Virtual VAPT service of ESDS comes with a complete security audit of your web applications / web sites for CERT-in Certification followed by regular vulnerability scanning with ESDS VTMScan.
ESDS will deliver this service in 2 phases.
Phase 1 – Web Application Security Audit by a CERT-in empaneled Agency
Phase 2 – VTMScan Annual scanning service for web application (Based on selected plans)
That makes it the most unique offering in the security market today for a complete security assessment of critical web presence of client.
Phase 1 - Web Application Security Audit by a CERT-in empaneled Agency
Application Security Audit
Application Security Audit is the process of actively evaluating all the components to ensure that they have been developed within the guidelines of security best practices. It is an important step during the process of certifying applications. During this step, the modules are individually tested for a number of weaknesses and properties. The application only passes the review if it exhibits all required properties. Errors in development (known variously as bugs, flaws or vulnerabilities) could allow an attacker to gain access to the confidential information or deny authorized users to access the Application; with potentially catastrophic results. Application Security Audit is of great importance to avoid security holes in the application itself. It improves the reliability, stability and performance of the application. The results of the application testing are delivered in a comprehensive report highlighting the vulnerabilities and mitigating the risk.
Application Security Testing
There are two types of testing carried out for the complete check of the Web Application i.e. Functional Test and Internal logic test. Black box testing assesses the functional operating effectiveness and White box testing assesses the effectiveness of software program logic. We would be carrying out the Black Box testing for the application. As the Application has various roles defined for various users we will be carrying role based functionality testing to ascertain any security flaws. The First level Application Audit would highlight the vulnerabilities in the Application like Cross Site Scripting, vulnerability to SQL Injections, Buffer Overflows, Invalidated Inputs, insecure storage etc. These would need to be addressed by the Developers, post which the second or third level audits would be undertaken, if required. Removal of flaws and vulnerabilities from the Application depends on the capabilities of the Application Developers, and the subsequent level audits are driven by this necessity.
Security Audit as per OWASP Standard
The standard used for Web Application Testing is OWASP (Open Web Application Security Project). The OWASP 2017 Top Ten represents a broad consensus about what are the most critical application security flaws.
Phase 2 - VTMScan Annual scanning service for web application (Based on selected plans)
All these modules are tightly integrated with each other to provide a proactive scanning of domain.
Virtual VAPT Cert-In Certification
The first step followed is to analyses the Web-application / website / API application for appropriate security measures built into the Web Application & API application. This analysis is necessary to create a baseline so that one understands the present state better and can thus appreciate findings and recommendations.
The project entails a First Level Audit of the website/API applications, post which the Development Team would correct the vulnerabilities projected in the Audit Report. On successful patching up of the vulnerabilities, a certificate will be issued for website / web application. The methodology followed is as follows:
Search Engine Friendly - Automatic CMS Scanning, Agent based Server Side Scanning.
Detects Threats - Proactive Scan of Malwares, Security Threats, Infections, Botnets.
Keeps your Web Servers Fit - Open Port Scanning for Security threats, Mail Server IP Checks.
Prevents Website Attacks - Specialized defence against Zero Day Exploits, Advisory Security Patches, Fully trusted and Tested Custom Security for Websites.
Anticipates and Spots Flaws Proactively - Provides instance E-Mail Alerts and Warning Alarms about infected Web Pages and Codes, Exclusive Scan Reports.
Specializes in Intense Detection - Remote Web-Shell/ Unexpected files detection and CMS specific scanning (Wordpress,Joomla,vBulletin,DNN)
Virtual VAPT can be used by clients who are using websites.
Clients can use our product for Certification and Website Scanning Purpose.
If you have any queries related to the Product or require any assistance, request you to please contact us at email@example.com