Security service item
Penetration test services include system network security test, web application system penetration test and database security test.
Content description
System network security test: for network equipment, security equipment and host system, provide weak password detection, authority promotion test, high-risk service and port test, component known vulnerability test, kernel kernel test, and configuration security management test.
Application system penetration test: simulate the behavior of malicious attackers and conduct penetration test on the application system, including attack and utilization test of logical permission vulnerabilities, known components vulnerabilities and web mainstream vulnerabilities; Or provide security test for the newly launched system.
Database security test: check the default configuration of the database, try to test the vulnerability through SQL injection and known software vulnerabilities, find the problems of database permission setting and access control, test the use of data leakage, and check the security audit behavior.
Deliverables
《系統安全滲透測試報告》
System safety penetration test report
Reference standarda
《OWASP Top 10_2017中文版V1.3》
OWASP top 10_2017 Chinese version v1.3
《Web應用安全聯合威脅分類標準》(The WASC Threat Classification v2.0)
The WASC threat classification v2.0
《PTES滲透測試執行標準》
Executive standard for PTEs penetration test
《NIST-SP-800-115 Technical Guide to Information Security Testing and Assessment》(NIST-SP-800 信息安全測試與評估技
Nist-sp-800-115 technical guide to information security testing and assessment