The system performs penetration testing for traditional operating systems, network devices, firewalls, remote services, and other system vulnerabilities. The product also provides a security assessment report to fix vulnerabilities in the early stage of attacks as prevention.
Based on the OWASP TOP10 standard, VM System simulates hacker penetration attacks and evaluates SQL injection, XSS cross-site scripting, information leakage, network crawling, directory traversal, and other Web attack methods.
The system includes a weak password dictionary and can automatically detects whether similar passwords, simple passwords, default password etc. The system also provides a detailed report of the weak password for the customer.
Capable of database vulnerability detection, capable of detecting common databases such as Oracle, Sybase, SqlServer, DB2, MySQL, Postgres, and provides login scanning function, comprehensive discovery of database vulnerability information.
Check the configuration of systems such as operating systems, databases, network devices, etc., and check if the configuration meets the standard. It can also automatically start software execution process compliance testing."
The platform integrates System scan + WEB scan + database detection + weak password detection + baseline check, in a multi-detection engine for all-round scanning and detection.
Including detection rules covering operating systems, databases, accounts, mobile devices, network devices, cloud security, web security, etc.
Combined with CVE, Bugtraq, CVSS and other authoritative vulnerability detection standards, to conduct accurate results.
By comparing the results between different time periods or different asset groups, the system can quickly map and follow up.