VAPT Certification
Vulnerability Assessment and Penetration Testing
Vulnerability Assessment and Penetration Testing Certification is the art of finding vulnerabilities and digging deep to seek out what proportion a target can be compromised, just in case of a legitimate attack. A penetration test will involve exploiting the network, servers, computers, firewalls, etc., to uncover vulnerabilities and highlight the practical risks involved with the identified vulnerabilities
Stages of Vulnerability Assessment and Penetration Testing
Penetration testing Certification can be broken down into multiple phases; this will vary depending on the organization and the type of test conducted– internal or external. Let’s discuss each phase:
- Agreement phase.
- Planning and reconnaissance.
- Gaining Access.
- Maintaining access.
- Evidence collection and report generation.
Types of Penetration testing based on knowledge of the target
Black Box
When the attacker does not know the target, it is referred to as a black box penetration test. This type requires a lot of time and the pen-tester uses automated tools to find vulnerabilities and weak spots.
White Box
When the penetration tester is given the complete knowledge of the target, it is called a white-box penetration test. The attacker has complete knowledge of the IP addresses, controls in place, code samples, operating system details, etc. It requires less time when compared to black-box penetration testing.
Grey Box
When the tester is having half info about the target, it is referred to as gray box penetration testing. In this case, the attacker will have some knowledge of the target information like URLs, IP addresses, etc., but will not have complete knowledge or access.