Penetration Testing
We conduct security tests on enterprise systems based on a hacker’s mindset and attack pattern to identify vulnerabilities in system hosts and programs, and provide advice on fixing and defending against them
The Penetration Testing Service is planned and executed by our professional white hat hacking team. With rich experience in attack and defense exercises, the team simulates various situations that may occur during network hacking attacks, such as system vulnerabilities, program developer blind spots, or administrator negligence, to analyze possible hacking methods and risks.
We plan testing services based on a hacker's mindset and behavioral patterns. We use various hacker software tools and techniques to test the strength of the network security of the tested organization and its system environment and security status at the current stage, discover unknown vulnerabilities in the organization’s system through testing, and provide test reports to fix vulnerabilities and ensure early protection, to prevent attacks before they happen.
Simulate the Hacker Mindset with Rich Experience in Attack and Defense Exercises to Discover Unknown Vulnerabilities Early
Penetration Testing Advantages and Benefits
Professional Penetration Testing Team Formed by White Hat Hackers
ISSDU’s white hat hacking team comprises information security experts who have received professional penetration testing training and obtained multiple international information security certificates. The team serves the financial industry, government agencies, academic institutions, medical institutions, the technology industry, and the manufacturing industry
Penetration Testing from Multiple Perspectives
Through professional tools and the experience of our professional white hat hacking team, we simulate actual hacking behaviors and techniques to assess the risk of real hacking attacks on the overall network environment of enterprises
Professional Test Reports and Consulting Services
We prepare reports describing how security vulnerabilities formed as well as the risk level, test methods, and vulnerability correction methods in compliance with domestic and international security standards to help enterprise customers reduce system security risks
In-depth Vulnerability Discovery
Our professional information security testing personnel connect the attack paths formed by security vulnerabilities to dig deeper for unknown vulnerabilities in enterprise systems without affecting operations
Reducing Enterprises’ Burden of Training Dedicated Personnel to Fight Hackers
Enterprises no longer need to invest a lot of resources into training dedicated personnel to fight hackers. Our professional information security team, with rich experience, can assist customers in performing tests.
Performing Tests according to International Standards
01 OSSTMM (Open Source Security Testing Methodology Manual)
02 OWASP (Open Web Application Security Project)
03 Testing models from multiple perspectives
04 CVSS (Common Vulnerability Scoring System)
05 Tenable’s Vulnerability Priority Rating (VPR)
06 ATT&CK Matrix for Enterprise
Strictly Performing Testing Required by Customers according to International Testing Standards
- Simulate an anonymous Internet user for black-box testing or a legitimate Internet user for gray-box testing
- Simulate a DMZ network user and an intranet user for gray-box testing
- Test trust relationships between network segments: Security testing for online banking, membership systems, and other login mechanisms
Penetration Testing Service Flow
01
Project Initiation
Confirm project requirements, test objects, and execution specifications, complete test environment inspection, and obtain legal authorization for penetration testing from customers.
02
Penetration Testing Execution
Conduct penetration planning, target detection, vulnerability scanning, and penetration testing, or simulate privilege escape attacks, based on customer needs, to dig deep for unknown vulnerabilities.
03
Reports and Consulting Services
Provide a test report containing the entry point, risk level, test method, and patching method of each vulnerability, and offer customers consulting services for vulnerability fixing.
滲透測試常見問題
搜尋體制外之主機或網路設備、安全漏洞檢測、系統不當設定檢測、資訊洩漏檢測、緩衝區溢位檢測、認證跳脫檢測、水平 / 垂直權限跳脫檢測、密碼強度檢測、信任關係檢測、SQL Injection 檢測、XSS 檢測
數聯資安儼僅地看待客戶的機敏資料,我們絕不會把任何客戶檢測資訊洩漏給第三方;所有檢測結果都會以高強度密碼加密發送給客戶,以確保資料的安全性。
現今駭客惡意攻擊的手法變化快速、層次不窮,無法完全保證執行滲透測試後就完全不會遭受新的攻擊入侵。建議單位定期執行檢測,以確保重要系統可以抵擋新型態網路威脅。
依金管會規定金融體系網站每年需執行兩次滲透測試;一般的企業網站或網路服務則建議每年至少執行一次滲透測試。
