Penetration Testing

We conduct security tests on enterprise systems based on a hacker’s mindset and attack pattern to identify vulnerabilities in system hosts and programs, and provide advice on fixing and defending against them

The Penetration Testing Service is planned and executed by our professional white hat hacking team. With rich experience in attack and defense exercises, the team simulates various situations that may occur during network hacking attacks, such as system vulnerabilities, program developer blind spots, or administrator negligence, to analyze possible hacking methods and risks.

We plan testing services based on a hacker's mindset and behavioral patterns. We use various hacker software tools and techniques to test the strength of the network security of the tested organization and its system environment and security status at the current stage, discover unknown vulnerabilities in the organization’s system through testing, and provide test reports to fix vulnerabilities and ensure early protection, to prevent attacks before they happen.

Simulate the Hacker Mindset with Rich Experience in Attack and Defense Exercises to Discover Unknown Vulnerabilities Early

Penetration Testing Advantages and Benefits


Professional Penetration Testing Team Formed by White Hat Hackers

ISSDU’s white hat hacking team comprises information security experts who have received professional penetration testing training and obtained multiple international information security certificates. The team serves the financial industry, government agencies, academic institutions, medical institutions, the technology industry, and the manufacturing industry

Penetration Testing from Multiple Perspectives

Through professional tools and the experience of our professional white hat hacking team, we simulate actual hacking behaviors and techniques to assess the risk of real hacking attacks on the overall network environment of enterprises

Professional Test Reports and Consulting Services

We prepare reports describing how security vulnerabilities formed as well as the risk level, test methods, and vulnerability correction methods in compliance with domestic and international security standards to help enterprise customers reduce system security risks

In-depth Vulnerability Discovery

Our professional information security testing personnel connect the attack paths formed by security vulnerabilities to dig deeper for unknown vulnerabilities in enterprise systems without affecting operations

Reducing Enterprises’ Burden of Training Dedicated Personnel to Fight Hackers

Enterprises no longer need to invest a lot of resources into training dedicated personnel to fight hackers. Our professional information security team, with rich experience, can assist customers in performing tests.

Performing Tests according to International Standards

01 OSSTMM(Open Source Security Testing Methodology Manual)

02 OWASP(Open Web Application Security Project)

03 Testing models from multiple perspectives

04 CVSS (Common Vulnerability Scoring System)

05 Tenable 提出漏洞優先順序評分 (Vulnerability Priority Rating, VPR)

06 ATT&CK Matrix for Enterprise


Strictly Performing Testing Required by Customers according to International Testing Standards

  • Simulate an anonymous Internet user for black-box testing or a legitimate Internet user for gray-box testing
  • Simulate a DMZ network user and an intranet user for gray-box testing
  • Test trust relationships between network segments: Security testing for online banking, membership systems, and other login mechanisms

Penetration Testing Service Flow

01

Project Initiation

Confirm project requirements, test objects, and execution specifications, complete test environment inspection, and obtain legal authorization for penetration testing from customers.

02

Penetration Testing Execution

Conduct penetration planning, target detection, vulnerability scanning, and penetration testing, or simulate privilege escape attacks, based on customer needs, to dig deep for unknown vulnerabilities.

03

Reports and Consulting Services

Provide a test report containing the entry point, risk level, test method, and patching method of each vulnerability, and offer customers consulting services for vulnerability fixing.

滲透測試常見問題

搜尋體制外之主機或網路設備、安全漏洞檢測、系統不當設定檢測、資訊洩漏檢測、緩衝區溢位檢測、認證跳脫檢測、水平 / 垂直權限跳脫檢測、密碼強度檢測、信任關係檢測、SQL Injection 檢測、XSS 檢測

數聯資安儼僅地看待客戶的機敏資料,我們絕不會把任何客戶檢測資訊洩漏給第三方;所有檢測結果都會以高強度密碼加密發送給客戶,以確保資料的安全性。

現今駭客惡意攻擊的手法變化快速、層次不窮,無法完全保證執行滲透測試後就完全不會遭受新的攻擊入侵。建議單位定期執行檢測,以確保重要系統可以抵擋新型態網路威脅。

多久需要執行一次滲透測試?

依金管會規定金融體系網站每年需執行兩次滲透測試;一般的企業網站或網路服務則建議每年至少執行一次滲透測試。

ISSDU Provides You with Services that Fit Your Industry and Needs

We offer customized i nformation security testing services