Information Security Audit

Vulnerability Assessment and Penetration Testing Services (VAPT)


Vulnerability Assessments are a process of identifying, quantifying, and prioritizing vulnerabilities in a system. A vulnerability refers to the inability of the system to withstand the effects of a hostile environment.

Penetration Tests are a method of evaluating computer and network security simulating attacks on a computer system or network from external and internal threats.They are usually defined by a given test objective.

VAPT is a process in which the Information & Communication Technologies (ICT) infrastructure consists of computers, networks, servers, operating systems and application software are scanned in order to identify the presence of known and unknown vulnerabilities. As many as 70% of web sites have vulnerabilities that could lead to the theft of sensitive corporate data such as credit card information, product IP, customer lists etc. Hackers are concentrating their efforts on web-based applications - shopping carts, forms, login pages, dynamic content, etc.


As the IT Scenario is changing, it is opening up new internet security challenges being faced by many organizations. Conducting business transactions over the internet (online) has always been a risk. It’s a world of unforeseen traps, with vulnerabilities and threats manifesting themselves in the least expected place, at the least expected hour.

These challenges are required to be addressed by framing appropriate security policies, application of the controls and regular review & monitoring of the controls to ensure organization’s information in protected. The VAPT audits need to be carried out periodically to ensure compliance to the set policy, the controls and adequacy of these controls to address all types of threats.




  • Comprehensive Testing for Applications and Networks
  • Identifies the weakest link in the chain
  • Eliminates false positives and prioritizes real threats
  • Detection of attack paths missed through manual testing. Facilitates regular and frequent scans
  • Secures against business logic flaws
  • Increased ROI on IT security


Being STPI is a Govt of India body, its prime objective is to support the industry to enable them to conduct their business in a more secured manner, maintain the CIA of the valuable data and reduce business losses caused due to various information threats & attacks.

STPI is now CERT-In empanelled and possesses vast experience in conducting VAPTs across various organization’s ICT infrastructure comprehensively and recommending the cost effective solution to fix the same. STPI is having about 50 qualified & skilled resources who are trained & certified to conduct the VAPT pan India.

STPI’s VAPT Services have meant for quality process, simple & committed to deliver within the agreed timelines.


  1. Wireshark
  2. Nmap
  3. OpenVas
  4. AirCrack
  5. MetaSploit
  6. Nessus
  7. Nipper Studio
  8. Commercial Retina Scanner
  9. Aquinetix
  10. Nikto
  11. Safe3 scanner
  12. Websecurify
  13. BackTrack


Depending on the size of the ICT infrastructure that need to be audited, STPI will work out the services charges, which is very competitive.


Ph: +91-80-6618 6136 

Email: blr[dot]evapt[at]stpi[dot]in

Back to Top