Arete Software (Securing IT)
Contact us
Portfolio    |     Clients    |    Partners    |    Contact us    |    About us    |    Careers   
Arete InfoSec Arete Consultant Pvt. Ltd Arete Innovation & Incubation Centre
space
    Managed Security Service
    Compliances & Certifications
    VAPT
 
Home » Info Security Services » Vulnerability Assessment & Penetration Testing

Vulnerability Assessment & Penetration Testing

Arete’s Vulnerability Detection and Penetration Testing is the most comprehensive service for auditing, pen testing, reporting and patching for your company’s web based applications. With Port 80 always open for web Access there is always a possibility that a Hacker can beat your Security systems and have an unauthorized access to your web Applications.

Vulnerability assessment and Penetration testing are two different and complimentary pro-active approaches to assess the security posture of the information systems network.

Vulnerability Assessment
The Vulnerability Assessment is done to test the security posture of the Information System as an internal attacker also referred to as ethical hacker. The primary purpose of the Vulnerability assessment testing is to imitate an internal attack as a user with network access and attempt to gain unauthorized information and enumerate any vulnerability that may exist.


Penetration Testing

A penetration test offers an invaluable and compelling way to establish a baseline assessment of security as seen from outside the boundaries of the organization’s network. Properly executed penetration tests provide evidence that vulnerabilities do exist and that network penetrations are possible. More importantly, they provide a blueprint for remediation in order to start or enhance a comprehensive information protection strategy.

Benefits:
Identify any potential security vulnerabilities in an organization’s current infrastructure and develop plans to mitigate these weaknesses.

  • Determine the degree of exposure to external and internal attacks.
  • Provide evidence that verifies the possibility of exploiting the vulnerabilities found.
  • Determine the probability that an attacker could compromise the system with access to computers connected to your company's network.
  • Assess the defense systems such as Intrusion Detection System (IDS), firewall etc and check if they are working properly.
  • Third-party audits meet government and industry compliance standards.
  • Accurate and up-to-date vulnerability knowledge base.
  • Comprehensive and easy to user report for management as well as technical team.
  • Closing all windows of opportunity for intruders.


Methodology

Arete’s penetration test methodology includes three types of approaches for penetration testing:

  • A Zero knowledge Test
  • A Full Knowledge Test
  • A Partial Knowledge Test

With our zero-Knowledge attack, the Penetration Test Team has no real information about the target environment. This type of test is obviously designed to provide the most realistic penetration test possible.

In our Partial Knowledge Test, the client organization provides the test team with the type of information a motivated attacker is likely to find, and hence, saves time and expense.

Our partial knowledge test approach is used if there is a specific kind of attack or specific targeted host that the client organization wants to have the penetration test team focus on. To conduct a partial knowledge test, the test team is provided with such documents as policy and network topology documents, asset inventory, and other valuable information.

Our last type of approach for penetration testing is a Full Knowledge attack, whereby the penetration test team has as much information about the client environment as possible. This approach is designed to simulate an attacker who has intimate knowledge of the target organization’s systems, such as an actual employee. The above strategies are conducted both on the Application as well as the Network.

The steps involved in Application and Network VAPT are as follows:

1. Application Penetration Test Methodology

  • Information Gathering
  • Configuration Testing
  • Business Logic Testing
  • Authentication Testing
  • Authorization Testing
  • Client-side Attacks
  • Data Validation Testing
  • Session Management Testing
  • Denial of Service Testing
  • Web Services Testing
  • AJAX Testing

2. Network Penetration Testing Methodology

  • Reconnaissance
  • Vulnerability Assessment
  • Network Links and Protocol Vulnerability Testing
  • Multiple Attack Vector Analysis
  • Exploitation
  • Scenario Modeling Analysis
  • Root Cause Analysis
  • Risk Calculation

TOP

         
    Home
    About us
    Portfolio
    Clients
    Partners
    Contacts us
    Sitemap
    Terms of use
Software Development
Corporate Website
ERP
E-Commerce
CMS
Portal
Hosting
Content Writing
Info. Security Products
Web Application Scanner
Network Security
Password Recovery
Forensics
Info Security Services
Managed Security
Comliances & Certification
VAPT
Info Security Training
Cyber Forensics
Ethical Hacking
Government Training
Corporate Training
Professionals Training
Students Training
         
© Copyright 2010 Arete Software. All rights reserved. An ISO 9001:2008 Certified Company  |  XML-Sitemap