Vulnerability Assessment & Penetration Testing (VAPT)
The Vulnerability Assessment & Penetration Testing (VAPT) is to discover, approach and evaluate the defence and security posture of an organization from a remote attacker's perspective.
Vulnerability Assessment and Penetration Testing
Our Penetration Testing plans for Web, Mobile, Networks & Systems, tailor ad-hoc or ongoing programs of Penetration Testing towards your needs and circumstances and can provide services varying from business-to-business requirements. FORT, in partnership with ImmuniWeb, extends the offerings to AI-based Security Assessment & Penetration Testing. We aim to verify the security, integrity, and availability of our client’s security posture by conducting internal/external types of VAPT.
FORT’s approach towards Security assessment and penetration testing can provide you with a detailed view of the security posture of your internal or public-facing digital assets. Our experts will evaluate the performance of the implemented security measures, spot vulnerabilities, and offer clear recommendations for improvement in a comprehensive report. The reporting will include recommendations on a strategic, tactical, and operational level as well as a succinct management summary with in-depth risk analysis for each outcome.
In human intelligence-based penetration testing our pentester gathers all the information of the business and technical points overview and then analyzes them with highly qualified tools. Our team observes the following steps.
Information Gathering
The collection is done either manually or by using specific tools to gather intel such as information about various third-party plugins, table names, DB versions, databases, software, hardware, etc.
Planning and Analysis
Defining the test’s objectives and scope, as well as the systems it will test and the techniques it will employ.
Vulnerability Detection
The test then detects the security issue and takes appropriate preventive measures after the data has been gathered.
Exploitation
After vulnerabilities have been found our R&D team attempts to exploit them by launching an attack.
Report
Once exploitation is complete our experts assess the damage that can be done and provide a report that describes everything and recommends mitigation techniques.
Report Analysis
Security specialists examine the report to determine remediation techniques, risk rank vulnerabilities, examine the potential effects of those vulnerabilities, and use that information to guide future decision-making.
Patching
Once the analysis is complete the patching process takes place. The remediation plan is implemented and mitigation techniques are employed for all discovered vulnerabilities.
Post-Remediation Testing
After patching is done our penetration testers again attempt to exploit the vulnerabilities using prior and new techniques to detect if patching has been implemented properly.
Final Report Submission
This in-depth report includes descriptions of how we began the testing, how we discovered vulnerabilities, how we took advantage of them, and then how exactly our mitigation plan was implemented to patch out the problems. It also includes a report on the retesting phase and how successful the patching phase was in practical terms.
AI-led Penetration Testing
ImmuniWeb is partnered with Concave FORT to support Cyber Resilience in the region with AI-based Security Assessment & Penetration Testing. In comparison to traditional services, ImmuniWeb intelligently
- Automates and accelerates time-consuming operations and processes
- Saves up to 90% of human time. Only the most challenging tasks and procedures that genuinely call for human intelligence are taken on by our security specialists, who offer the best quality and most reasonably priced service on the market.
Differences between Vulnerability Assessment & Penetration Testing.
Vulnerability assessment and Penetration testing are techniques that complement one another and are even sometimes considered the same thing but there are major differences. In a vulnerability assessment, we attempt to find out the maximum number of flaws that may be present without wasting time to exploit them. This gives us a wider perspective of the system. Penetration testing involves running tests from the viewpoint of an attacker, and when a weakness is discovered, our ethical hackers use it to assess how deep an attacker can penetrate. With our combined service of vulnerability assessment and penetration testing (VA/PT), you will obtain a thorough breakdown of the discovered vulnerabilities and learn what the consequences of not patching them would be. Concave FORT can help you and offer advice on how to strengthen your cyber resilience based on the results of these tests.
| Objective | Vulnerability Assessment |
Penetration Testing |
|---|---|---|
| Scope |
Broader and creates a record of assets and resources |
Focuses intensely on a specific vulnerability and determines the depth of a particular attack |
| Work | Discover potential vulnerabilities for each resource |
Reach the root level and test the sensitive data collection |
| Goal | Find as many threats as possible |
Exploit the discovered threat |
| Frequency | Automated, cost effective, and quicker |
Relatively costly and completely manual also requires highly skilled |
| Solution | Not provide a proper method to mitigate |
Reveals full details of the threat exploited and how to mitigate the risk |
| Suite | To non-critical systems or labs environments |
Ideal for critical real-time systems and physical network architecture |
Cloud Security
Cloud Security Protection
Organizations are looking to assess their cloud risks, evaluate cloud threats and validate their cloud technology controls in the growing migration to cloud-hosted environments. This enables organizations to have a mature cloud security posture.
