QRPF

Qseap’sRemote Pentesting Framework is created to address a specific issue of most enterprises today. To create a secure, data leakage proof setup, that can be accessed by a remote user to conduct pentesting activities in an organization. QRPF can be used by multiple vendors connecting to organization network over VPN, without any need of installing pentest tools or software’s.

Problems Solution
Restriction of onsite consultants due to Pandemic situation. Enables remote access to conduct Pentesting of internal applications in a secured environment, eliminating the troubles of calling onsite consultants.
Fear of data loss/exposure to vendors while testing internal critical applications through VPN/ Remote connecting applications. Encrypted Access from anywhere, eliminating the possibilities of data loss/exposure.
Inability to provision appropriate tools required for pentesting for fear of abuse. Provision of customized machines with specific tools to full fledged pentesting OS at the click of a button.
Longer wait times to provide systems access to vendors. Multiple Vendors can access machines for various tests.

Deployment of Product

  • ● Deployment is as easy as loading a Virtual Machine Image file into Vsphere/ESXI or other virtualization platforms.Setup is available in OVA, VDI, VMDK images.
  • ● Based on the type of underlying OS (Debian/Windows), our VDI will contain our proprietary software’s with docker containers. In case of Windows OS, licenses should be provided by customer.
  • ● Containers will be customized to have the approved list of tools for pentesting.
  • ● VM will automatically start the required services and provide a web UI to a user connecting from remote machine.Only port 443/80 is required to be open for intended users.
  • ● Pentesters can access the containers via a web browser and perform pentesting from within their browser.
  • ● Support provided if needed to be installed on Bare-Metal Hardware.
  • ● Customers can upload multiple VMs and assign user access to VM’s through admin module of web GUI of applications

Sample HLD for RPF Setup