Process

We follow a systematic and yet agile approach to test website security. This helps our customers gain an extremly accurate and elaborate results along with a knowledge base and years of experience on the subject matter.

Cloud App Security Process

Before Testing Starts

  • Sign NDA

  • Freeze on scope

  • Study Cloud App Architecture

  • Study Cloud User Roles

  • Decide attack vectors and prioritize

  • Allocate single point of contact

After Testing

  • Analyse logs

  • Confirm results

  • Apply Knowledge

  • Apply Experience

  • Repeat Test if required

Testing Outcome

  • Detailed technical report

  • Executive summary

  • High level fixation solutions

  • Certificate of testing completion (optional)

Valency's approach

Black box testing

They are professionals who have no knowledge of the internal structure of the system or the network.

Grey box testing



They are professionals with partial knowledge of the internal workings of an application or networks. This test often reveals context specific errors related to the web applications

Cloud Security Testing (VAPT) Consultancy vendor company, Process

Automatic and manual testing

Cloud Security Testing (VAPT) Consultancy vendor company, Cloud App Security Process


For certain vulnerabilities like cross site scripting (XSS) and SQL injection, automated scanning tools are used as they have the ability to find the vulnerabilities quickly and systematically. Whereas manual testing is used to cross check false-positive or false-negative results shown by automated testing tools and to run customized scripts to identify application-specific vulnerabilities.

Testing phases

Reconnaissance




Also known as foot printing. It’s a process of gathering data or preliminary inspection of an area of interest over a short period of time.

Cloud Security Testing (VAPT) Consultancy vendor company, Scanning

Scanning

Cloud Security Testing (VAPT) Consultancy vendor company, Gaining Access


Collect more detailed information based on previous phase. Also known as enumeration

Gaining access




This is the actual attack phase; so, the risk level is considered highest

Cloud Security Testing (VAPT) Consultancy vendor company, Scanning

Maintaining access

Cloud Security Testing (VAPT) Consultancy vendor company, Gaining Access


If the intentions of the hacker will not be satisfied by acquiring access then maintaining that access is also important.

Covering tracks



It is in the best interest of the hacker to erase his fingerprints from the scene. Rootkits to an extent does the job, but a hacker can modify log files to hide all those programs or applications that he has installed, from the view of the computer system.

Cloud Security Testing (VAPT) Consultancy vendor company, Gaining Access

Gathering logs

Cloud Security Testing (VAPT) Consultancy vendor company, Scanning



Keeping a record of the scans or reports gathered from the attack/scan performed.

Testing outcomes:

Cloud Security Testing (VAPT) Consultancy vendor company, Gaining Access

Detailed technical report In the detailed technical report we include the entire process followed while performing VAPT on cloud based web application or any services. It includes the tests performed, vulnerabilities found, risk severity, attachment of the evidences, etc.

Executive summary It contains brief explanation of the entire Process and the finding. To make it more understandable for clients we also use graphical and chart representation of the vulnerabilities found and attacks possible on the same

High level fixation solutionswe not only deliver you our findings on the vulnerabilities and risks, but also share the best possible solutions for the same. Our fixation solutions are also found much accurate and efficient by our customers/clients.


What Our Customers Say?

Valency Networks is a very techie company, focusing on a continuous improvement in service quality. Our customers like us exactly for that and that helps us keep our quality to the best extent.