FORT experts have seen a significant increase while dealing with cloud-related incident response to the expanded attack surface, after the Covid-19. The demand for cloud security services is rising exponentially with the expanded attack surface. Our Security Experts adopts standards of penetration testing methodology to perform simulated attacks in your environment that mirror attack behaviors in the realm of “Simulated attack” to identify the current security posture of the Cloud security, associated risk and remediation techniques.
Web Application Security
Web Application Penetration Test
Our experts are actively involved in identifying the world’s most critical web application security flaws through ongoing hands-on research and contributions to security projects such as OWASP TOP 10, Web Application Security Consortium Threat Classification and Common Vulnerability Scoring System (CVSS).
Many firms place a high value on web apps. For instance, the efficient and secure running of an online store is entirely dependent on these programs. Of course, there are a variety of other uses for these applications, including online banking, examining test results, accessing digital content (media, games, etc) and scheduling appointments at the doctor’s office.
Websites that require a login to view sensitive personal information are particularly at risk. While these websites often have strong security measures in place to prevent unauthorized access, things can go wrong once a person logs in and the risk of threats such as CSRF and XSS is present.
To ensure security we take the following steps:
- Test against brute force method of credentials cracking
- Testing the registration and login pages for possibilities of privilege escalation
- Testing session management structure
- Testing horizontal and vertical authentication
- Testing for attacks such as SQL, CSRF and XSS
- Testing the business logic and attempting to abuse it
- Testing for the presence of standard security standards such as CSP
- Testing TLS strength
All these aspects are covered by our penetration testers and along with this we also utilize Immuniweb Web Penetration Testing. We employ ImmuniWeb® On-Demand to find OWASP Top 10, PCI DSS 6.5 List, and SANS Top 25 vulnerabilities in your online applications, RESTful APIs, and microservices. We locate complex business logic, privilege escalation, and authentication bypass flaws. Customize testing with MFA, OTP, or SSO in Black Box or authorized multiuser mode.
Mobile App Security
Mobile Application Penetration Test
Before releasing the mobile application, Penetration tests are essential to handle the sensitive data and exploitation of your industrial compliance.
Mobile applications are designed to be very simple and easy to use from a user’s perspective. Authentication is simple and data is often stored locally, this makes mobile applications extremely vulnerable to cyber-attacks.
To secure mobile applications we look for the following:
- Misuse of the operating system’s security features, such as biometric authentication.
- Unencrypted local storage of sensitive data such as login credentials.
- Role-based access control features to avoid privilege escalation.
- Reverse engineering protection.
- Insecure configuration(VPNs, databases, application servers).
- Improper cryptography implementation.
- Authentication and session management.
All these aspects are covered by our penetration testers and along with this we also utilize Immuniweb Mobile Testing Suite. ImmuniWeb® MobileSuite, we identify the OWASP Mobile Top 10 flaws in your iOS or Android mobile app and the SANS Top 25 vulnerabilities in the endpoints of the mobile app. We check to see if the privacy, compliance, and encryption features of your mobile app adhere to industry best practices.
Network Security
Network Penetration Test
To safeguard the IT infrastructure network entrusted to them, cybersecurity experts have to be right all the time. A hacker, on the other hand, only has to be right once.
Our network penetration test, also known as a pen test, aims to find software system weaknesses by simulating a cyber-attack. This simulated attack evaluates an organization’s ability to withstand a breach or compromise as well as the resilience of its information security.
Internal Network Testing
It is possible that an attacker may somehow be able to find their way into your network. This can lead to massive security problems and internal network testing is done to address this. In an internal penetration test, we will do an exploratory network analysis with the goal of acquiring highly privileged (administrator, root) access to the network, the resources, and the entire Windows domain (if applicable). During this phase, testing will also be done on internal applications, databases, ERP systems, and management systems. This is divided into an initial exploring phase and a post-exploratory section in the real world.
The exploratory phase includes:
- Sniffing network traffic
- Accessing sensitive data servers
- Acquiring information on specific employees
The post-exploitation phase includes
- Obtaining Admin credentials
- Privilege escalation
- User exploitation
- Backtracking to wipe our digital fingerprint
External Network Testing
An external pen test takes place from the perspective of an attacker on the outside. It assumes that the attacker does not have access to the internal network and will have to use publicly available information such as public IPs ect to somehow perform an attack. Our team mimics these through the following steps:
- Social engineering on employees for access
- Fingerprinting of network and data gathering
- Target external assets (VPN, IDS/IPS,Web-apps,SaaS apps,routers)
Systems Security
System Penetration Test
Our penetration tester uses a simulated attack on a system device to find its vulnerability, by using tools, techniques, and processes to demonstrate and evaluate the business impacts of weaknesses in a system.
