Overview

Vulnerability Scan Service (VSS) automatically checks your network assets for risks. It enables scheduled security scans, continuous risk alarming, and vulnerability detection in terms of availability, security, and compliance and offers you professional suggestions.

Benefits
Comprehensive Vulnerability Scan

Vulnerability Scan Service has an extensive vulnerability rule library that covers the top 10 web vulnerabilities defined by OWASP, such as SQL injection, cross-site scripting (XSS) attack, cross-site request forgery (CSRF), and weak password. It can also efficiently detect 0/1/N-day vulnerabilities.

Overall Asset Support

Vulnerability Scan Service can scan various types of network assets, including servers, websites, and IoT assets, and identify risks based on a vast library of fingerprints. This keeps you well informed of shadow assets and asset changes, so that you can manage your assets more efficiently.

Threat Intelligence Linkage

Leveraging Tencent's big data of threat intelligence accumulated over two decades, Vulnerability Scan Service can detect 0-day/1-day/N-day vulnerabilities, and its security experts follow up on the latest profile of network risks to provide threat intelligence and handling suggestions as soon as any risk is detected. In this way, incubation periods of risks are greatly shortened, and large-scale intrusions are avoided.

Smart Risk Alarming

Vulnerability Scan Service triggers real-time alarms in various ways together with professional handling suggestions when it detects any network asset risks to help you stay up to date and quickly deal with them.

Features
Automatic Asset Discovery

Vulnerability Scan Service efficiently identifies device operating systems, ports, services, and components, so that you can better discover unknown assets as well as manage and control existing ones.

Web Vulnerability Detection

Vulnerability Scan Service protects websites from dozens of common vulnerabilities, such as SQL injection, command injection, code injection, file inclusion, XSS attack, and CSRF attack.

0/1/N-Day Vulnerability Detection

The Vulnerability Scan Service system is preconfigured with thousands of harmless proof of concepts (POCs) tested and audited by Tencent Security engineers to verify: Web application vulnerabilities, Web integration layer vulnerabilities, Database vulnerabilities, OS vulnerabilities, Software service vulnerabilities, IoT device vulnerabilities, Router vulnerabilities, Camera vulnerabilities, Industrial control device vulnerabilities.

Weak Password Detection

Vulnerability Scan Service scans dozens of asset components for weak passwords, including FTP, SSH, RDP, MySQL, Oracle, IMAP, Memcached, and Redis.

Risk Evaluation Report

Vulnerability Scan Service can generate comprehensive multidimensional risk scan reports based on scan results, which cover vulnerability detection and content risks and offer professional repair suggestions.

Scenarios

Vulnerability Scan Service scans your websites comprehensively to protect them from web vulnerabilities, 0/1/N-day vulnerabilities, availability threats, and weak passwords.

Vulnerability Scan Service can sort out your servers in and off the cloud and scan them for vulnerabilities, service availability issues, and port risks, helping you discover shadow assets and ports. The scan results will be further presented in asset analysis reports and vulnerability reports, together with professional repair suggestions.

Vulnerability Scan Service effectively prevents the core service logic of your WeChat mini programs from being cracked and abused, because it automatically detects generic web services, APIs, and content and hardens virtual machines through JS source code obfuscation.

Vulnerability Scan Service checks APIs for web-layer vulnerabilities, configuration compliance, data leakage, and feature availability, which facilitates your creation of proactive security models based on industry specifications such as OpenAPI as well as a unified API security solution.

Vulnerability Scan Service comes with many types of fingerprints and PoCs for IoT device discovery, vulnerability detection, and firmware security scan. It also provides code obfuscation and instruction-level binary obfuscation schemes based on a diversity of platforms such as ARM.

Pricing

This service is now only available to beta users. To try it out, please contact your sales representative.