Cyhex VAPT Report

The vulnerability assessment and penetration testing report for cyhex's web application, conducted on 29 September 2024, identifies various vulnerabilities categorized as Critical, Medium, and Low. The assessment utilized both automated tools and manual testing methods, including Burp Suite, Nessus, and OWASP ZAP. Recommendations for remediation are provided to mitigate the identified security risks.

Uploaded by

RATAN THE ARTIST

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

37 views6 pages

Cyhex VAPT Report

Uploaded by

RATAN THE ARTIST

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 6

Vulnerability Assessment and Penetration Testing

Web Application Security Report

Client Name: cyhex

Domain: nic.com
Date: 29 September 2024
1. Executive Summary
cyhex conducted a penetration test on their Web Application in the production environment,
starting on 29 September 2024. This assessment, combining automated tools and manual check
weaknesses in the application that could be exploited. The report details the identified vulnerabilit
their severity, and provides recommendations to mitigate any security risks they might pose.
2. Checklist
- Objective: Identify vulnerabilities
- Scope: Web Application Security
- Methodology: Automated and Manual Testing
- Tools Used: Burp Suite, Nessus, OWASP ZAP
3. Scope
The scope included the following IP Addresses / Systems for vulnerability scanning and penetrati
- nic.com/login
- nic.com/search
4. Conclusions
5. Findings
The above Application shows vulnerabilities, which include Critical, Medium & Low vulnerabilities
Hence, cyhex needs to work on strengthening its URL/Web App’s by implementing the remediatio
6. Tools Used
- Burp Suite (Licensed)
- Nessus (Licensed)
- OWASP ZAP
- Kali Linux (Open Source)

