While vulnerability assessment and remediation is used to strengthen the computer system, it is also important that suitable penetration tests be performed periodically to identify the possibilities of how a system may be compromised. The primary purpose of penetration testing is to identify the exploitation possibilities of an identified vulnerability.
The following diagram illustrates the process of Vulnerability Assessment and Penetration Testing (VAPT):
VAPT can be performed in the following nine-step process:
While performing assessments and tests, the scope of the assignment needs to be clearly defined. The scope is based on the assets to be tested. The following are the three possible scopes that exist:
a. Black Box Testing: Testing from an external network with no prior knowledge of the internal networks and systems.
b. Gray Box Testing: Testing from an external or internal network, with knowledge of the internal networks and systems. This is usually...