Pre-requisites for Web App VAPT

To ensure a smooth and comprehensive Web Application Vulnerability Assessment & Penetration Testing (VAPT), please provide the following:

Mandatory:

Scope URL

• Share a non-production environment URL (preferably QA or Staging).

User Roles & Credentials

• Provide login credentials for all relevant user roles (e.g., admin, user, etc.).

Requirements for the Automated Scanner

Automated scanning is a core part of our Pentest process. Results from the automated scan will typically be available within 24 hours, and our manual testing builds upon these results to uncover deeper and more complex vulnerabilities.

OTP/Authenticator Flows

• For login flows involving OTP, authenticator apps, or magic links:

  • Ideally, provide a static OTP or a mechanism to bypass the flow.

  • This enables our scanners to perform authenticated testing effectively.

API Integration

• Base URL of your API (if any).

Open API Specification

• Open API Spec file in JSON/YAML format.

Providing these items helps enhance the depth and accuracy of the security assessment.