Penetration Test

Penetration Test is a method to evaluate the security network system by simulating the attack methods of malicious hackers. This process includes proactive analysis of any weaknesses, technical defects or vulnerabilities in the system. The analysis is conducted from a location where attackers may be present, and from there, they can actively exploit security vulnerabilities, identify the risks that exist in the system, and avoid serious impact on the system.
  • Product Advantages
  • Features
  • Scenarios

Product Advantages

Professional and leading team

Our experts have professional qualifications such as CISP, CISSP, ISO27001, and experience in information system security assessment and assurance services.

Telecom-carrier-level practical capabilities

With reference to international and national norms, we conduct scientific and effective risk assessment of the system. Equipped with scientific and standard service processes, we can provide complete project management and quality assurance.

Controllable security risks

Based on the customer's actual situation, we develop corresponding emergency plans before the evaluation begins, control the risks caused during the evaluation process, and reduce the impact of the penetration test.

Multiple magnitudes of service modes

A diversified service pricing system can meet the service needs of various customers of different scales, enabling organizations to further reduce costs.

Features
Host System Penetration Test Performs penetration tests on Windows, Solaris, AIX, Linux, and other operating systems. Outputs a report and suggestions for rectification and reinforcement for each function, as well as conclusions of retests.
Database System Penetration Test Performs penetration tests on MS-SQL, Oracle, MySQL, Sybase, DB2, Access, and other database application systems.
Application System penetration test Performs penetration tests on WWW applications consisting of various applications provided by the penetration targets, such as Tomcat, ASP, NGINX, JSP, PHP, etc.
Security Risk Detection Performs security penetration tests to detect SQL injection vulnerability, XSS cross-site vulnerability, CSRF cross-site request forgery, cookie injection vulnerability, file upload truncation vulnerability, directory traversal vulnerability, URL redirection vulnerability, online editor vulnerability, website authentication filtering vulnerability.

Scenarios

< >
  • Application system security risk check
  • Security risk perception
  • Proactive prevention in advance
Scenario characteristics
  • Inspect. the customer's application system from the perspective of the attacker, check. whether the security measures for the initial installation, untested launch, and version updates of the business system are effective, and whether all security management measures are implemented.
Issues to address
  • System vulnerabilities and patches
  • Detects and discover security vulnerabilities and business logic vulnerabilities for application systems, and finally submit remediation suggestions and reinforcement references.
  • Operating system user and permission settings
  • Through the business logic of a number of check items, we can prevent the leakage of sensitive information, and propose corrective action.