Red Team Engagement Template For Reference
No ratings yet
Red Team Engagement Template For Reference
17 pages
VAPT Report Template
No ratings yet
VAPT Report Template
13 pages
2022-23 VAPT Report-Signed-Signed
No ratings yet
2022-23 VAPT Report-Signed-Signed
23 pages
Penetration Testing Report
No ratings yet
Penetration Testing Report
3 pages
Scoping Questionnaire For Penetration Testing: # Questions Answer Comments
No ratings yet
Scoping Questionnaire For Penetration Testing: # Questions Answer Comments
7 pages
NIST SP 800-53r5 PDF
No ratings yet
NIST SP 800-53r5 PDF
483 pages
OWASP Vulnerability
No ratings yet
OWASP Vulnerability
48 pages
PCI Slides Merged
No ratings yet
PCI Slides Merged
161 pages
Isaca Code of Professional Ethics Is Auditing Standards Is Auditing Guidelines Tools and Techniques
No ratings yet
Isaca Code of Professional Ethics Is Auditing Standards Is Auditing Guidelines Tools and Techniques
20 pages
Vulnerability Management Procedure
No ratings yet
Vulnerability Management Procedure
13 pages
VAPT: - Vulnerability Assessments & Penetration Testing
No ratings yet
VAPT: - Vulnerability Assessments & Penetration Testing
2 pages
Vulnerability Report for Executives
No ratings yet
Vulnerability Report for Executives
14 pages
PEVCCFOA PwCs Cybersecurity Insights For AIF
No ratings yet
PEVCCFOA PwCs Cybersecurity Insights For AIF
30 pages
Securing Web Portals
No ratings yet
Securing Web Portals
12 pages
Rapid7 InsightIDR Product Brief
No ratings yet
Rapid7 InsightIDR Product Brief
2 pages
Isc2 Cissp 1 13 1 Threat Modeling Concepts and Methodologies
No ratings yet
Isc2 Cissp 1 13 1 Threat Modeling Concepts and Methodologies
2 pages
VAPT Interview Questions
No ratings yet
VAPT Interview Questions
33 pages
Isc2 Cissp 1 3 1 Evaluate and Apply Security Governance Principles
No ratings yet
Isc2 Cissp 1 3 1 Evaluate and Apply Security Governance Principles
4 pages
VERITY Brochure
No ratings yet
VERITY Brochure
6 pages
Thesis Pentest-Methods Public
No ratings yet
Thesis Pentest-Methods Public
71 pages
Burp Suite Training Guide (Thoery)
No ratings yet
Burp Suite Training Guide (Thoery)
6 pages
CISSP ISSAP DomainRefresh
No ratings yet
CISSP ISSAP DomainRefresh
8 pages
Project Proposal Template
No ratings yet
Project Proposal Template
4 pages
Compromise Assessment Report 3
No ratings yet
Compromise Assessment Report 3
10 pages
Group Ib Ti en
No ratings yet
Group Ib Ti en
5 pages
Vdocument - in - Iot Penetration Test Report Iot Penetration Test Report Momentum Axel 720p
No ratings yet
Vdocument - in - Iot Penetration Test Report Iot Penetration Test Report Momentum Axel 720p
15 pages
Revised UPI OC 87 - Indicative Guidelines For System Audit Report (SAR) 2
No ratings yet
Revised UPI OC 87 - Indicative Guidelines For System Audit Report (SAR) 2
8 pages
Challenges: PII Discovery, Protection & Privacy
No ratings yet
Challenges: PII Discovery, Protection & Privacy
2 pages
SEBI Cybersecurity Framework Guide
No ratings yet
SEBI Cybersecurity Framework Guide
19 pages
Enabling Protection Against Data Exfiltration by Implementing Iso 27001:2022 Update
No ratings yet
Enabling Protection Against Data Exfiltration by Implementing Iso 27001:2022 Update
17 pages
Pentestreport Romio
No ratings yet
Pentestreport Romio
72 pages
Armenotech PCIDSS AOC
No ratings yet
Armenotech PCIDSS AOC
13 pages
VR 7.5.0 PDF
No ratings yet
VR 7.5.0 PDF
15 pages
MS Security Report Jul-Dec06
No ratings yet
MS Security Report Jul-Dec06
68 pages
Lect 5
No ratings yet
Lect 5
26 pages
Information Security Resiliency Plan
No ratings yet
Information Security Resiliency Plan
11 pages
Understanding Computer Misuse
No ratings yet
Understanding Computer Misuse
25 pages
Security Goals and Mechanisms
No ratings yet
Security Goals and Mechanisms
57 pages
IBA Karachi - VAPT - Revalidation Report
No ratings yet
IBA Karachi - VAPT - Revalidation Report
32 pages
Comprehensive Guide to Penetration Testing
No ratings yet
Comprehensive Guide to Penetration Testing
3 pages
Application Security & Code Review Guide
No ratings yet
Application Security & Code Review Guide
7 pages
Domain 6 Questions
No ratings yet
Domain 6 Questions
6 pages
Cybersecurity Threat Hunting Guide
100% (1)
Cybersecurity Threat Hunting Guide
16 pages
WLAN - Security Risk Assessment and Countermeasures
No ratings yet
WLAN - Security Risk Assessment and Countermeasures
64 pages
Cyber Secure Pakistan 2019 Report
No ratings yet
Cyber Secure Pakistan 2019 Report
23 pages
Web Application Security
No ratings yet
Web Application Security
12 pages
Nexpose Enterprise Edition: Vulnerability Management To Combat Today's Threats
No ratings yet
Nexpose Enterprise Edition: Vulnerability Management To Combat Today's Threats
2 pages
Security Policies
No ratings yet
Security Policies
10 pages
SIEM Use-Cases for PCI DSS Compliance
No ratings yet
SIEM Use-Cases for PCI DSS Compliance
6 pages
certMILS D2.3 Security Architecture Template PU M16
No ratings yet
certMILS D2.3 Security Architecture Template PU M16
24 pages
OWASP Top 10 API Security Risks - 2023
No ratings yet
OWASP Top 10 API Security Risks - 2023
39 pages
Automated Methods For Generating Least Privilege Access Control Policies - Principle of Least Privilege (PoLP)
No ratings yet
Automated Methods For Generating Least Privilege Access Control Policies - Principle of Least Privilege (PoLP)
117 pages
PCIDSS
No ratings yet
PCIDSS
13 pages
Module 11: Security Testing and Assessment
No ratings yet
Module 11: Security Testing and Assessment
8 pages
CTIA Exam Blueprint v1
No ratings yet
CTIA Exam Blueprint v1
13 pages
PCI DSS v4 0 1 DESV S ROC Template
No ratings yet
PCI DSS v4 0 1 DESV S ROC Template
34 pages
Secure Web Application Development Lifecycle Practitioner (SWADLP) Certification
No ratings yet
Secure Web Application Development Lifecycle Practitioner (SWADLP) Certification
10 pages
AuditScripts CIS Controls Master Mappings v7.1b
No ratings yet
AuditScripts CIS Controls Master Mappings v7.1b
3,429 pages
Web App Pen Test Report: bWAPP
No ratings yet
Web App Pen Test Report: bWAPP
21 pages
RockED - Web Application Penetration Testing - Closure Report 3
No ratings yet
RockED - Web Application Penetration Testing - Closure Report 3
43 pages

Cyhex VAPT Report

Uploaded by

Cyhex VAPT Report

Uploaded by

Vulnerability Assessment and Penetration Testing

Web Application Security Report

Client Name: cyhex

You might also like