How to perform Infrastructure Vulnerability Assessment & Penetration Testing

In this blog we will explain some important steps how to perform Infrastructure Vulnerability Assessment & Penetration Testing (Infra VAPT). There are some steps which require to follow while performing Infrastructure Vulnerability Assessment & Penetration Testing.

Planning and Preparation Phase

As part of planning the pentesting team must decide what amount of access is necessary, what kind of testing environment is needed, how to access it, and other factors as part this stage.

After planning phase is completed, then the application or infrastructure owner and their team need to start working on the assessment requirement fulfillment because good preparation is essential and ensures a time-efficient execution of the assessment.

The pentester acts like an attacker and attempts to find the vulnerability and exploit that vulnerabilities within the scope and border granted by the engagement rules.

Information Gathering and Analysis Phase

As a part of information gathering and analysis phase the penetration tester starts gathering as much as information about in-scope target infrastructure and applications.

Below mentioned few tools which we will use in this phase:

Netdiscover, Nmap and Snmpwalk.

Vulnerability Detection Phase

As a part of vulnerability detection phase the penetration tester use multiple tools and techniques to find out loophole or vulnerabilities which are present on infrastructure and applications.

Below mentioned few tools which we can use in this phase:

Nessus, Nmap, Nikto, Wireshark etc.

Penetration Attempt Phase

As a part of penetration testing phase the penetration tester start attacking like an attacker on in-scope target infrastructure and applications.

Below mentioned few tools which we will use in this phase:

Metasploit, Nmap, Snmpwalk etc.

Reporting and Clean Up Phase

As a part of reporting and clean up phase the penetration tester creates report in as such a way that any technical or non-technical person can also understand about vulnerabilities and developer & infrastructure teams can fix that issues. The clean-up phase will perform after completion of penetration testing in which all testing tools, malicious testing file, payloads, licenses etc. which are used during penetration testing will remove completely.

References:

• https://www.freepik.com/