Our VAPT Methodology
We primarily follow the Open Web Application Security Project (OWASP) guidelines as a benchmark. However, over time we have developed our own Hybrid Methodology that brings together the best of OWASP, OSSTM, WASC and NIST standards. This hybrid methodology involves a set of comprehensive checks which ensures that no vulnerabilities are missed during testing.
The process involves an active analysis of the application for any weaknesses, technical flaws, or vulnerabilities. Any security issues that are found are presented to the system owner together with an assessment of their impact and often with a proposal for mitigation or a technical solution.
Our methodology is designed to be exhaustive in two dimensions.
- Testing for all known attacks
Testing on all possible points of entry (For large applications sample sections may be tested for testing, while solutions need to be applied across the entire application)
We will find logical security flaws that are specific to your application and also the widely popular application security attacks. Thus after subjecting your applications to the rigorous testing you will know how secure your application is against logical attacks as well as the popular technical attacks both of which are aimed at breaking or circumventing application controls to steal information, gain unauthorized access or perform illegal transactions.
A typical application security test undergoes the following stages:
- Understanding the application
- Identify potential security risk
- Develop test cases
- Execution of Test cases
- Reporting (Findings and their solutions)
- Coordinating with developers to fix the reported findings
Retesting the application for confirmation of fixes, if required