Vulnerability Assessment and Penetration Testing

Full security scan & testing methods to identify any potential
cybersecurity threats within your system & network

VAPT helps identify cybersecurity
risks and threats within systems

Vulnerability Assessment and Penetration Testing (VAPT) is able to provide a ‘point in time’ assessment, or snapshot of the target environment and gauge cybersecurity issues found during the test against industry standards and the knowledge of the security consultant.

VAPT can be conducted as required or at fixed time interval, across any information technology systems. It is an ideal service to help identify vulnerability and risks within any systems or networks. It is also ideal for any web applications that are protected behind Cloudflare.

The VAPT by SecureAX follows a structured, coherent, and systematic approach. The penetration test employs several methodologies, dependent upon the service being executed and the determined scope and its boundaries. In general, a four‐phased methodology is being followed during the penetration test. These phases include reconnaissance, vulnerability analysis, exploitation, and post exploitation.

Reconnaissance

SecureAX will use passive methods like researching publicly available information and network scanning on your targeted systems

Vulnerability Analysis

SecureAX will help you identify the vulnerabilities, determine their severity and analyse its impact on your system

Exploitation

SecureAX will attempt to gain access by breaching security of a system or finding an bug to exploit in the software

Post Exploitation

SecureAX will detail the vulnerabilities found, provide information and evidence, and offer recommendations to mitigate

Licensed by the Cyber Security Agency of Singapore (CSA)

Penetration Testing is a regulated activity under Part 5 of the Cybersecurity Act (CS Act) in Singapore. SecureAX is a licensed cybersecurity service provider by the Cybersecurity Services Regulation Office (CSRO), to perform penetration testing services.

VAPT Scope & Offerings

The scope of penetration testing provided by SecureAX depends on your system and requirement. We are qualified to perform these VAPT:
Web Application Testing
Mobile Application Testing
Network Testing
Cloud Testing
White / Grey / Black Box Testing on specific application or services

VAPT Methodologies & Competencies

Our qualified penetration tester use the Open Web Application Security Project (OWASP) Top Ten (web application attack), ISECOM’s Open‐Source Security Testing Methodology Manual (OSSTMM), PCI-DSS, MAS-TRM, IM8, to name a few, to conduct the VAPT in full compliance to the international standards

VAPT Mitigation Steps

At SecureAX, we help you with the mitigation steps to minimise the likelihood and impact of risk happening. If you are an existing SecureAX Fully Managed customer, all the mitigation steps will be performed at no additional costs to you. If you are using another cloud service provider, hosting provider, or even running your own system, we can help you mitigate the risks identified, at a small fee.

Contact us for a quote.

Our VAPT starts from S$2,000, depending on the test perimeter and scope required

Frequently Answered Questions

What is Vulnerability Assessment & Penetration Testing (VAPT)?

Vulnerability Assessment and Penetration Testing (VAPT) is a broad range of security assessment services designed to identify and help address cyber security exposures across an organisation’s IT infrastructure and system. This can cover on-premise, off-premise or cloud based systems.

Do I have to use SecureAX Cloud Services for VAPT?

No! Our VAPT can be conducted on your on-premise system, off-premise infrastructure, cloud or hosting services with any third parties. Note that all qualified penetration testers who conduct VAPT has to maintain impartiality in the VAPT process, as part of their professional code of conduct maintained by the respective certification bodies.

Does my company require VAPT?

VAPT helps to protect your organisation by providing visibility of security weaknesses and guidance to address them. VAPT is increasingly important for organisations wanting to achieve compliance with standards including the GDPR, ISO 27001 and PCI DSS.

How often do I require VAPT to be done?

The evolving techniques, tricks and methods used by cybercriminals to breach IT systems mean that it is important to regularly test your organisation’s cyber security. We recommend at least one VAPT test per annum, depending on the size of your organisation.

Is your VAPT conducted by qualified persons?

Yes, our VAPT is conducted by qualified persons with certifications from CREST, Certified Ethical Hackers (CEH), ISACA, Offensive Security and Tiger Scheme

What do I get as part of the VAPT?

Besides the full suite of VAPT service scope, at SecureAX, we ensure that the risks and threats identified will not be left hanging. Thus, we are able to provide an optional professional service to mitigate the risks identified within VAPT.