Vulnerability Assessment, simplified as “VA”, is an entry level security assessment to identify IT Assets’ security weakness by conducting auto-scanning with combination of professional security tools, followed by manual verification to verify detected vulnerabilities. Targeted IT Assets: All types of IT Assets
Penetration Test
Penetration Test is the most common security assessment to identify IT Assets’ security vulnerabilities. Penetration Test undergoes vulnerability assessment process with combination use of different security assessment tools, and then relies on tester’s competency & experience to manually exploit hidden vulnerabilities which are difficult to be uncovered by VA. Such manual exploitation involves different testing approaches which emulate real-world cyber-attacks. Targeted IT Assets: Network, Server, Firewall, Web Application, Mobile Application (Android & IOS), Desktop Application, API, Cloud Assets etc.
Type of Penetration Tests
Black-box
We also specialize in wechat mini program design & development for various business scene such as F&B food ordering, food delivery, online shopping, travel & hospitality etc.
Grey-box
Grey-box penetration test, refers to test target IT assets with given testing accounts or access, to test and eliminate cyber attack possibilities from both external environment and internal environment as a legitimate user.
White-box
White-box penetration test, is also called “source code audit”, refers to source code level security assessment to exploit security vulnerabilities at source code level. Such assessment involves both tools’ scan as well as manual assessment.
Reverse Engineering Assessment
Reverse engineering is an advanced assessment to identify mobile applications’ security vulnerabilities beside normal penetration test. The assessment relies on manual testing and analysis of information extraction from target mobile app's code, data, and behavior. Targeted IT Assets: Mobile Application (Android & IOS)
Business Scene
Analyze target mobile app’s source code or the executable binary without running the app
Analyze the behavior and output of the assessed mobile app while it is running
Red Team Attack Drill
Red team attack drill, also known as “Red Teaming Exercise”, refers to a group of highly skilled cybersecurity experts to simulate real-world cyber attack to evaluate the effectiveness of an organization’s security defense by all kinds of testing such as penetration test, social engineering etc. The primary goal of read team exercise is to identify security vulnerabilities, security weakness, and potential points of failure within the system, network or overall cybersecurity infrastructure. Such type of advanced security assessment can be either script-based drill to test an organization’s SOC response, or black box pen-test approach to test effectiveness of an organization’s security defense against cyber attack. Such high-end security exercise normally involves participation of organization’s IT security team who is taken as “blue team”.
Objecttive
02
To uncover blind spots hidden in the security defenses chain
01
To gauge organization security team’s response, and overall readiness across the full attack surface
03
To reveal vulnerabilities in a company’s security defense
