Sign in
Sign in
or
Create a new account
Ningxia Region | Beijing Region
Categories
Your Saved List Become a Channel Partner Sell in Amazon Web Services Marketplace Global Expansion Hub Amazon Web Services Home Help
Amazon Web Services Marketplace China: Penetration Testing
    Listing Thumbnail

    Penetration Testing

     
    Sold by: 安恒信息 
    Through in-depth penetration testing of information systems, it is possible to qualitatively analyze the security of the system from a technical level, find safety hazards in the system, and control the technical safety of the entire target system by effectively verifying the degree of utilization of each safety hazard point. Information systems will become more stable and secure after targeted reinforcement of discovered security hazards.

    Overview

    Information systems are tested for security by simulating the tools and analysis methods used by hackers, and combined with the scan results of intelligent tools, senior engineers conduct in-depth manual testing and analysis to identify problems that cannot be detected by scanning tools. Application system scenarios include web application testing, mobile app testing, WeChat applet & client testing.

    Web application testing is generally divided into remote penetration testing and local penetration testing. Remote penetration testing means that the infiltrator is completely unaware of the system. Usually, the initial information obtained from this type of test comes from DNS, Web, Email, and various public servers. Local penetration testing refers to obtaining various data from the tested unit through normal channels, including network topology, employee data, and even code snippets from websites or other programs, and being able to communicate face-to-face with other employees (sales, programmers, and managers) of the unit. The purpose of this type of testing is to simulate unauthorized actions by employees within an enterprise.

    The mobile app security testing service is performed by senior security service engineers using manual analysis as the main method, assisted by vulnerability detection tools, to ensure that the entire security testing process is within a controllable and adjustable range, fully discover possible security flaws in Android, IOS, WeChat applications, etc., and provide security test reports and improvement suggestions to ensure the application's program security to the greatest extent possible.

    The WeChat Mini Program & Client testing process is the same as the WEB application testing process. Please refer to the WEB Application Testing section. The test mainly includes static analysis, dynamic analysis, client-side database security, server-side testing, etc. The purpose is to analyze whether the applet source code has sensitive information such as passwords, encryption methods, and user information through decompilation tools. On this basis, security risks in WeChat applets and clients are discovered through conventional testing methods such as violent cracking, XSS attacks, and SQL injection.

    Highlights

    • Penetration testing experts from the professional security team Anheng Information have many years of penetration testing experience. The penetration testing team has represented national, provincial and municipal supervisors on many occasions. The team has a large number of certified personnel such as International Registered Information System Security Certification Experts (CISSP), International Information System Auditors (CISA), Information Security Registration Engineers (CISP), Information Security Management System (ISO27001) chief auditors and senior project managers (PMP).
    • Strong vulnerability mining capabilities With the strong vulnerability mining capabilities of penetration testing experts, DBAPPSecurity has accumulated a large number of vulnerability mining results in many fields such as web application security, database security, mobile security, and cloud security. Many of the submitted vulnerabilities were classified as “severe” by CVE, including Struts2 S02-029, Struts 2 S02-032, and Struts2 S02-045, which have a wide range of impacts.
    • Trustworthy security testing tools penetration testing requires the support of safety inspection tools. DBAPPSecurity has a variety of self-developed safety inspection tools, covering the full life cycle service tools for pre-inspection, in-event monitoring, and post-incident emergency response. Among them, Mingjian WEB Application Weakness Scanner and Mingjian Database Weakness Scanner both have international and domestic safety technology patents; they have all passed the inspection of the Ministry of Public Security's Information Security Product Inspection Center and the Ministry of Public Security's Computer Information System Security Product Quality Supervision and Inspection Center.

    Details

    Sold by
    安恒信息 
    Categories
    Premium Support 
    Security 
    Delivery method

    Pricing

    Custom pricing options

    Request private offer
    Pricing is based on your specific requirements and eligibility. To get a custom quote for your needs, request a private offer.

    Legal

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. Amazon Web Services Marketplace China does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Resources

    Vendor resources

    Product official website 

    Support

    Vendor support

    1. Working hours: 7*24 hours; 2. Contact number: 4006059110 to 1; 6. Contact email: anhengcloud@dbappsecurity.com.cn ;