Pain Point: Security vulnerabilities are widespread
Vulnerabilities continue to grow, hacker groups are rampant, and increasingly complex APT attacks, ransomware, and other cyber attacks are emerging in an endless stream. It is difficult to cope with them relying on conventional protection measures, and we need to think about security issues from the attacker's perspective.
Increased system complexity
Diversified attack methods
perspective of attackers
Dynamic network environment
Traditional protection is not enough
Pain Point: Lack of penetration testing talent
Our X-Shield automated penetration testing is an effective solution to normalize penetration testing and to test the network security defense system at all times.
Pain point: Inaccurate identification of security risks
Existing active detection tools cannot draw a complete attack surface? Cannot describe the harmfulness of the attack surface from a business perspective? Cannot confirm the effectiveness of the security defense system for the attack situation? How to know how the attacker attacks?
Insufficient prior prevention
Traditional security operations focus more on in-process response and post-event auditing, and often lack investment in pre-event prevention and awareness.
Unknown Attack How to prevent
Post-evaluation is inaccurate
Traditional security vulnerability scanning focuses more on the number and types of vulnerabilities, but lacks the exploitability of vulnerabilities in specific environments and the actual impact on key businesses.
There is a pressing need to expose security issues below the surface and reveal the actual damage that threat actors can cause by exploiting certain flaws
Our Automated Penetration Test Steps
It integrates AI engines and hacker attack technologies to realize the automatic simulation of hacker attack behaviors with machine programs, independently plan attack paths and methods, and provide users with asset collection, vulnerability discovery, vulnerability verification, and attack behaviors such as exploiting vulnerabilities for expansion in various network environments. It breaks the limitations of traditional manual services and provides continuous security verification services.
1 Determine scope and goals
- Agreed test scope
- Clarify the test objectives
- Confirm test plan
2 Create a task
- Full-scenario penetration attack
- Website penetration attacks
- Intranet environment penetration attack
- Weak credential penetration attacks
3 Asset Collection
- IP address
- domain name
- operating system
- Open Ports
4 Vulnerability Discovery
- Cross-site scripting attacks
- Weak passwords
- SQL Injection
5 Exploitation
- Get access
- Privilege Escalation
- Get control permissions
6 Lateral movement
- Try to jointly exploit and gain control of the server
7 Generate Report
- Custom reports
- Developer Report
- Summary Report
Product Features
Attack surface mining
Automatically identify attack surface information such as port services.
Vulnerability detection and verification
Automatically detect and verify various system vulnerabilities and WEB application vulnerabilities.
Simulating attacks and risk forensics
Automatically generate vulnerability exploit payloads, simulate attacks on vulnerabilities, and implement simulated attacks and risk forensics on target systems.
Intelligent penetration testing
Autonomous decision-making explores all possible attack path chains, automatically executing iterative attacks and lateral movement.
Risk Visualization and Reporting
The entire penetration attack process is visualized in the form of an attack chain diagram, clearly showing the penetration process and the location of key risk points.
Our Auto PenTest vs Traditional Test
| category | Automated penetration testing | Traditional Penetration Testing | Traditional Red Team Testing | Vulnerability Scanning |
|---|---|---|---|---|
| Exploitation | Automatic use of the system | Manual Exploitation | Manual Exploitation | Not supported |
| Test method | automation | manual | manual | automation |
| Evaluation frequency | continuous | regular | regular | regular |
| Test range | Covering all assets | Specific systems and applications | Overall Enterprise | Cover all assets |
| Attack link | Full Link | No coverage | Full Link | No coverage |
| Evaluate costs | Low | high | Very high | middle |
| Speed efficiency | Short time consumption | Long time | Long time | Short time consumption |
| Quantitative indicators | Quantifiable | Limited Quantification | Limited Quantification | Limited Quantification |
| Test results | Low false alarm rate | Depends on the level of the tester | Depends on the level of the tester | High false positive rate |
| Requirements for testers | Low | high | high | Low |
Product Function - Infiltration Mission Report
The penetration test report fully records the penetration process and security results, and supports HTML, WORD, PDF and other formats.
Main contents of the report:
- Task Summary Information
- Task Execution Summary
- System risk assessment
- Vulnerability Information Details
- Attack Analysis
- Solution
