What is the difference between an Internal and External Test?
Internal Test means that our tester will be onsite, simulating an internal breach by someone in your office. For example, our tester will simulate a hack into your company’s servers from within your network – either over WiFi or plugged into your network.
External Test means that our tester will try to hack into your company’s system from outside your network or anywhere in the world. For example, our tester will simulate a hack into your company’s website from a Starbucks or even from Indonesia.
What is the difference between VA and PT?
Vulnerability Assessment (VA) is an assessment that will only assess the vulnerabilities in your environment without testing for confirmation. It is basically a non-intrusive assessment. For example, when you see a GP doctor for a Knee Pain, a general assessment will be provided and the doctor will then advise you to rest, apply some cream, and monitor.
Penetration Testing (PT) includes VA, but with the additional testing for confirmation. This means that the assessment will comprise of both the assessment for vulnerabilities in your environment, as well as testing to provide proof of breach. For example, after seeing a knee specialist for the bad knee, the doctor will assess it, before conducting some tests to simulate the pain in order to confirm the right prognosis, and apply the most suitable and effective follow-up treatment.
What is the deliverable of the tests?
2 reports will be provided for both VA and PT – one after each round of testing.
What is the process for testing?
There will be 2 rounds of testing.
1st Round of Testing – by eVantage Technology
Based on the Client’s requirements, the 1st test will be conducted. A report, which includes the current vulnerabilities, proof of breaches (where available), and recommendation to address the risks found, will be provided to the Client.
Rectification Work – by Client
The Client is then tasked to follow the recommendations provided in the report to secure its environment before a 2nd test will be conducted.
2nd Round of Testing – by eVantage Technology
After the rectification done by the Client, a 2nd test will then be conducted to ensure the environment has been successfully secured. After the 2nd test, a second report, which includes the current vulnerabilities, proof of breaches (if any), and recommendation to address the risks found (if any), will be provided to the Client.
However, do take note that there should not be any vulnerabilities found in the 2nd test if the client chooses to follow the recommendations provided in the first report and effectively secures its environment.
How long will the entire process take on average?
The length and duration of the entire VAPT process will depend on the scope of test and the time required by the Client for rectification work.
Hence, it is important for the Client to provide us with a rough projected timeline when filling in the form above, in order to minimize any potential delays in entire process.