The rapid increase of the machinery whether its mobile or computer systems have brought more advance and efficient Windows, Web and Mobile applications but it also increases the complexity in systems which ultimately leads to vulnerabilities that attackers use to exploit the victim systems. In decades, the uses of web applications and web hacking activities have been amplified swiftly. In today's world organizations and institution find themselves in complex situation for securing their system and data from increasing vulnerabilities that is why it would be better to discover and identify these vulnerabilities in advance before attacker can exploit them. Thus vulnerability assessment and penetration testing techniques helps it to determine whether the arrangements in securing system are working properly or not by fixing those security gaps This paper will be on discussing and analyzing about life cycle of VAPT process and VAPT tools for finding vulnerabilities in system. We will also focus its importance at various organizational levels for adoption requirement of updating security measures in order to provide protection from various cyber-attacks.