Vulnerability Assessment/Penetration Testing

Vulnerability & Cyber Security Assessments provide a complete evaluation of existing and potential vulnerabilities within the organisation with the end result of improving the security posture. The evaluations are designed to proactively identify and prevent the exploitation of any existing IT vulnerabilities. VAPT is increasingly important for organisations wanting to achieve compliance with standards including the ISO 27K,

PCI DSS and Privacy Compliance as well as prescriptive guidance by authorities like CERT-IN, RBI, SEBI and IRDA.

Few types of Penetration Tests:

• Web application testing (WAPT)
• Internal/external Network and Server infrastructure tests
• Wireless network testing
• Mobile application testing (MAPT)
• CI /CD Build and configuration and Code Security Review Tests
• Red and Blue Teaming Tests

Our main objective in carrying out VAPT is to identify cyber security weaknesses and test how far a potential exploit can compromise an enterprise network. We also test the organisation's security policy compliance, the effectiveness of employee security awareness training programs as well as your ability to identify and respond to cyber security incidents.

The web application testing is carried out as per OWASP Top 10 mentioned below-

1. SQL Injection
2. Cross Site Scripting(XSS)
3. Broken Authentication & Session Management
4. Insecure Direct Object References
5. Cross Site Request Forgery(CSRF)
6. Security Misconfiguration
7. Insecure Cryptographic Storage
8. Failure to Restrict URL Access
9. Insufficient Transport Layer Protection
10. Invalidated Redirects & Forwards

Benefits of a Vulnerability Assessment & Cyber Security Assessment

Identification and Remediation of Weaknesses: These assessments help in the identification and resolution of vulnerabilities across a range of elements such as network devices, operating systems, desktop and web applications, and databases.

Prevent Exploitation: By detecting and addressing potential weaknesses before cybercriminals and hackers can exploit them, you fortify your network's defences.

Enhanced Cybersecurity Posture: Assessments provide insights into your current cybersecurity posture, allowing you to evaluate existing risks and implement effective mitigation strategies.

Test Security Policies and Response Capabilities: These assessments serve as tests for your organisation's ability to both adhere to security policies and effectively respond to security threats, ensuring your security measures are robust.

Assess Employee Security Awareness: They also help gauge the level of security awareness among employees, acting as a foundation for improving their knowledge and strengthening the human aspect of cybersecurity.

Compliance Demonstration: By conducting these assessments, you can demonstrate compliance with government and industry regulations, including certifications like Cert-IN.

Optimised Resource Allocation: These assessments enable you to allocate resources more efficiently by pinpointing areas that require immediate attention and investment.

These evaluations play a critical role in bolstering your cybersecurity defences, safeguarding sensitive information, and ensuring compliance with relevant regulations.

Web Application Testing Solution

Writer Web Application testing is based on the OWASP (Open Web Application Security Project) Testing Methodologies and the OWASP Testing Framework. During the audit our team performs 'active' tests that have been classified on the basis of the type of vulnerabilities found.

A detailed security assessment will be a tailored approach based on the individual requirements such as a number of applications to be audited, type of application, desired type of testing, our predefined number of tests for each type of application.

Tools used for Web Application Security Assessment:

OWASP ZAP, BurpSuite, Nikto, DirBuster, SQLmap & more.

Code Security Review Testing Solution

Code Security Review shall be conducted using professional tools and other tools and emulators. It will provide a complete evaluation of existing and potential vulnerabilities within your application source code, which may get exploited if moved to production. The main objective is improving your security posture. The evaluations are designed to proactively identify and prevent the exploitation of any existing or new IT vulnerabilities against known and emerging threats

Our Code Security project team will follow stringent practices while performing vulnerability assessment and penetration testing activities. We understand that specific type of testing such as

White box testing, which will be performed after having full authorization from Client along with associated risk acceptance.

Writer testing team in close collaboration with Client’s internal Stakeholders team will ensure that appropriate testing to be conducted within the defined and approved time window as mutually agreed upon by Writer and Client. Our IT Security Consultants with their rich domain knowledge and expertise will work towards providing the potential real work attack simulation, without or minimal disrupting to Client’s business services and daily operations.

Some of the Tools used for Code Security Review include:

SonarQube, Checkmarx, HP Fortify AppScan & Web Inspect, Micro Focus Fortify WebInspect & more.

Please reach out to us for Security Testing solutions.

Ajay Soni

SVP – Cloud and Data Services

Writer House, CTS no. 1377 & 1378, Church Road, Marol, Andheri (E) Mumbai - 400059

M: +91 98204-32642 

• Category: Banking & Financial Services
• Date: 15-09-2023