What is VAPT? Why is it needed? How it is done? Some of the details have already been discussed so far. If you have missed it, find it here! Penetration Testing have been learnt and now we shall go for Vulnerability Assessment.

A vulnerability assessment is a process of finding out the vulnerabilities (mistakes or flaws) in a system inorder to reduce the threat and protect the network. To continue with the VA there are some stages as for Pentest, they are as follows:

• Initial Assessment: It is basic step to identify the assets and risk for a particular device.The factors including this stage are seriousness of risk, countermeasures for each risk, business analysis, etc.
• Scanning: Using automated or manual tools for scanning of the targeted areas for vulnerabilities, flaws, bugs, etc. They also check for the ports, services and processes that should not be kept opened.
• Analysis: With the detected vulnerabilities, they are analyzed for potential risks, severity of the bugs and urgency of the remediation.
• Report Formation: A detailed report formation is important to add extra suggestions and remedies for the possible vulnerabilities. The report include details of the vulnerability, effected systems, suggested patches and countermeasures.

Types of Vulnerability Scanning

1. Host based Scanning: Servers, network hosts, workstations are scanned for vulnerabilities. The host based tools install a mediator software on a targeted device to trace and report to the security analyst about the event.
2. Network based Scanning: The ports of wired and wireless networks are scanned for unknown services running on the respective ports. The possible vulnerabilities are identified and reported using network scanning tools.
3. Database Scanning: For any company to persist, analyzing data from the users and maintaining them safe is necessary. To protect databases from breaches, by SQL injection, databases are scanned for vulnerabilities using specific tools and techniques.
4. Web Application Scanning: The assets of the company, external scanning in Pentest, are scanned for vulnerabilities as there might be a possibility for the intruder to get a remote connection through the flaws in building the applications.

Vulnerability Testing Methods

1. Active Testing: Here a tester introduces new test data and analyzes the results. During the testing process, the testers create a model of the process, and it will grow further during the interaction with the software under test. While doing the test, the tester will actively involve in the process of finding out the new test cases and new ideas.
2. Passive testing: Unlike active testing, software is analyzed in running mode without actually introducing a new test data.
3. Network Testing: It is the process of recording the state of network over a period of time. Testing is mainly done to predict the working of network on load. This process include scanning of number of users, utilization of the application and network.
4. Distributed Testing: The applications that have multiple clients working simultaneously are scanned using this method.

Here are some citations you can use:

• Active and Passive Testing
• Network Testing
• Distributed Testing
• Layers in Networking Model

We go with our traditional way of saying bye at the end of writing… Much more to come. Till then, stay updated and have a happy and healthy learning.

Stay Home Stay Safe!!