Vulnerability Assessment / Penetration Testing (VAPT)

One of Secura's most valued services, and the service with the longest history within Secura, is Vulnerability Assessment and Penetration Testing (commonly known as VAPT).

Adobe Stock 238462607

Companies are more and more dependent on data. Be it for sales, R&D, or their actual product portfolio. Protecting this data is vital, and often also compulsory (for instance when it concerns personal information). Data is accessed by authorised users through applications that contain business logic and security functions. If any weaknesses exist in these access layers, then risks will arise to the business. In order to be in control of these risks, it is necessary to assess the security measures by testing their effectiveness.

Within our methodology we use various tooling and phases, such as reconnaissance, threat assessment, vulnerability assessment and vulnerability scanning.

We record the outcomes of the security test in a clear report with a concise management summary, an extensive risk analysis for each outcome and recommendations on a strategic, tactical and operational level.

Crystal, grey or black box security test

Iconen testing mg 16

Crystal box test

Our consultants have prior access to all relevant information, such as internal source codes, configuration files and (design) documentation. This test is also known as a white box test. The major advantage of this in-depth assessment method is the ability to assess how problems have been solved. Was a structural solution chosen, or has use been made of ad hoc 'fire fighting', has the software been solidly designed and well documented? These matters of quality determine to a substantial degree the level of your future digital security.

Iconen testing mg 14

Grey box test

The grey box is an intermediate form, in which our consultants have credentials and possibly user documentation available. We use this test to assess how a registered user could abuse the IT environment. Is it possible to assume the identity of another user or the application administrator? Is it possible to gain unauthorised access to data? Is it possible to take control of a session or to guess session IDs?

Iconen testing mg 13

Black box test

With a black box test our consultants receive little to no information in advance. A black box test is comparable to an attack by digital intruders (within the time available). We use this to verify what can be done without credentials. For example, is it possible to bypass the login procedure?

Icon mg 02

Penetration testing

During a Secura penetration test, or pentest, our consultants use the available time to look for a weak spot in your security and subsequently attempt to exploit it, for example to penetrate further into a LAN- or extranet environment. The aim of a pentest is to illustrate as clearly as possible what the consequences of a certain issue with your IT security could be, and what that would mean to your organization. A penetration test allows us to demonstrate the seriousness of IT security issues, so that your organization becomes aware of the potential dangers. Many organizations choose to implement a structural approach to their IT security as a direct result of this test.

Secura will record the outcomes of the penetration test in a clear report with a concise management summary, an extensive risk analysis for each outcome and recommendations on a strategic, tactical and operational level.

Fact sheets

Vulnerability Assessment & Penetration Testing

Explains the scope, targets and technologies of Vulnerability Assessments and Penetration Testing.

Download fact sheet file_download
Secura Contact Shape
Partners of Secura

Cybersecurity is more than technology alone. Secura collaborates with partners in compliance and risk management, integrated application security, privacy, IT- and internet law and certification.