Large commercial vulnerability scan software find “known” vulnerabilities or exploits
Test the security of the open port numbers of the host server and the services running on them to see whether the test items match the vulnerabilities announced by CVE; the risk level is assessed according to CVSS v3.1 and must at least include the following items:
security_vulnerability_scan.section_system_scan.content
- A、Scanning of network communication ports
- B、Scanning of unpatched known vulnerabilities of operating systems
- C、Testing of unsafe and incorrect settings of the system
- D、Testing of security settings of network services
- E、Scanning of known vulnerabilities of running services that have not yet been updated
- F、Testing of the framework versions of running application programs
- security_vulnerability_scan.section_system_scan.item_7
Performs scanning for website security vulnerabilities on external hosts, items checked must comply with OWASP TOP 10 2021 Items:
- A、OWASP TOP 10 2021 - Broken Access Control
- B、OWASP TOP 10 2021 - Cryptographic Failures
- C、OWASP TOP 10 2021 - Injection
- D、OWASP TOP 10 2021 - Insecure Design
- E、OWASP TOP 10 2021 - Security Misconfiguration
- F、OWASP TOP 10 2021 - Vulnerable and Outdated Components
- G、OWASP TOP 10 2021 - Identification and Authentication Failures
- H、OWASP TOP 10 2021 - Software and Data Integrity Failures
- I、OWASP TOP 10 2021 - Security Logging and Monitoring Failures
- J、OWASP TOP 10 2021 - Server-Side Request Forgery
Perform scanning on external host website security vulnerabilities, the test items must comply with OWASP TOP 10 2021
