My First Cybersecurity Writeup – VAPT Experience
Overview This is my first real-world cybersecurity VAPT experience inside an enterprise insurance company environment. I worked across network infrastructure, web applications, internal devices, and physical security — and learned how professional security assessments are actually performed beyond labs and CTFs. Introduction I am a cybersecurity enthusiast focused on SOC operations, web application penetration testing, and vulnerability assessment. In this engagement, I worked on assessing the security posture of an insurance company across its network infrastructure, devices, web applications, and physical security controls. This was my first real-world experience working in an enterprise environment, and initially I was not fully confident about the workflow. However, with the guidance and support of my senior, I was able to understand the process step by step and actively contribute to the assessment. Objective Identify security vulnerabilities across network, web, and internal systems Assess exposure of critical assets Analyze potential attack paths in the environment Evaluate basic physical security controls Scope of Work Network infrastructure assessment Web application security testing Device-level security review Basic physical security evaluation Tools Used Nessus (vulnerability scanning) Burp Suite (web application testing & request interception) Nmap (network discovery & port scanning) GVM / OpenVAS (vulnerability assessment) OWASP ZAP (automated web scanning) Wireshark (packet analysis & traffic inspection) Approach / Methodology Performed network discovery using Nmap to identify active hosts and open ports Conducted vulnerability scanning using Nessus and GVM to detect known security issues Analyzed web application behavior using Burp Suite and OWASP ZAP Intercepted and inspected HTTP/HTTPS traffic to understand request/response flow Used Wireshark to analyze packet-level communication and detect anomalies Evaluated system exposure across internal devic