Our experts examine user and group configurations, local access control configurations, local system configurations, local patch configurations, clear text storage of passwords, and clear text storage of sensitive data during the host base penetration test. We also review physical security controls, software security controls, access control lists, local system configurations, and local patch configurations.
Our system penetration testing is a host-based testing method that includes devices from individual separate machines to virtualized environments such as VMs, Remote desktops, dockers/containers, etc as well as servers.
Our penetration tester uses a simulated attack on a system device to find its vulnerability, by using tools, techniques, and processes to demonstrate and evaluate the business impacts of weaknesses in a system.
Our experts examine user and group configurations, local access control configurations, local system configurations, local patch configurations, clear text storage of passwords, and clear text storage of sensitive data during the host base penetration test. We also review physical security controls, software security controls, access control lists, local system configurations, and local patch configurations.
Our system penetration testing is a host-based testing method that includes devices from individual separate machines to virtualized environments such as VMs, Remote desktops, dockers/containers, etc as well as servers.
It is getting harder to manage physical workstations. Because of this, a lot of businesses offer remote desktop access via virtualization tools like Citrix and VMware. With less overhead and supervision, those platforms can make it simple for partners, vendors, and remote workers to access the resources they require. However, because laptops are rarely connected to the internet, there are extra risks that come along with the convenience of access. Concave FORT locates flaws that allow unwanted access to the operating system through published desktops on virtualization software like Citrix and VMware, among others.
Key vulnerabilities we focus on:
- System misconfiguration
- Internal environment pivoting
- Privilege escalation
- Insufficient logging
Why Concave FORT ?
Our team of penetration testers will tailor ad-hoc or ongoing programs of penetration testing towards your needs and circumstances, and can provide the services based on the level of criticality of your business. By following industry standards such as NIST SP 800-115 along with our vast range of standardized automated testing tools, we effectively and efficiently perform pen-testing to secure business assets as soon as possible. ConcaveFORT’s experts not only use industry-leading tools but also manually perform testing where required in order to customize testing for each and every client. Once testing is complete, our experts generate a detailed analysis report along with a remediation plan and post-testing services going forward to help mitigate identified vulnerabilities.
Standard
At Concave FORT, we aim to make security more understandable, quantifiable and accessible. That is why we follow the most up-to-date regulations and standards.
This gives you the ability to compare the security levels of other systems and gives you confidence in the breadth and depth of our testing. Concave FORT collaborates with numerous organizations, including ImmuniWeb, to advance the adoption of these standards and frameworks.
Examples of some of the standards we follow:
- Application Security Validation Standard (ASVS) for (web) applications
- Relevant OWASP publications such as the Top 10 and the WSTG, supported by the OWASP Web Security Testing Guide
- SANS-top 25: the most common and most dangerous errors when making software
- NIST 800-115
- OWASP Mobile Top 10
- Up-to-date information from (software) suppliers such as Google, Apple, Amazon, Microsoft, etc.
Certifications/Accreditations
In contrast to conventional human services, ImmuniWeb uses award-winning AI technology to intelligently automate and accelerate time-consuming procedures and processes, saving up to 90% of human time. Our security specialists only undertake the most difficult jobs and procedures that require human intelligence, providing the greatest quality and most affordable service available on the market.
ImmuniWeb meets many world-recognized standards and is compliant with the following:
- ISO 27001 / ISO 27002
- HIPAA / HITECH
- EU and UK GDPR
- NIST SP 800, FISMA, CMMC
- PCI DSS
- CVE compatible
- CWE compatible
- CVSS v3
ImmuniWeb contains 5 SAAS (Software as a service) products that are used 20 plus use cases
Discovery
Neuron
On-Demand
MobileSuite
Continuous
Discovery
ImmuniWeb® Discovery makes use of OSINT and our world-class AI technology to reveal a company’s attacksurface and Dark Web exposure. The non-intrusive and production-safe finding is ideal for both continuous self-assessment and vendor risk scoring to prevent supply chain attacks.
Neuron
To advance conventional web vulnerability scanning, ImmuniWeb® Neuron unlocks the potential of machine learning and artificial intelligence (AI). Every web vulnerability scan performed by Neuron has a contractual 0% false positives SLA and finds more vulnerabilities than automated web scanners.
On-Demand
Web penetration testing is accelerated and improved by using ImmuniWeb® On-Demand, which makes use of our highly acclaimed Machine Learning technology. Every pentest comes with a zero false positives SLA and is easily customizable. Every project includes unlimited patch verifications and round-the-clock access to our security analysts.
