combination of black box testing and white box testing.
INFORMATION GATHERING
Information Gathering is a method of
collecting information about the network
or the system you are testing.
Such as IP address, OS Version etc.
Basically this is applicable to all the
modes of testing as mentioned above.
VULNERABILITY DETECTION
In this phenomena many tools such as
vulnerability scanners, network scanners
etc. are used to find the associated
vulnerability in that particular network
mode,
INFORMATION ANALYSIS AND PENETRATION
TESTING
This process is used to analyze the identified
vulnerabilities, associated with the information
gathered about the IT environment systems and
networks to apply a plan for penetrating into the
network and system by the process of Penetration
Testing. In penetration testing process, the target
systems are attacked and penetrated using the plan
applied in the earlier process.
PRIVILEGE ESCALATION
After the successful penetration into the
system, privilege escalation technique is
used to identify and escalate access to gain
higher privileges, such as registry/root
access or administrative privileges to that
particular it environment system or
network.
RESULT ANALYSIS AND CLEANUP
At last in this process the root cause analysis is
performed as a result of a successful compromise
to the system leading to penetration testing and
providing suitable recommendations in order to
make the system secure by plugging the holes in
the system. Vulnerability assessment and
penetration testing involves compromising the
system, and as the result of this process some of
the files may be altered. This process ensures that
the system is brought back to the original state,
before the testing, by cleaning up or restoring the
data and files used in the target machines.
THANKS A LOT…!
FOR MORE ARTICLES ABOUT TECHNO-HACKING WORLD
VISIT: - www.thebigcomputing.com
FOR MORE DETAILS ABOUT UJJWAL SAHAY VISIT
www.thebigcomputing.com/about-ujjwalsahay/