Vulnerability Scan Service (VSS) automatically checks your network assets for risks. It enables scheduled security scans, continuous risk alarming, and vulnerability detection in terms of availability, security, and compliance and offers you professional suggestions.
Vulnerability Scan Service
Convenient and accurate vulnerability scan service to make your assets more secure
Overview
Benefits
Comprehensive Vulnerability Scan
Vulnerability Scan Service has an extensive vulnerability rule library that covers the top 10 web vulnerabilities defined by OWASP, such as SQL injection, cross-site scripting (XSS) attack, cross-site request forgery (CSRF), and weak password. It can also efficiently detect 0/1/N-day vulnerabilities.
Overall Asset Support
Vulnerability Scan Service can scan various types of network assets, including servers, websites, and IoT assets, and identify risks based on a vast library of fingerprints. This keeps you well informed of shadow assets and asset changes, so that you can manage your assets more efficiently.
Threat Intelligence Linkage
Leveraging Tencent's big data of threat intelligence accumulated over two decades, Vulnerability Scan Service can detect 0-day/1-day/N-day vulnerabilities, and its security experts follow up on the latest profile of network risks to provide threat intelligence and handling suggestions as soon as any risk is detected. In this way, incubation periods of risks are greatly shortened, and large-scale intrusions are avoided.
Smart Risk Alarming
Vulnerability Scan Service triggers real-time alarms in various ways together with professional handling suggestions when it detects any network asset risks to help you stay up to date and quickly deal with them.
Features
Automatic Asset Discovery
Vulnerability Scan Service efficiently identifies device operating systems, ports, services, and components, so that you can better discover unknown assets as well as manage and control existing ones.
Web Vulnerability Detection
Vulnerability Scan Service protects websites from dozens of common vulnerabilities, such as SQL injection, command injection, code injection, file inclusion, XSS attack, and CSRF attack.
0/1/N-Day Vulnerability Detection
The Vulnerability Scan Service system is preconfigured with thousands of harmless proof of concepts (POCs) tested and audited by Tencent Security engineers to verify: Web application vulnerabilities, Web integration layer vulnerabilities, Database vulnerabilities, OS vulnerabilities, Software service vulnerabilities, IoT device vulnerabilities, Router vulnerabilities, Camera vulnerabilities, Industrial control device vulnerabilities.
Weak Password Detection
Vulnerability Scan Service scans dozens of asset components for weak passwords, including FTP, SSH, RDP, MySQL, Oracle, IMAP, Memcached, and Redis.
Risk Evaluation Report
Vulnerability Scan Service can generate comprehensive multidimensional risk scan reports based on scan results, which cover vulnerability detection and content risks and offer professional repair suggestions.
Scenarios
Website Risk Scan
Server Risk Scan
Mini Program Risk Scan
API Security
IoT Security
Vulnerability Scan Service scans your websites comprehensively to protect them from web vulnerabilities, 0/1/N-day vulnerabilities, availability threats, and weak passwords.
Vulnerability Scan Service can sort out your servers in and off the cloud and scan them for vulnerabilities, service availability issues, and port risks, helping you discover shadow assets and ports. The scan results will be further presented in asset analysis reports and vulnerability reports, together with professional repair suggestions.
Vulnerability Scan Service effectively prevents the core service logic of your WeChat mini programs from being cracked and abused, because it automatically detects generic web services, APIs, and content and hardens virtual machines through JS source code obfuscation.
Vulnerability Scan Service checks APIs for web-layer vulnerabilities, configuration compliance, data leakage, and feature availability, which facilitates your creation of proactive security models based on industry specifications such as OpenAPI as well as a unified API security solution.
Vulnerability Scan Service comes with many types of fingerprints and PoCs for IoT device discovery, vulnerability detection, and firmware security scan. It also provides code obfuscation and instruction-level binary obfuscation schemes based on a diversity of platforms such as ARM.
Pricing
This service is now only available to beta users. To try it out, please contact your sales representative.