Large commercial vulnerability scan software find “known” vulnerabilities or exploits
security_vulnerability_scan.section_system_scan.content
- A、Scanning of network communication ports
- B、Scanning of unpatched known vulnerabilities of operating systems
- C、Testing of unsafe and incorrect settings of the system
- D、Testing of security settings of network services
- E、Scanning of known vulnerabilities of running services that have not yet been updated
- F、Testing of the framework versions of running application programs
- security_vulnerability_scan.section_system_scan.item_7
Performs scanning for website security vulnerabilities on external hosts, items checked must comply with OWASP TOP 10 2021 Items:
- A01 - Broken Access Control
- A02 - Cryptographic Failures
- A03 - Injection
- A04 - Insecure Design
- A05 - Security Misconfiguration
- A06 - Vulnerable and Outdated Components
- A07 - Identification and Authentication Failures
- A08 - Software and Data Integrity Failures
- A09 - Security Logging and Monitoring Failures
- A10 - Server-Side Request Forgery
Perform scanning on external host website security vulnerabilities, the test items must comply with OWASP TOP 10 2021
