Back to All

Vulnerability Assessment and Penetration Testing

Projects and organisations could have vulnerabilities which are not evident or difficult to identify. The most common methods to trace them are Vulnerability Assessment and Penetration Testing (VAPT). These two activities have different scope of coverage and different procedures. But together they open up all the major vulnerabilities in a system and proved to be a strong solution.

Vulnerability testing can be executed in the project codes and in the organisation networks, depending upon the scope defined and tools chosen. In the vulnerability testing, all the flaws in the system are realised without differentiating those could create damage and those cannot. Vulnerability system notifies the areas of concerns and the location of those vulnerabilities in the system.

Meanwhile, Penetration testing aims to reveal the vulnerabilities in the system and detect the possibility for unauthorised or malicious activities in it. Penetration testing evaluates these threats on the basis of severity and illustrates the damage they could create during a real attack rather than pointing out all the flaws in the system.

Combined, these two testing methods portrait the vulnerabilities of a system and the risks associated with this. In effect, VAPT functions as a protective mechanism for an infallible organisational system.

Vulnerability Assessment Process

Step by step Vulnerability Assessment Process to identify the system vulnerabilities.

Step 1

Goals & Objectives

Define goals and objectives of Vulnerability Analysis.

Step 2


Black Box TestingTesting from an external network with no prior knowledge of the internal network and systems.

Grey Box TestingTesting from either external or internal networks with the knowledge of the internal network and system. It's the combination of both Black Box Testing and White Box Testing.

White Box TestingTesting within the internal network with the knowledge of the internal network and system. Also known as Internal Testing.

Step 3

Information Gathering

Obtaining as much information about IT environment such as Networks, IP Address, Operating System Version, etc. It's applicable to all the three types of Scopes such as Black Box Testing, Grey Box Testing and White Box Testing.

Step 4

Vulnerability Detection

In this process, vulnerability assessment tools / scripts are used to scan the IT environment and identify the vulnerabilities.

Step 5

Information Analysis and Planning

It will analyse the identified vulnerabilities to devise a plan for penetrating into the network and systems.

Vulnerability Assessment Cycle

Step 1


  • Begin Documentation
  • Update Tools
  • Secure Permissions
  • Configure Tools / Scripts
Step 2

Test Execution

  • Execution of tools and scripts
Step 3

Vulnerability Analysis

  • Defining and classifying network or System resources.
  • Assigning priority to the resources( Ex: - High, Medium, Low)
  • Identifying potential threats to each resource.
  • Developing a strategy to deal with the most prioritized problems first.
  • Defining and implementing ways to minimize the consequences if an attack occurs.
Step 4


Step 5


  • The process of fixing the vulnerabilities.
  • Assigning priority to the resources( Ex: - High, Medium, Low)
  • Performed for every vulnerability

Summary Report




Technical Report