tencent cloud

What is PTS?

Penetration Test Service (PTS) simulates attack and vulnerability discovery techniques used by hackers to thoroughly check the security of target systems and locate their most vulnerable parts.

Is a penetration test the same as a system intrusion?

No. Unlike hacker intrusions, such tests are authorized by you to discover vulnerabilities in targets and network devices through controllable, non-destructive methods and means, helping you stay up to date with what your business is facing.

What are the risks that a penetration test poses to my business system?

A test may bring foreseeable and unforeseeable risks. Therefore, the implementation team will take risk avoidance measures before performing the test to avoid severely affecting the system, such as:

• Perform the test on a testing rather than production system.
• Communicate and confirm with the business system owner before performing a risky test.
• Perform the test during off-peak hours.
• Immediately stop the test and restore the system if an exception occurs during the test.

Will PTS cause sensitive data leakage?

No. Tencent Cloud will sign a non-disclosure agreement before implementing a penetration test and strictly control access to the devices and information used by security personnel so as to maintain the strict confidentiality of your data.

Will Tencent Cloud support fixing vulnerabilities discovered by PTS that I cannot fix on my own?

Yes. After a penetration test is completed, a professional test report will be generated and delivered to you, which will provide suggestions on fixing the discovered vulnerabilities. If the vulnerabilities persist, Tencent Cloud will answer your questions and assist you in fixing them.

How long does a penetration test generally take?

The time a penetration test takes varies by application type (web, app, or binary file) and the number of features. It generally takes no more than ten days to test a single application.

What will Tencent Cloud do before performing a penetration test?

• Understand your system network architecture.
• Determine your network security strength.
• Confirm the penetration targets.
• Ask you whether you have backed up your data.
• Select tools for the penetration test.
• Schedule the test.
• Ask you to sign a letter of authorization for the test.

Can PTS be implemented on site?

Yes. PTS is generally implemented on site over the private network and can also be implemented remotely over the public network. The on-site implementation is more expensive than remote implementation though.

What applications is PTS designed for?

PTS can test web application systems and iOS/Android apps.

Does PTS provide vulnerability retests?

PTS will regressively retest the application on the same version for the identified vulnerabilities three times free of charge to ensure that they have been completely fixed.