漏洞扫描服务

发现安全漏洞,消除安全隐患
联系我们

CDNetworks的漏洞扫描服务是一项基于云的解决方案,可发现主机系统和web应用程序中的网络安全漏洞,从而抵御攻击,以及避免代价高昂的数据泄露。CDNetworks漏洞扫描服务使用全面的安全漏洞扫描,生成带有详细说明的应用程序、主机和web安全状态报告,并给出修复已知安全漏洞的建议。

凭借庞大的计算机漏洞数据库,我们的安全专业人员还可以及时跟踪零日漏洞,并发现大量新增安全漏洞。CDNetworks安全团队与CDNetworks漏洞扫描器紧密配合,将主动权掌握在自己手中,分析漏洞扫描并根据扫描结果提供解决方案。

资料库

功能点

丰富的漏洞数据库

CDNetworks拥有一个基于国际CVE标准的全面漏洞数据库,其中包含2000多个漏洞信息并且会实时更新。

高精度

所有扫描结果都会由CDNetworks安全专业人员进行人工验证,以确保最高程度的准确性。

专业指导

CDNetworks安全团队致力于帮助企业在被网络攻击者发现和遭受攻击之前,及时发现并修复安全漏洞。

多维扫描

针对各类企业资产的专业漏洞扫描,包括但不限于web应用程序、主机和中间件。

主机安全

扫描操作系统(OS)和第三方漏洞引起的安全问题,包括身份验证、访问控制和系统漏洞,以及操作系统安全配置。

Web应用程序安全

发现web应用程序中的 OWASP TOP10漏洞、弱密码、CVE漏洞和其他安全缺陷,以提高安全性。

中间件安全

安全漏洞扫描可以检测服务器上运行的中间件版本,并识别中间件组件和资源(如主流web容器、前台开发框架和后台微服务技术堆栈)之间的风险。

如何工作

漏洞扫描使用评估工具来扫描内外网中的系统和网络,以查找服务器主机、web服务和应用程序以及第三方中间件中可能存在的安全风险和漏洞。

Vulnerability Scanner Workflow

常见问题

CDNetworks’ vulnerability scanning service is a cloud-based vulnerability solution that discovers cyber security weaknesses in host systems and web-based applications to safeguard against attacks and avoid costly data breaches. Using comprehensive security vulnerability scans, CDNetworks’ vulnerability scanning service generates reports detailing the state of application, host, and web security, along with recommendations to remedy known security vulnerabilities. Then CDNetworks would double check the security status of system after customers fixed the vulnerabilities following the recommendation.  

Because Network security is dynamic and evolving, and in the process of building and maintaining a security system, vulnerability scanning service can discover various security risks and vulnerability in systems so that you can fix them timely before hackers and illegal person, thereby protecting your assets.

  1. Before the new launch of business systems, detecting security hazards to ensure the safe and stable operation of business systems.
  2. Regular network security self-test and assessment to eliminate security hazards.
  3. Security assessment and effectiveness inspection during network construction or transformation.
  4. Security tests before major events/tasks.
  1. 多维扫描
    针对各类企业资产的专业漏洞扫描,包括但不限于web应用程序、主机和中间件。
  2. 丰富的漏洞数据库
    CDNetworks拥有一个基于国际CVE标准的全面漏洞数据库,其中包含2000多个漏洞信息并且会实时更新。
  3. 高精度
    所有扫描结果都会由CDNetworks安全专业人员进行人工验证,以确保最高程度的准确性。
  4. 专业指导
    CDNetworks安全团队致力于帮助企业在被网络攻击者发现和遭受攻击之前,及时发现并修复安全漏洞。
  1. Server host scanning items
    Port scanning, weak password detection, DNS domain transport vulnerabilities, server fingerprinting, windows SMB remote code execution vulnerabilities, various buffer overflow vulnerabilities, 3389 remote overflow, etc.;
  2. Web service scanning items
    OWASP Top 10 vulnerability scanning (SQL injection, XSS, etc.), various CVE vulnerabilities (buffer overflow, remote command execution), file inclusion vulnerabilities, URL jumping vulnerabilities, directory traversal vulnerabilities, web backend probes, web application fingerprinting, etc.
  3. Middleware detection
    phpmyadmin, tomcat, web logic, etc. weak passwords; MySQL, Oracle, DB2, etc. weak passwords; struts 2 command execution vulnerabilities, web logic deserialization vulnerabilities, various known CVE vulnerabilities, middleware configuration errors, etc.
  1. Domain name (sub-domain) and IP range you need to scan.
  2. Specific scanning time, thread pressure, etc.
  3. Business environment situation, for example, is it accessible to the external network? Is there a security device?