功能点
丰富的漏洞数据库
CDNetworks拥有一个基于国际CVE标准的全面漏洞数据库,其中包含2000多个漏洞信息并且会实时更新。
高精度
所有扫描结果都会由CDNetworks安全专业人员进行人工验证,以确保最高程度的准确性。
专业指导
CDNetworks安全团队致力于帮助企业在被网络攻击者发现和遭受攻击之前,及时发现并修复安全漏洞。
多维扫描
针对各类企业资产的专业漏洞扫描,包括但不限于web应用程序、主机和中间件。
主机安全
扫描操作系统(OS)和第三方漏洞引起的安全问题,包括身份验证、访问控制和系统漏洞,以及操作系统安全配置。
Web应用程序安全
发现web应用程序中的 OWASP TOP10漏洞、弱密码、CVE漏洞和其他安全缺陷,以提高安全性。
中间件安全
安全漏洞扫描可以检测服务器上运行的中间件版本,并识别中间件组件和资源(如主流web容器、前台开发框架和后台微服务技术堆栈)之间的风险。
如何工作
漏洞扫描使用评估工具来扫描内外网中的系统和网络,以查找服务器主机、web服务和应用程序以及第三方中间件中可能存在的安全风险和漏洞。
常见问题
What is CDNetworks’ Vulnerability Scanning Service?
CDNetworks’ vulnerability scanning service is a cloud-based vulnerability solution that discovers cyber security weaknesses in host systems and web-based applications to safeguard against attacks and avoid costly data breaches. Using comprehensive security vulnerability scans, CDNetworks’ vulnerability scanning service generates reports detailing the state of application, host, and web security, along with recommendations to remedy known security vulnerabilities. Then CDNetworks would double check the security status of system after customers fixed the vulnerabilities following the recommendation.
Why do I need a Vulnerability Scanning Service?
Because Network security is dynamic and evolving, and in the process of building and maintaining a security system, vulnerability scanning service can discover various security risks and vulnerability in systems so that you can fix them timely before hackers and illegal person, thereby protecting your assets.
What are the applicable scenarios for CDNetworks' Vulnerability Scanning Service?
- Before the new launch of business systems, detecting security hazards to ensure the safe and stable operation of business systems.
- Regular network security self-test and assessment to eliminate security hazards.
- Security assessment and effectiveness inspection during network construction or transformation.
- Security tests before major events/tasks.
What are the advantages of CDNetworks' Vulnerability Scanning Service?
- 多维扫描
针对各类企业资产的专业漏洞扫描,包括但不限于web应用程序、主机和中间件。 - 丰富的漏洞数据库
CDNetworks拥有一个基于国际CVE标准的全面漏洞数据库,其中包含2000多个漏洞信息并且会实时更新。 - 高精度
所有扫描结果都会由CDNetworks安全专业人员进行人工验证,以确保最高程度的准确性。 - 专业指导
CDNetworks安全团队致力于帮助企业在被网络攻击者发现和遭受攻击之前,及时发现并修复安全漏洞。
What is the main content of CDNetworks' Vulnerability Scanning Service?
- Server host scanning items
Port scanning, weak password detection, DNS domain transport vulnerabilities, server fingerprinting, windows SMB remote code execution vulnerabilities, various buffer overflow vulnerabilities, 3389 remote overflow, etc.; - Web service scanning items
OWASP Top 10 vulnerability scanning (SQL injection, XSS, etc.), various CVE vulnerabilities (buffer overflow, remote command execution), file inclusion vulnerabilities, URL jumping vulnerabilities, directory traversal vulnerabilities, web backend probes, web application fingerprinting, etc. - Middleware detection
phpmyadmin, tomcat, web logic, etc. weak passwords; MySQL, Oracle, DB2, etc. weak passwords; struts 2 command execution vulnerabilities, web logic deserialization vulnerabilities, various known CVE vulnerabilities, middleware configuration errors, etc.
What kind of information do I need to provide if I have already purchased CDNetworks' Vulnerability Scanning Service?
- Domain name (sub-domain) and IP range you need to scan.
- Specific scanning time, thread pressure, etc.
- Business environment situation, for example, is it accessible to the external network? Is there a security device?