Scope of work
VAPT Solutions believes that open communication with clients is an utmost important thing to decide the next stage and part of the domain which needs to be audit. Here we decide scope of work; URLs; User roles; Time etc.
Information gathering
Our team collects detailed information with the latest tools and techniques. Do both active and passive analysis. The search procedure generally includes files leaked by search engines and social Medias like PDF, DOCX, XLSX, text file or credential leaks. Then the data is analyzed by our experts to identify the risk factor.
Vulnerability assessment and Penetration testing
This is most important phase of website penetration testing and most time taken phase. We spend 85% of total time for vulnerability assessment. We will do both automated (20%) and manual (80%) website penetration testing. Check for various vulnerabilities according to OWASP top 10 like SQL injection; authentication bypass; Business Logic Testing; Command injection; XSS; Session Management Testing etc. According to client’s requirements, will do penetration testing by exploiting identified vulnerabilities.
Reporting
Now after the vulnerability assessment process is completed, here comes the final stage called reporting. All the gathered information is provided to the client in a concise and detailed manner. The report consists of risks, strength and weakness of the system and ends by recommendation which aids the business leaders taking informed decisions. We make sure that the report is easy to navigate and further explains how these issues can be fixed.
Re-testing
Depending upon scope and client’s requirements, this is the additional process where the final review is done after the client organization fixed the vulnerabilities. This is to ensure that the changes have been implemented and risk has been eliminated successfully.