Introduction to
Adiroha Solutions
Adiroha Solutions OPC Pvt.
Ltd is a Bengaluru-based
corporation. We're a group of
high-touch ethical hackers
who specialise in a certain
area of cybersecurity. We
work to comprehend
cyber-attacks and the threat
vectors that cause them.
We've discovered that
technology alone isn't enough
to battle attackers, which is
why our solution employs a
three-pronged strategy that
combines cutting-edge
security technologies,
world-class knowledge, and
comprehensive threat
intelligence. We're trying to
expand our expertise and
global footprint in the sphere
of information security and
cybercrime investigation.
Our Values
At Adiroha Solutions,
information security is
what we perform. Our
only priority-
Supporting your IT
Security Lifecycle and
infrastructure
protection.We believe
in offering end-to-end
information security
management services
supported by strategic
and developing
technology partners
who are perfectly
focused on information
security for our
customers, as we are
an expert team of
highly dedicated
security specialists. We
follow best practises
and quality standards
from the start, and this
is how we achieve
excellence.
 Our Managed Services VAPT Methodology
Hackers will frequently
● Web Application Penetration
● Testing Network Penetration
search networks for
● Testing Mobile Application
gaps and weaknesses,
Security either actively or
● Cloud Penetration Testing passively. Professionals
● Infrastructure Penetration who specialise in
Testing security analysis and
● Threat Intelligence & vulnerability
Incident assessments are crucial
● Response Secure Code in detecting and closing
● Development Corporate security flaws. Security
● Investigations IoT analysis software is used
Penetration to pinpoint any flaws in
● Testing Server Security the computer, network,
Testing or communication
● Secure Code Review Data infrastructure, which are
● Recovery E-Discovery & then prioritised and
Forensics
addressed using the
‘protect, delegate, and
delegate' method.
Security Standards
• OWASP10
• SANS25
• OSSTMM
Jai
• NIST SP800-115
• FedRAMP
Hind.
• PTES
Vulnerability Assessment and Penetration Test

Network Mobile
Penetration Penetration
Testing Services Testing

Wi-Fi Internet Cloud

Penetration of Things Penetration
Testing Testing

Scada Web Application

Penetration Penetration
Testing Testing
1. Security Testing Method
I. Information Gathering: Obtaining extensive knowledge
about the devices, network architecture, and protocols utilised
is part of this stage.
II. Planning-Analysis: This stage entails coming up with a plan
to simulate a real-time threat scenario on the infrastructure.
We offer a comprehensive set of test cases that can be
executed on any target environment where the target is being
tested. Plans are made to optimise the entire process while
minimising any negative impact on live infrastructure.
III. Vulnerability Detection: Using industry benchmark tools,
we execute testing on many parts of the IT infrastructure at
this phase.
IV. Penetration Testing: A penetration test is performed on all
potential vulnerabilities to identify the most likely attack sites
for the client. This is where 80% of the VAPT work is
completed. For the best results, we develop bespoke scripts
based on the business logics and manually attack each
vulnerability.
V. Reporting: We disclose all of our results to the customer
when the penetration tests are completed, including a full
analysis of the vulnerability detected, the threat level,
potential impact, suggested strategies, and proof of concepts
(PoC).
2. Report and Recommendation Discussion
● We provide brief and succinct reports of the
vulnerabilities found, and we have a full discussion with
your development team about the nature of the issue, its
impact, threat level, and our proposal to remove the
vulnerability. With the client's development team, our
technical specialists review the report, as well as the
problems discovered and their effect scenarios.
3. Patching by Development Team of Client
● In consultation with Adiroha's security team, the client's
development team patches all of the vulnerabilities
reported by Adiroha.
4. Re-Testing
● In this step, Adiroha performs the re-testing of the IT
infrastructure after the development team of client gives
go-ahead and confirms on all the vulnerabilities being
patched.

High Level Test Cases

Mobile Application Testing: Web Application Testing:

● Architecture, design
and threat modelling
● Data storage and
privacy
● Cryptography
● Authentication and
session management
● Network
communication
● Interaction with the
environment
● Coding practices and
build process
● Resiliency against
reverse engineering
● Report Creation &
Project Close-out
● Information Gathering
● Configuration and
Deployment
Management Testing
● Testing for Identity
Management
● Authentication
Testing
● Authorization Testing
● Session Management
Testing
● Input Validation
Testing
● Error Handling
● Client-Side Testing
● Testing for business
logic
● Report Creation
Server Security Testing: Network Security Testing:
● Data Gathering & ● Internal Network Scanning
Project Set up ● Port Scanning
● Tests for DB Server ● System Fingerprinting
● Services Probing
● Data Gathering & ● Exploit Research
Project Set up ● Manual Vulnerability Testing
● Tests for DB Server and Verification
● User Accounts ● Manual Configuration
● Policies Weakness Testing and
● Provisioning Servers Verification
● Vulnerability Research ● Password brute forcing to
check authentication
& Verification strengths
● Report Creation & ● Packet inspection to break
Project Close-out into wireless network
● 5. Network and Wireless
Security Testing
● Signal disruptions to break
IoT Security Testing: wireless signaling network
● Network Traffic ● Limited Application Layer
● Device Firmware Testing
● Device Web Interface ● Firewall and ACL Testing
● Device Physical ● Administrator Privileges
Interfaces Escalation Testing
● Password Strength Testing
● Administrative Interface
● Network Equipment Security
● Network Traffic Controls Testing
● Testing Vendor-supplied ● Database Security Controls
defaults for system Testing
passwords and other ● Internal Network Scan for
security parameters Known Trojans
● Testing physical access ● Third-Party/Vendor Security
Configuration Testing
to IoT Devices
● Report Creation & Project
● IoT device's Close-out
Control/monitor's
Operating System
VAPT Tools and Technologies

Area of Domain Open Source Commercial

OWASP ZAP Burp Suite

Burp (community
Web Application Security Testing edition)
Tools
Custom scripts
Vega
Metasploit
OpenVAS Nessus
Nmap
Network/Infrastructure Security
Testing Tools Metasploit
Netcat
Custom scripts
Andriod Studio Burp Suite
ADB, MobSF

Burp (community
Mobile Application Security Testing
edition)
Tools
OWASP ZAP
Custom
Emulators
Custom scripts
Attify Badge (UART,
Binwalk SPI, I2C)
IoT Assessment Tool (Hardware &
Software) Radar 2, Ida Pro Jtagulator
GNU Radio Hack RF
Qemu Ubertooth