Information Security Audit Service

cyber logo

Information Security Audit Service (VAPT)

Vulnerability Assessment & Penetration Testing (VAPT) is a security testing methodology in which the IT systems such as computers, mobiles and networks, and software such as operating systems and application software are scanned in order to identify the presence of known and unknown vulnerabilities. VAPT comprises of two, more specific methods.

  • Vulnerability Assessment (VA) is the first stage. VAPT team identifies all vulnerabilities in an application or network. While this method is great for identifying vulnerabilities, it cannot differentiate between exploitable and non-exploitable vulnerabilities. It is an examining approach which is conducted both physically and performed by specific instruments or applications.
  • Penetration Testing (PT) is the second stage. Penetration Testing takes the vulnerabilities identified in the first step, identifies exploitable vulnerabilities, and attempts to exploit them. Using these two methods together in VAPT helps organizations to get a more cohesive picture of their current security vulnerabilities, how exploitable they are, and how large the impact could be on them.

The primary purpose of vulnerability and penetration tests is to identify, evaluate, and mitigate the risks due to vulnerability exploitation.


Types of Test

  • Remote Vulnerability Assessment and Penetration Testing for IT Assets
  • Internal Vulnerability Assessment and Penetration Testing for IT Assets
  • Server configuration reviews
  • Desktop audits
  • Password audits
  • Patch audits
  • Mobile/Web application Penetration Testing


Benefits of VAPT

VAPT provides enterprises with a more comprehensive network, OS, configuration, and application evaluation than any single test alone, enabling the business to better protect its systems and data from malicious attacks. The major benefits include:

  • Identifying vulnerabilities and risks in your web/mobile applications and networking infrastructure
  • Validating the effectiveness of current security safeguards
  • Quantifying the risk to the internal systems and confidential information
  • Providing detailed remediation steps to detect existing flaws and prevent future attacks
  • Validating the effectiveness of security and system updates/upgrades
  • Protecting the integrity of assets in case of existing malicious code hidden in any of them
  • Helping achieve and maintain compliance with applicable International and Federal regulations

STPI being a Govt of India agency, its prime objective is to support the industry to enable them to conduct their business in a more secured manner, maintain the CIA of the valuable data and reduce business losses caused due to various information threats & attacks.

For any query related to VAPT, please contact:

Mr. Amit Bansal
Director - STPI 

Ph: +91-11-20815086
Fax: +91-11-20815076
E-mail: vapt[at]stpi[dot]in

Back to Top