VAPT Methodology

Vulnerability Assessment tools uncover all possible network weaknesses, leaving

customers guessing as to which vulnerabilities pose real, imminent threats.

Penetration Testing safely exploits vulnerabilities to eliminate "false positives" and

reveal tangible threats. Penetration test results enable IT staff to delineate critical security
issues that require immediate attention from those that pose lesser risks.

Vulnerability Assessment Methodology

Preparation
In this phase, a formal contract is signed which also contains a Non-Disclosure Agreement. The contract also
outlines infrastructure perimeter, evaluation activities, time schedules and resources available to a tester.

Scanning
After gathering the preliminary information we will identify systems that are alive and reachable via the
Network/Internet, and what services they offer. We define the Scan policy for each target, we perform
followings activities based on the architecture and complexity of the network.

Scans Some common tools to perform scanning

Active Scans Nmap
Passive Scans Nessus
GFI LanGuard
Retina

Enumeration
Enumeration involves active connections to systems and directed queries,
Type of information enumerated by tester:

 Network resources and shares

 Users and groups
 Applications and banners

Vulnerability Analysis
Vulnerability Analysis is the act of determining which security holes and vulnerabilities may be applicable to the
target network or host.

Following are the points taken:

 Identification & Filtration of False Positives

 Identification & Filtration of False Negatives
 Banners exposing internal information
 Exposed Web Applications variables, etc.
 Default configuration mistakes
 Documentation
Step 1: Collect the scan results and analyse for security loopholes, configuration errors, default installation
settings, overlooked setups, password quality, firmware/software revisions, patch fixes, security policy
violations etc.

Step 2: Classify the vulnerabilities discovered within the environment spanning – Technical, Organizational and
Process issues; into categories of High, Medium, and Low risk.

Step 3: Perform impact analysis of the vulnerabilities discovered and threats arising thereof, per se the client’s
IT architecture.

Submission of Reports
Step1: Detailed explanations of the implications of findings, impacts, and risks for each of the identified
vulnerabilities.

Step 2: Recommended Action Items including immediate fixes, policy recommendations and product
recommendations for improving the overall network security.

Step 3: An executive summary highlighting key findings and recommendations from a security perspective.

Penetration Testing Methodology

Planning
Step 1: Identify key vulnerabilities to be exploited

Step 2: Prepare a list of acceptable testing techniques (Ex: Password cracking, Denial of service, etc.) and
research exploits to be launched

Step 3: Ascertain the times when the testing is to be conducted (Ex: During business hours, after business
hours, etc.)

Step 4: Prepare identification of an estimated period for testing

Step 5: Determine IP addresses of the machines from which penetration testing will be conducted so that the
client can differentiate the legitimate penetration testing attacks from actual malicious attacks

Step 6: Identify asset owners & schedule tasks, if any

Step 7: Plan for Downtime & Contingency, if applicable

Exploitation
Our approach is to review the list of vulnerabilities collected in the VA stage and sort them by likelihood of
success and potential harm to the target network to see which may be helpful in our exploitation efforts.
We examine the list of known vulnerabilities and potential security holes on the various target hosts and
determine which are most likely to be fruitful.

Next we pursue exploiting those vulnerabilities to gain access on the target system. Primary targets are open
ports and potentially vulnerable applications.

The below mentioned tools are used to perform Penetration Testing.

 Nmap
 Nessus
 GFI LanGuard
 Retina
 Metasploit

Cleaning Up
Remove all testing traces of compromised systems based on the detailed and exact list of all actions
performed during the penetration test; returning the system and any compromised systems to the exact
configurations that they had prior to the penetration test.

Reporting
Step 1: Detailed explanations of the implications of findings, impacts and risks for each of the
identified vulnerabilities.

Step 2: Recommended Action Items including immediate fixes, policy Recommendations and
product recommendations for improving the overall network security.

Step 3: An executive summary highlighting key findings and recommendations from a security
perspective