VAPT is a process in which computers, networks, servers, operating systems and application software are scanned in order to identify the presence of known and unknown vulnerabilities.
- Vulnerability: A flaw or weakness in system that may result in a security breach or a violation of the system's security policy.
- Threat: The potential for a specific vulnerability to be exercised either intentionally or accidentally.
- Control: measures taken to prevent, detect, minimize, or eliminate risk to protect the Integrity, Confidentiality, and Availability of information.
- Vulnerability Assessment: The process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system.
- Some methods are used to assess Vulnerability Assessment
they are Information Gathering, Vulnerability Detection, Information Analysis and Penetration, Privilege Escalation, Result Analysis and Clean Up.
- Defining and classifying network or system resources.
- Assigning relative levels of importance to the resources.
- Identifying potential threats to each resource.
- Developing a strategy to deal with the most serious potential problems first.
- If security holes are found as a result of vulnerability analysis, a vulnerability disclosure may be required.
- Identify missing patches in the system.
- Getting information about product wise missing patches.
- Identify criticality of the missing patches.
- Get Operating System (OS) wise, MS SQL Database wise, IIS Web server wise and other vulnerabilities.
Network Port Scanning
- Identifying open ports on the system.
- Auditing the security of the system by identifying the network connections, this can be made to, or through it.
- Identifying unauthorized application/service, which is using a particular port for data sharing.
- A facility is there for blocking/denied access of unauthorized network ports.
- Identify all authorized and unauthorized application/processes that are running on the system.
- Provides policy enforcement which is user defined resulting in an instant application termination regards to the policy violation.
- Identified current status of services in each system like:
- => Service Status: Running/Stopped.
- => Service Mode: Automatic/Manual/Disabled.
- Identifies unauthorized services in the system.
- The facility is available like administrator can change the status of window services from the central console like start/stop service or change startup type of the service.
- Identify all shared resources in each system.
- Provides policy enforcement for automatic removing shared resources.
- A notification or service requests/tickets is raised based on the category/sub-category for any security breaches or vulnerabilities is found.
- A service request/ticket should be automatically sent to the engineer/person/security expert for closing of security breaches or vulnerabilities.
- The service Request/Tickets should be available for viewing and action on suitable web-based interface.
- The Security Request/Tickets should have facility to log all events, actions taken on the notification to remedy the security incident.
- Facility for the engineer/admin to route the Security Request/Tickets to another engineer/person.
- If the Security Request/Tickets is not closed, then the Security Request/Tickets should be escalated to the next level of expert/engineer, and suitable emails/sms should be sent to the Admin and the higher authorities (as defined by the Security incident handling policy).
- Standard pre-built reports are provided to simplify the managing of nodal details effective.
- Provides a facility to let the reports generated to be exported in excel and/or PDF format there by making it simple for the admin to shelf a hard copy at a single click that can be retrieved as and when required.
Utility of VAPT
- Ability to define hierarchical Organization units for security incident management.
- Ability to define user rights based on their role and OU. And, these rights can use used to define access policy to the application.
- Keep history of all network operations, which includes port used, opened etc.
- Vulnerability scan and database of vulnerabilities.