VAPT....
40 views
Skip to first unread message
raman gupta
Mar 22, 2012, 2:19:43 AM3/22/12
to null
does vapt limited to scanning using nessus,acunetix etc, or what
exactly more if there is....
As for one of my teammate vapt means only scan using nessus if we talk
abut network level vapt. but as per me it include exploitation and
post exploitation... also
exactly more if there is....
As for one of my teammate vapt means only scan using nessus if we talk
abut network level vapt. but as per me it include exploitation and
post exploitation... also
Anand Pandey
Mar 22, 2012, 5:39:37 AM3/22/12
to null-...@googlegroups.com
vapt is not a single term, it is comprises of two different terms with different meaning.
VA means Vulnerability assessment which include scanning for any open ports and identifying the services running on it with the vulnerability associated with them
while the PT means penetration testing, which is one more step to VA, it includes testing all those vulnerability and trying diff-diff techniques to get the maximum level of access achievable.
Regards
Anand Pandey
VA means Vulnerability assessment which include scanning for any open ports and identifying the services running on it with the vulnerability associated with them
while the PT means penetration testing, which is one more step to VA, it includes testing all those vulnerability and trying diff-diff techniques to get the maximum level of access achievable.
Regards
Anand Pandey
me andme
Mar 22, 2012, 7:05:22 AM3/22/12
to null-...@googlegroups.com
In VA a tester needs to identify all possible vulnerabilities in the underline server system, network devices and do not exploit them. One can always do false positive removal/validation to give better results. Its not just running the tools and submit the results.
E.g. on port 21 (FTP) one can always check if FTP services is running Anonymous with 1 or 2 attempts
In PT a tester needs to indentify all possible vulnerabilities, validate them and then exploit them ONLY AFTER CLIENT'S PERMISSION.
E.g. here one can use password bruteforce/dictionary attacks etc.
rgds,
NSD
--
Get ready to Goa - nullcon Security Conference
http://nullcon.net
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
Manasdeep
Mar 22, 2012, 8:07:42 AM3/22/12
to null
Just to add, PT process also involves manual testing which gives best
results. You can detect and exploit difficult issues like CSRF, user
functionality testing etc. for Web App testing. Make sure you obtain
PRIOR client permission and have inclusion of scope before actually
performing PT.
Please don't rely absolutely on Automated tool scans like Nessus,
Acutenix etc. Use them as an aid with manual testing and cross
reference to eliminate false positive results. Also make sure to
properly configure your tools before scanning networks else they will
be blocked automatically by Firewalls/IDS/IPS if you go aggressive
scanning with Nmap. etc. Use suitable nmap switches as per the network
architecture diagram. Don't just press Scan on default Nmap
options. :) :)
Regards,
Manas.
results. You can detect and exploit difficult issues like CSRF, user
functionality testing etc. for Web App testing. Make sure you obtain
PRIOR client permission and have inclusion of scope before actually
performing PT.
Please don't rely absolutely on Automated tool scans like Nessus,
Acutenix etc. Use them as an aid with manual testing and cross
reference to eliminate false positive results. Also make sure to
properly configure your tools before scanning networks else they will
be blocked automatically by Firewalls/IDS/IPS if you go aggressive
scanning with Nmap. etc. Use suitable nmap switches as per the network
architecture diagram. Don't just press Scan on default Nmap
options. :) :)
Regards,
Manas.
webDEViL
Mar 23, 2012, 9:15:24 AM3/23/12
to null-...@googlegroups.com
You could also lay back and let your team mate think that way.
Then eventually, you (company) will get hacked and everyone will understand how good his understanding is.
He gets fired, your point proved!
win-win situation ?!?!
--
Get ready to Goa - nullcon Security Conference
http://nullcon.net
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
Prashant Guleria
Mar 23, 2012, 12:04:24 PM3/23/12
to null-...@googlegroups.com
Well brute force is good but not when the time is shoter and bout dictonary attack its not all way good 2 its just like we use wrong hammer on wrong nail...
I think creaking hashes by exploitation should be the best way.
If any budy have any other option then plz shear ...
w3bd...@gmail.com
Mar 23, 2012, 12:26:40 PM3/23/12
to null-...@googlegroups.com
That seems like a weird opinion. You have to intelligently brute force. People are the weakest links, which is known and proven.
Moreover, most organisations don't monitor. So the noise part becomes irrelevant.
Moreover, most organisations don't monitor. So the noise part becomes irrelevant.
Sent from BlackBerry® on Airtel
From: Prashant Guleria <arianbac...@gmail.com>
Sender: null-...@googlegroups.com
Date: Fri, 23 Mar 2012 21:34:24 +0530
ReplyTo: null-...@googlegroups.com
Subject: Re: [null] Re: VAPT....
Shobhit Gautam
Mar 24, 2012, 8:18:35 AM3/24/12
to null-...@googlegroups.com
VAPT is a time based hacking activity....
VA is identify loopholes and report.
PT is identify loopholes and exploit the report.
Both are time bound activities as per client level agreement. Methods can be personal it may be automated totally or partially manual or completely manual. Remember tools are not 100% false positive free.
VA is identify loopholes and report.
PT is identify loopholes and exploit the report.
Both are time bound activities as per client level agreement. Methods can be personal it may be automated totally or partially manual or completely manual. Remember tools are not 100% false positive free.
Reply all
Reply to author
Forward
0 new messages