Vulnerability Assessment & Penetration Testing     (VAPT)

In this article we will be diving deep about this interesting topic Vulnerability Assessment & Penetration Testing (VAPT).
But before that, let us breakdown VAPT and see what it really means !
Let us now understand what a vulnerability means.

Vulnerability

It is defined as the state of being exposed to the possibility of being attacked or harmed.
Now, you understand what a vulnerability means. Let us see what does vulnerability assessment (VA) mean !

Vulnerability Assessment (VA)

    Vulnerabilities in computer systems, applications, and network infrastructure are defined, identified, classified, and prioritized through this procedure. Systematic approach to find the security loopholes in a network or software system.
  

  • Process of finding vulnerabilities, with the objective that none of the loopholes are missed
  • It lists the vulnerabilities during the assessment process based on the severity and criticality of the business logic
  • A non-intrusive process and can be done without threatening the IT infrastructure or application’s operations

 Let us see the types of Vulnerability Assessments.

Types of Vulnerability Assessment

1. Active Assessment
    2. Passive Assessment
    3. Host-based Assessment
    4. Internal Assessment
    5. External Assessment
    6. Network Assessment
    7. Wireless Network Assessment
    8. Application Assessment

Outcomes of VA

The outcome of a VA process is an assessment report listing all vulnerabilities, categorized based on their severity.

This report servers as a base for Penetration Testing (PT). Now you go to know the outcomes of VA. Let us learn about Penetration Testing or pentesting (PT).

Penetration Testing (PT)

It is the process of hacking a system with the permission from the owner of that system, to evaluate security, Hack Value, attacks, exploits, zero-day vulnerability & other components such as threats, vulnerabilities, and daisy chaining.

  • A goal oriented exercise
  • Find exploitable flaws and measure the severity of each
  • It tries to exploit the vulnerabilities which helps to determine
  • If there is any unauthorized access or if any probability is there to perform any malicious activity
  • To identify which flaws poses the threat(s) to the application
  • Show how damaging a flaw could be in a real attack rather than listing every flaw
  • More focused on simulating a real-life attack, testing defenses and mapping-out paths a real hacker could take
  • Involves the use of automated vulnerability scanners and other manual pen-test tools

Let us see the types of penetration testing methodologies.

Types of Penetration Testing

White Box

This is a type of pentesting in which the pentester has the complete knowledge of computer system and the information of the target.

Black Box

This is a type of pentesting in which the pentester performs blind testing which means the attacker performs attacks with no prior knowledge of the system.

Gray Box

This is a type of pentesting in which the pentester has very limited prior knowledge of the system or information relevant to the targets such as IP address.
   
    Let us look into the phases of penetration testing process.

Phases of Penetration Testing

    1. Pre-Attack Phase : It focuses on the planning and preparation of the penetration test, it is done prior to any direct engagements to the target system or network.
    2. Attack Phase : It uses the web application attacks, such as XSS, SQLi and backdoors, to uncover a target’s vulnerabilities.
    3. Post-Attack Phase : In this phase, the pentester submits a detailed report on all the findings and solutions to eliminate the potential threats.

Steps of Penetration Testing Process

There are basically 5 steps in pentesting process.

Reconnaissance
   
    This is the first step in the pentesting process. This is the step where we gather as much as information about the target.
   
    Ex : Gathering employee information of the target through OSINT(open-source intelligence) or enumerating the network topologies of the target.
   
Scanning
   
    This is the second step in the pentesting process. This is the step where the tester uses various tools to enumerate the services or ports running on the target and checks the network traffic.
   
Gaining System Access
   
    This is the third step in the pentesting process. This is the step where the tester exploits the security weakness and gains the access to the target machine or organization by escalating the privileges.
   
Persistent Access
   
    This is the fourth step in the pentesting process. This is the step where the tester needs to maintain the foothold for long period in order to accomplish the attacker’s objective. Here the attacker gets to the highest privileges on the target.
   
Analysis and Reporting
   
    This is the final step in the pentesting process. This is the step where the pentester creates a detailed report by explaining the seriousness and the impact of the discovered vulnerabilities, tools used for penetrating the network and the preventive measures for the discovered security weaknesses.
   
    Now we understood the steps of penetration testing.
   
    Let us see the outcomes of penetration testing (PT)

Outcome of PT

The outcome of a PT is, generally, a evidence in the form of a screenshot or log, which substantiates the finding and can be a useful aid towards remediation.
   
    Let us now distinguish VA & PT !

Vulnerability Assessment (VA) Vs Penetration Testing (PT)

-VA is a list-oriented approach while PT is goal-oriented
    – PT is more useful when the target’s security maturity level is high / defense is strong
    – PT is an effective approach with specific goals in mind
    – PT is most suitable in situations where depth over breadth is preferred
    – VA is more useful in situations
        – where there are known security issues
        – when a low-maturity organization would like to get started
    – VA is most suitable in situations where breadth over depth is preferred.
   
    Let us finally discuss about tools used in VA & PT !

Tools used in Vulnerability Assessment (VA)

Nikto
   
   

   
    Nikto scan output assessing the vulnerabilities of a web application
   
BurpSuite
  

Burpsuite for Web Application Testing

  
    used for intercepting, intruding, repeating the web requests between client and server
   
Nessus (https://www.tenable.com/products/nessus)
   
   

Nessus security tools for Vulnerability Assesment


   used for assessing the vulnerabilities
   
Acunetix(https://acunetix.com)
   
   

Acunetix for Security Assesment


    used for assessing the vulnerabilities
   
OWASP ZAP(https://www.zaproxy.org)
   
   

Owasp ZAP for Web Application Assesment


   
    used for assessing the vulnerabilities
   
OpenVas (https://openvas.org)
   

Open VAS Web Application Security Assessments Tool


Tools used in Penetration Testing (PT)

Wireshark
   
 

Wireshark packet capture tools snippet


   
    used for monitoring and analyzing the network traffic
   
Nmap – Network Mapper
   

nmap tool screenshot


   
    used for scanning and enumerating the services or ports on the target machine
   
Metasploit
   
   

Metasploit Penetration Testing Tool for Performing VAPT


   
    used for generating payloads and gaining access to the target
   
Aircrack-ng
   

Aircrack Ng Wireless Penetration Testing Tool


   
    used for wireless pentesting process
   
SQLmap
   
   

Sql Map tool for Security Assesment


    used for checking and exploiting the SQLi injection attacks
   
JohnTheRipper
   
  


   
    used for cracking the passwords

Conclusion

That’s all about the Vulnerability Assessment and Penetration Testing.
   
    We have learned what is vulnerability assessment (VA), its types, outcomes of it, tools and their uses.  Also, we have learned about penetration testing (PT), phases of it, types of it, steps, outcomes of it, tools and their uses. We also distinguished between VA & PT.
   
    After reading this essay, I hope you found it enjoyable and learned something new.


Call Us