PENETRATION TEST

PENETRATION TEST

Venustech has provided not only secure and reliable information security products, but also various types of security services for customers in the past 20 years. As one of the main security service types provided by Venustech, penetration testing relies on Venustech's ADLab (ADLab is one of the earliest research institutes for attack and defense technology established in China's security industry. It is a core member of the Microsoft MAPP program and the first spur of the concept of "Black Sparrow Attack". Up to now, ADLab has released nearly 400 vulnerabilities in Windows, Linux, Unix and other operating systems through CVE) and post-doctoral workstation's research and mining.

Introduction

As one of the most influential comprehensive information security vendors, Venustech has provided not only secure and reliable information security products, but also various types of security services for customers in the past 22 years. 

Venustech once provided exclusive security services for Beijing 2008 Olympic Games, Shanghai World Expo 2010, Guangzhou Asian Games 2010, Beijing APEC Summit 2014, and 2016 G20 Hangzhou Summit. 

As the exclusive information security service provider for Beijing Olympic Games, Venustech security service team completed penetration testing on 5,000 objects, discovered 10,000 advanced vulnerabilities, monitored 10 million security events, and performed 5,800 emergency responses.


.


Venustech security service team currently has 200 members, 60% of them are senior technical engineers with more than 8 year experience in security services. In addition, more than 90% of the members have the ISO27001LA, CISA, CISSP, CCIE, CCIE Security, and CISP certifications.


User Reference

The major customer of Venustech’s Pen testing service are covered all state-owned bank and some of commercial banks, government agency, Finance, Energy, ISP and state-owned tobacco company. Customer usually would like to establish the cooperation on security service with Venustech for several years as the exclusive service provider. 

Except white/black box test and Pen testing for conventional IT system,  Venustech’s Pen testing service also  provides sufficient capability on IoT, Mobile Internet, Intelligent Manufacturing and Industrial Control. This year, Venustech has become to GM and Shanghai Motor’s security partner in Internet of Vehicles area.


Penetration Testing Content

By fully borrowing the conventional black-box testing method, penetration testing can assess the potential security risks that exist in the application services of information system and the communication protocols, and reflect current security status faced by the information system in a straightforward way. 

● In-depth Web Penetration Test

● Security Test for Mobile Applications 

● Vulnerability Scanning

● Benchmark Guide

Penetration Testing Technology and Objects

● App base on iOS and Android

● Operating systems such as Windows, Linux, and Unix
● Security management platforms
● Network devices such as switches and servers
● Databases such as Oracle and MySQL
● Middleware and framework components such as Apache, Tomcat, and Nginx 

Service Procedure