Projects and organisations could have vulnerabilities which are not evident or difficult to identify. The most common methods to trace them are Vulnerability Assessment and Penetration Testing (VAPT). These two activities have different scope of coverage and different procedures. But together they open up all the major vulnerabilities in a system and proved to be a strong solution.
Vulnerability testing can be executed in the project codes and in the organisation networks, depending upon the scope defined and tools chosen. In the vulnerability testing, all the flaws in the system are realised without differentiating those could create damage and those cannot. Vulnerability system notifies the areas of concerns and the location of those vulnerabilities in the system.
Meanwhile, Penetration testing aims to reveal the vulnerabilities in the system and detect the possibility for unauthorised or malicious activities in it. Penetration testing evaluates these threats on the basis of severity and illustrates the damage they could create during a real attack rather than pointing out all the flaws in the system.
Combined, these two testing methods portrait the vulnerabilities of a system and the risks associated with this. In effect, VAPT functions as a protective mechanism for an infallible organisational system.
Step by step Vulnerability Assessment Process to identify the system vulnerabilities.
Define goals and objectives of Vulnerability Analysis.
Black Box TestingTesting from an external network with no prior knowledge of the internal network and systems.
Grey Box TestingTesting from either external or internal networks with the knowledge of the internal network and system. It's the combination of both Black Box Testing and White Box Testing.
White Box TestingTesting within the internal network with the knowledge of the internal network and system. Also known as Internal Testing.
Obtaining as much information about IT environment such as Networks, IP Address, Operating System Version, etc. It's applicable to all the three types of Scopes such as Black Box Testing, Grey Box Testing and White Box Testing.
In this process, vulnerability assessment tools / scripts are used to scan the IT environment and identify the vulnerabilities.
It will analyse the identified vulnerabilities to devise a plan for penetrating into the network and systems.