Tectona Softsolutions (P) Ltd.
 
 


VAPT is a process in which computers, networks, servers, operating systems and application software are scanned in order to identify the presence of known and unknown vulnerabilities.

VAPT DEVICES

  • Vulnerability: A flaw or weakness in system that may result in a security breach or a violation of the system's security policy.

  • Threat: The potential for a specific vulnerability to be exercised either intentionally or accidentally.

  • Control: measures taken to prevent, detect, minimize, or eliminate risk to protect the Integrity, Confidentiality, and Availability of information.

  • Vulnerability Assessment: The process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system.

  • Some methods are used to assess Vulnerability Assessment they are Information Gathering, Vulnerability Detection, Information Analysis and Penetration, Privilege Escalation, Result Analysis and Clean Up.
 

Vulnerability Analyse

  • Defining and classifying network or system resources.
  • Assigning relative levels of importance to the resources.
  • Identifying potential threats to each resource.
  • Developing a strategy to deal with the most serious potential problems first.
  • If security holes are found as a result of vulnerability analysis, a vulnerability disclosure may be required.

Patch Management

  • Identify missing patches in the system.
  • Getting information about product wise missing patches.
  • Identify criticality of the missing patches.
  • Get Operating System (OS) wise, MS SQL Database wise, IIS Web server wise and other vulnerabilities.

Network Port Scanning

  • Identifying open ports on the system.
  • Auditing the security of the system by identifying the network connections, this can be made to, or through it.
  • Identifying unauthorized application/service, which is using a particular port for data sharing.
  • A facility is there for blocking/denied access of unauthorized network ports.

Application Monitoring

  • Identify all authorized and unauthorized application/processes that are running on the system.
  • Provides policy enforcement which is user defined resulting in an instant application termination regards to the policy violation.

Service Monitoring

  • Identified current status of services in each system like:
    • => Service Status: Running/Stopped.
    • => Service Mode: Automatic/Manual/Disabled.
  • Identifies unauthorized services in the system.
  • The facility is available like administrator can change the status of window services from the central console like start/stop service or change startup type of the service.

Shared Resources

  • Identify all shared resources in each system.
  • Provides policy enforcement for automatic removing shared resources.

Notification Handling

  • A notification or service requests/tickets is raised based on the category/sub-category for any security breaches or vulnerabilities is found.
  • A service request/ticket should be automatically sent to the engineer/person/security expert for closing of security breaches or vulnerabilities.
  • The service Request/Tickets should be available for viewing and action on suitable web-based interface.
  • The Security Request/Tickets should have facility to log all events, actions taken on the notification to remedy the security incident.
  • Facility for the engineer/admin to route the Security Request/Tickets to another engineer/person.
  • If the Security Request/Tickets is not closed, then the Security Request/Tickets should be escalated to the next level of expert/engineer, and suitable emails/sms should be sent to the Admin and the higher authorities (as defined by the Security incident handling policy).

Reports

  • Standard pre-built reports are provided to simplify the managing of nodal details effective.
  • Provides a facility to let the reports generated to be exported in excel and/or PDF format there by making it simple for the admin to shelf a hard copy at a single click that can be retrieved as and when required.

Utility of VAPT

  • Ability to define hierarchical Organization units for security incident management.
  • Ability to define user rights based on their role and OU. And, these rights can use used to define access policy to the application.
  • Keep history of all network operations, which includes port used, opened etc.
  • Vulnerability scan and database of vulnerabilities.

Payments

Pay with credit/debit card or using