Menu

EVOLUTION INFO-SECURE

SECURITY, SENSE & ETHICS

Network - Vulnerability Assessment & Penetration Testing

network security image

Globally, statistics show that more than 70 per cent of the applications either have vulnerabilities which could potentially be exploited by a hacker, or worse, they have already been exploited. The data losses due to this are typically of two types. Either the data is confidential to the organisation or it is private to an individual. Regardless of the category, data losses result in the loss of money or reputation.

The Systematic & Proof of Concept based approach to Vulnerability Assessment (VA) focuses on extensive finding of loopholes in the organization’s IT infrastructure, helps the organization to effectively manage the risks and secure their IT infrastructure. Our methodology is based on both manual and automated checks on critical IT assets to access and rate the vulnerabilities and help our clients mitigate and manage the discovered issues.  

Typically, VA is a non-intrusive process and we make sure that any VA we undertake will have a minimum impact on the organization’s IT infrastructure by throttling the tests in real-time to avoid any disruption in the normal business process.

Penetration Testing, on the other hand, is going ‘one step further’ than the Vulnerability Assessment. Where the VA focuses on finding the obvious and hidden vulnerabilities, a penetration test will go ahead and try to confirm and establish the discovered vulnerability and evaluate the level of impact that vulnerability could pose if the vulnerability was to be exploited by a real-world adversary.

Our careful approach in performing Penetration tests will help our clients to realize the impact of vulnerabilities. Generally, Penetration tests are noisy and can create some disruption, hence our fine-tuned approach & experience in performing penetration tests ensures that the client organization will have little or no impact during the phase of penetration testing.

 

Methodology for Network VA & PT

Protecting valuable technologies and even more valuable asset - critical business data & intellectual property stored digitally, businesses need to be well aware about the security posture of their networks and network assets. We, at Evolution Info Secure know this well and with our expertise in performing network VA & PT, we ensure that your network remains safe from internal as well as external threats.

The following methodology is followed in assessing the security of our client’s network VA & PT.

Intelligence Gathering

This phase of our network pentesting methodology consists of extensive information gathering, in-depth port scanning, services fingerprinting & enumeration, host and service discovery to get a full list of all the devices and to gain as much information as possible. The main goal here is to gain extensive information in line with the scope and map the possible entry points and enumerate attack vectors.

Threat modeling

The output of results from the intelligence gathering phase, forms the input in this phase. Here, the assets are categorized into threat categories and confirmed on the basis of manual testing methodologies and estimates of threats that the asset can have are evaluated.

Vulnerability Analysis

This phase involves analysis and documenting the discovered vulnerabilities, confirming their existence and performing further tests to confirm the existence of reported vulnerabilities.

Exploitation

The vulnerabilities from the previous stage that have been confirmed to exist are then put to test and analyze the extent that an attacker can abuse to cause harm to the business. It is the Penetration testing (PT) phase as we call it.

This phase includes testing of discovered issues not limited to - password auditing, SQL injection, Cross Site Scripting (XSS), Exploiting unpatched vulnerabilities, Bypassing Access controls, etc.

evolution info secure logo




Online form

Click here  to fill the form online and we will get in touch with you.