MobileSuite
Utilizing our acclaimed Machine Learning technology, ImmuniWeb® MobileSuite speeds up and improves mobile penetration testing. Every pentest comes with a zero false positives SLA and is easily customizable. Every project includes unlimited patch verifications and round-the-clock access to our security analysts.
Continuous
ImmuniWeb® Continuous monitors your web applications and APIs for new code or modifications. Every change is quickly tested, confirmed, and sent to your team with a zero false positives SLA. Every project includes unlimited, round-the-clock access to our security analysts for adaptable, threat-aware pentesting.
Penetration Testing Methodology
Concave FORT penetration testing services are built on a methodological approach to finding and reporting vulnerabilities. Our expert's approach entails;
Pre-Engagement
To identify all assets that are included in the pen test’s purview, we carefully collaborate with the client.
To start the penetration test, penetration testers will get ready and acquire the necessary hardware, operating systems, and software. A penetration tester will specify the necessary tools at the beginning of each penetration test. The required tools vary based on the type and scope of the engagement. The penetration tester will begin the testing based on the given scope and keep a test record throughout the testing.
Intelligence Gathering
The client will give the penetration tester a general description of the targets that are within scope and the tester will collect additional information from readily available sources. In order to generate intelligence that could be used to exploit the client, we gather publically accessible information using open-source approaches (OSINT).
Vulnerability Analysis
To fully understand the client’s attack surface, we thoroughly evaluate the network architecture and applications. In order to find security flaws to exploit, we thoroughly audit the programs running on the target hosts. Penetration testers locate, confirm, and assess the security threats that vulnerabilities present. This vulnerability study seeks to identify exploitable holes in the client’s system.
Exploitation
To access target systems and data, we exploit identified vulnerabilities. In an effort to compromise the client’s system and security, the pen tester will use the vulnerabilities found. We also make an effort to compromise a user with a privileged account.
Post-Exploitation
After the testing is complete, we use compromised systems as a mechanism to further attack more assets.
Reporting
We offer a pen test report that was personally prepared, along with an executive summary and suggestions on how to successfully address threats.
Our Goals
Intuition
Identification of attack surfaces of the application, finding every minute detail which can be used to abuse your application, leading towards vulnerabilities.
Vulnerability
Identificaiton of the vulnerabilities in your application or systems, and prioritizing on the basis of high risk and providing remediation/stratregy to fix the vulnerability.
Compliance
After performing patch verification, we are committed towards the security and protecting important assets for our customers & stakeholders.
Our Approach
Scoping and Planning
- Client Engagements
- Gather Testing Requirements
- Preparing Rules of Engagement
Reconnaissance
- Intelligent Information Gathering
- Entry Points to Access
- OSINT Tools for Passive Information Gathering
System Fingerprinting
- determining Network Ranges
- Identification of Active Machines
- Ports and Access Points Analysis
Vulnerability Analysis
- Vulnerability Identification [Manual/Automated]
- Determining Gateways & Vectors into the Network
- Prioritizing the Vulnerabilities
Exploitation
- Attempts to Penetrate in Your Network [If In-Scope] & Gain Control
- Finding How Far the Attack Could Go
- Establishing Admin Privileges
Reporting & Remediation
- Executive Summary
- Technical Report on Findings
- Providing Strategical Recommendations to Improve the Security Posture
Good to Know
Black-Box
- High-Level Assessment
- Testing from External or End-User Perspective
- No Prior Knowledge & Zero Access to Network
Grey-Box
- Comprehensive Approach
- Some Level of Knowledge & Access to Target
- Internal Relevant Functions are Known
White-Box
- Low-Level Testing
- Checks for Internal Functioning of the System
- Highest Level of Knowledge & Access to Target
Proof Points
Business Benefits
- Risk Management
- Increase Business Continuity
- Protect Clients, Partners and 3rd Parties
- Maintaining Quality
- Evaluate Security Investments
- Protect Reputation
- Maturity Level of Organization
- Business Enhancement
- Achieve Accreditations
Why Concave FORT Consulting?
- We follow the best practices of CREST, NIST, OWASP, CMMC, CIS.
- We follow top methodologies for Penetration Testing, PTES, OWASP, NIST, OSSTMM, ISSAF.
- We can evaluate the maturity level of your organisation in the current and post-testing state.
- We believe in client satisfaction and for what we have our own set of Questionnaires to judge and manage your cyber security posture so you don’t have to.
- We have a dedicated team with an extraordinary set of skills and talent to identify the risks and remediate them.
- We value our client’s privacy.