Hello,
I am currently providing my VAPT services to DataCenter and few hosting companies, I have over 5 years of experience in VAPT, for your application we will do both Black Box and White Box VAPT to get more result. Initially, we will do BlackBox and then White Box. Below is a basic idea of what I will do
Black Box:
In Black Box testing I don't need access to your server and website code and will try to do VAPT as an anonymous hacker, this will help us to get the result of how secure your network, firewall, and WAF is? Different types of attack e.g DoS, Bruteforce on the server, Server Scanning, Exploitations, Web application Bruteforce, LFI, RFI, Path Traversal, and CDC will be performed.
White Box:
Once Black Box is done we can proceed with white box VAPT for this I will need access to your server and code, I will analyze the security of code and server and will provide you a detailed report on their security and what changes we can do.