For Business needs – It is becoming common practice today for customers to request Security Certifications from their partners or vendors.
For Compliance – A large number of industry standards & regulations have included Vulnerability Assessment & Penetration Testing (VAPT) as a mandatory requirement.
For Security validation – Vulnerability Assessment & Penetration Testing (VAPT) helps validate your security controls and measures against real-world attacks.
For Best-practice & data security – As attackers scale and threats evolve, there is a need within organizations to carry out proactive security audits to protect their data and systems from evolving threats.
Scope of VAPT
The scope for each audit depends on the specific company, industry, compliance standards, etc. However, the following are some general guidelines that you should consider:
Any and all devices with an IP address can be considered for a VAPT activity.
Penetration Testing should focus on your organizations external parameters (IP Addresses, Offices, People, etc)
Vulnerability Assessment should focus on your internal infrastructure (servers, databases, switches, routers, desktops, firewalls, laptops, etc)
Compliance Standards & Certifications
Compliance standards that require such audits to be carried out periodically
ISO 27002 / ISO 27001 | PCI DSS | SOX | HIPAA | TRAI | DOT
CERT-In | GLBA | FISMA | NIST | SAS 70 | COBIT
•PenTest Report Summary (For external consumption)
•Detailed Technical Report (For internal consumption)
•Remediated Results Summary ( For internal/external consumption)