All about VAPT

The Hackers Meetup
3 min readAug 31, 2023

VAPT is one of most demanding and interesting topic in cyber security domain. So, in this we will discuss about VAPT and how to get started into this?

What is VAPT?

VAPT stands for Vulnerability Assessment and Penetration Testing. It combines two distinct but closely related activities: Vulnerability Assessment and Penetration Testing, both of which are crucial for identifying and addressing security weaknesses in an organization’s IT infrastructure.
Vulnerability Assessment is all about analysing the systems, network or website for finding the loopholes or misconfiguration in it. I am not talking about the exploiting that vulnerability, its just finding that there can be a vulnerability due to that symptom.
Penetration Testing is about testing or exploiting the vulnerabilities identified during the vulnerability assessment phase, by performing a real-world cyber attack on a system to determine how effectively it can resist and recover from various security threats. Penetration Testing is also referred as Pen Testing.

Why VAPT is essential?

The importance of vapt can be understood by following points:

  • VAPT helps organizations proactively identify vulnerabilities and weaknesses in their IT systems, networks, and applications. This is crucial because attackers often target these vulnerabilities to gain unauthorized access or compromise sensitive data.
  • By identifying and addressing vulnerabilities before they are exploited by malicious actors, VAPT helps reduce the overall risk of security breaches, data leaks, and cyberattacks.
  • Many industries and sectors are subject to regulatory requirements and compliance standards that mandate regular security assessments. VAPT helps organizations meet these requirements and demonstrate their commitment to security best practices.
  • VAPT helps protect sensitive data, such as customer information, financial records, and proprietary data. Preventing data breaches and leaks can save organizations from reputational damage, legal liabilities, and financial losses.
  • Fixing vulnerabilities and addressing security issues after a breach can be far more expensive than preventing them in the first place. VAPT helps organizations minimize the financial impact of security incidents.

How to start Learning VAPT?

There are few common things to learn, it doesn’t matter either you are going for VAPT, SOC, or Digital Forensics etc., these are mentioned below with free resources:

  1. Computer Networks:
    It will help you to understand connection and communication between the computers, network architecture, protocols, configurations and many more. Understanding these things are necessary because if we do not understand the how things work then how we are supposed to exploit it.
    Materials:
    Professor Messer
    CISCO
    Bitten Tech(Hindi)
    JavaTPoint
    GeeksForGeeks
    Cybrary
  2. Linux:
    Linux gives more access to its users, it’s open-source, less prone to malware, lightweight, portable, and very compatible with multiple hacking tools.
    Learning Materials:
    Linux by Cyber Mentor
    Linux Essentials For Hackers
    JavaTPoint
    Cybrary
    For Practise:
    OverTheWire
    TryhackMe
  3. Web Application Working:
    Understanding of Web Application working will help in finding the loopholes, if you have proper understanding how client interact with server, what is the role browser in it and its protocol, then you will able to find vulnerabilities in it.
    Materials:
    Web Working from developers perspective
    Web Server Concepts
    Internet working to Web working Explained
    Browser Working from Engineers side
    What happens when you type google.com?
    Having difficulty to sleep, try watching this (How brower works)

Now, it’s time to go deep towards VAPT. Here you go:

Bonus Resources:

Few tips from my side, use twitter follow famous hackers (like GodfatherOrwa ), hashtags, you will get latest news, resources , tips and tricks from those and it will definitely help you to advance in your goal. You can also follow some youtube channels like Nahamsec, HackerSploit, InsiderPhD, RedTeamVillage etc. and apart from this always read blogs.

Thank you for reading, hope it was helpful!!!

Written by: Anonymous Knowledge | LinkedIn | Twitter

--

--

The Hackers Meetup

Initiative of @viralparmarhack to provide a proper platform for cyber security researchers & like-minded people to establish a community.