Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Vulnerability Assessment And
Penetration Testing (VAPT) BY Ujjwal
Sahay
Vulnerability assessment and penetration testing ...
Basically, Black hats are concentrating
their efforts on web-based applications -
shopping carts, forms, login pages,
dyna...
So let’s get back on the topic VAPT. Now
we are going to explain vulnerability
assessment and penetration testing in the
f...
White Box Testing: White box testing refers to the
phenomena of performing the test from within the
network with the prior...
INFORMATION GATHERING
Information Gathering is a method of
collecting information about the network
or the system you are ...
VULNERABILITY DETECTION
In this phenomena many tools such as
vulnerability scanners, network scanners
etc. are used to fin...
INFORMATION ANALYSIS AND PENETRATION
TESTING
This process is used to analyze the identified
vulnerabilities, associated wi...
PRIVILEGE ESCALATION
After the successful penetration into the
system, privilege escalation technique is
used to identify ...
RESULT ANALYSIS AND CLEANUP
At last in this process the root cause analysis is
performed as a result of a successful compr...
THANKS A LOT…!
 FOR MORE ARTICLES ABOUT TECHNO-HACKING WORLD
VISIT: - www.thebigcomputing.com
 FOR MORE DETAILS ABOUT UJ...
Upcoming SlideShare
Loading in …5
×

Vulnerability assessment and penetration testing (VAPT) by Ujjwal Sahay

This article is written by cyber security expert Ujjwal Sahay.
Vulnerability assessment and penetration testing is a phenomena in which the IT environment systems such as computers and networks are scanned in order to identify the presence of vulnerabilities associated with them. As per the information provided by the latest survey more than 80% of websites are vulnerable, specially those which are created by using any engine such as wordpress, BlogSpot etc. leading to the leak of sensitive corporate information and data such as passwords, credit card info etc

  • Login to see the comments

Vulnerability assessment and penetration testing (VAPT) by Ujjwal Sahay

  1. 1. Vulnerability Assessment And Penetration Testing (VAPT) BY Ujjwal Sahay Vulnerability assessment and penetration testing is a phenomena in which the IT environment systems such as computers and networks are scanned in order to identify the presence of vulnerabilities associated with them. As per the information provided by the latest survey more than 80% of websites are vulnerable, specially those which are created by using any engine such as wordpress, BlogSpot etc. leading to the leak of sensitive corporate information and data such as passwords, credit card info etc.
  2. 2. Basically, Black hats are concentrating their efforts on web-based applications - shopping carts, forms, login pages, dynamic content, etc. Accessible 24/7 from anywhere in the world, insecure web applications provide easy access to backend corporate databases.
  3. 3. So let’s get back on the topic VAPT. Now we are going to explain vulnerability assessment and penetration testing in the form of cycle: - First of all let you introduce with the very initial step of VAPT which is often preferred as modes of testing which are categorized into three parts :-
  4. 4. White Box Testing: White box testing refers to the phenomena of performing the test from within the network with the prior knowledge of the network architecture and the systems. This is also referred to as internal testing. Black Box Testing: it refers to testing from an external network with no prior knowledge of the internal networks and systems. Gray Box Testing: Grey box testing is the process of testing from an external or internal network, with knowledge of the internal networks and systems. Basically it is a combination of black box testing and white box testing.
  5. 5. INFORMATION GATHERING Information Gathering is a method of collecting information about the network or the system you are testing. Such as IP address, OS Version etc. Basically this is applicable to all the modes of testing as mentioned above.
  6. 6. VULNERABILITY DETECTION In this phenomena many tools such as vulnerability scanners, network scanners etc. are used to find the associated vulnerability in that particular network mode,
  7. 7. INFORMATION ANALYSIS AND PENETRATION TESTING This process is used to analyze the identified vulnerabilities, associated with the information gathered about the IT environment systems and networks to apply a plan for penetrating into the network and system by the process of Penetration Testing. In penetration testing process, the target systems are attacked and penetrated using the plan applied in the earlier process.
  8. 8. PRIVILEGE ESCALATION After the successful penetration into the system, privilege escalation technique is used to identify and escalate access to gain higher privileges, such as registry/root access or administrative privileges to that particular it environment system or network.
  9. 9. RESULT ANALYSIS AND CLEANUP At last in this process the root cause analysis is performed as a result of a successful compromise to the system leading to penetration testing and providing suitable recommendations in order to make the system secure by plugging the holes in the system. Vulnerability assessment and penetration testing involves compromising the system, and as the result of this process some of the files may be altered. This process ensures that the system is brought back to the original state, before the testing, by cleaning up or restoring the data and files used in the target machines.
  10. 10. THANKS A LOT…!  FOR MORE ARTICLES ABOUT TECHNO-HACKING WORLD VISIT: - www.thebigcomputing.com  FOR MORE DETAILS ABOUT UJJWAL SAHAY VISIT www.thebigcomputing.com/about-ujjwalsahay/

×