Security service item
Penetration test services include system network security test, web application system penetration test and database security test.
Content description
System network security test: for network equipment, security equipment and host system, provide weak password detection, authority promotion test, high-risk service and port test, component known vulnerability test, kernel kernel test, and configuration security management test.
Application system penetration test: simulate the behavior of malicious attackers and conduct penetration test on the application system, including attack and utilization test of logical permission vulnerabilities, known components vulnerabilities and web mainstream vulnerabilities; Or provide security test for the newly launched system.
Database security test: check the default configuration of the database, try to test the vulnerability through SQL injection and known software vulnerabilities, find the problems of database permission setting and access control, test the use of data leakage, and check the security audit behavior.
Deliverables
《系统安全渗透测试报告》
System safety penetration test report
Reference standarda
《OWASP Top 10_2017中文版V1.3》
OWASP top 10_2017 Chinese version v1.3
《Web应用安全联合威胁分类标准》(The WASC Threat Classification v2.0)
The WASC threat classification v2.0
《PTES渗透测试执行标准》
Executive standard for PTEs penetration test
《NIST-SP-800-115 Technical Guide to Information Security Testing and Assessment》(NIST-SP-800 信息安全测试与评估技
Nist-sp-800-115 technical guide to information security testing and assessment