Business needs, drive corporations today to connect their enterprise to the Internet. The core intellectual property of any company with a computer network connected to the Internet is at risk from attacks via the Internet. Vulnerability Assessment and Penetration Testing is a set of techniques and methodologies to test compliance to security policies, and to detect previously unknown vulnerabilities.
The purpose of the vulnerability analysis and penetration testing is to verify the security posture of the given network assets and evaluation of their effectiveness against anticipated threats.
To perform a Vulnerability assessment and penetration testing on the list of Servers, Nodes, Applications, Firewalls listed by customer to identity the vulnerability levels of it and give an executive summary of how to mitigate the vulnerabilities if any.
VULNERABILITY ASSESSMENT
Information Gathering
Scanning for open ports, and checking for local firewall, Antivirus and remote access to the Machines.
Vulnerability Identification
Tools such as vulnerability scanners are used, and vulnerabilities are identified in the IT environment by way of scanning.
OS patches
software patches & updates.
PENETRATION TESTING
Identification of public IP's and Natted IP's pointing to internal resources
Foot printing of Customer network
The target systems are attacked and penetrated using the plan devised in the earlier process.