API tools faq
paste
Advertisement
Mukezh

Session Intro to VAPT

Mukezh
Apr 1st, 2019
93
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.84 KB | None | 0 0
raw download clone embed print report
  1. Introduction to Vulnearbility Assessment and Penetration Testing
  2. -------------------------------------------------------------------
  3.  
  4. What does this VAPT stands for :
  5. V --> Vulnerability : The LOOPHOLES ,security misconfigurations which can cause an attacker to get inside a network or website or in other terms the ways which help an attacker to intrude in the systems.
  6. A --> Assessment : It simply mean that analyzing the vulnerability and scanning the vulnerability onto how much it could cause damage to the victim.
  7. P --> Penetration : When you get the vulnerability and is accessed, a report is generated and through that further exploitation or intrusion is done this is known as penetrtion .
  8. T --> Testing : When a person is penetrating it requires several procedures or attacks to penetrate this is done thrugh this testing phase.
  9.  
  10.  
  11. Most of the scenario this whole process is carried out in two parts
  12. VA and PT
  13.  
  14. VA : Scanning of loopholes and weak security points. In this phase we just scan for the devices, web application, server, network, website and database.We don't penetrate in this phase.
  15.  
  16. PT : To gain access into the scanned vulnerabilities. We just try to hack into the services, devices, web application, servers and databases via the scanned vulnerabilities.
  17.  
  18. Several bug bounty programs :
  19. www.bugcrowd.com
  20. www.hackerone.com
  21. firebounty.com
  22.  
  23. =======================================================================
  24.  
  25. OWASP TOP-10
  26. ============
  27. Open Web Application Security Project
  28. -------------------------------------
  29. It is non-profit charitable organisation, which works towards the security of the web application. They gather the information from all around the globe. They gather the information through CTF initiative.
  30. They open challange the whole hacking community, to hack into the online system and capture the flag, in return, they will provide with the bounty. They gather the logs of the attacks which are performed in the CTF.
  31. After gathering the whole logs, they perform the analysis of these logs and categorise the attacks accordingly.
  32. They release a list of 10 attacks.
  33. OWASP TOP 10. --> top 10 attacks.
  34.  
  35. A1 -Injection
  36. A2 -Broken Authentication and Session Management
  37. A3 -Cross-Site Scripting (XSS)
  38. A4 -Insecure Direct Object References
  39. A5 -Security Misconfiguration
  40. A6 -Sensitive Data Exposure
  41. A7 -Missing Function Level Access Control
  42. A8 -Cross-Site Request Forgery (CSRF)
  43. A9 -Using Components with Known Vulnerabilities
  44. A10 -Unvalidated Redirects and Forwards
  45.  
  46. OWASP 2013 --> Stable
  47. OWASP 2017 --> Data insufficient
  48. https://www.owasp.org/images/7/72/OWASP_Top_10-2017_(en).pdf.pdf
  49.  
  50. https://cybermap.kaspersky.com/
  51. https://www.fireeye.com/cyber-map/threat-map.html
  52. http://map.norsecorp.com/
  53.  
  54.  
  55. =====================================================================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!