在安全领域和在生活中一样,最难指出的弱点是你自己. 幸运的是,我们可以彻底记录你所有的缺点. 事实上,这是我们的工作. And that’s a good thing: Knowing your vulnerabilities—和 the ways in which attackers could exploit them—is one of the greatest insights you can get in improving your security program. 考虑到这一点, Rapid7’s 渗透测试服务 team will simulate a real-world attack on your networks, 应用程序, 设备, 和/or people to demonstrate the security level of your key systems 和 infrastructure 和 show you what it will take to strengthen it. Much like your mom, we don't highlight your failings because it bothers you—we do it because we care.
我们能帮什么忙??
Let our experts simulate an attack on your network to show you your weaknesses (和 how to bolster them).
联系我们远远超过安全专家
阻止攻击者的最好方法是像攻击者一样思考和行动. 这就是为什么, 不像很多保安公司, we don’t hire recent grads or people with more experience in IT than security as pen testers. 相反,我们发现好人知道坏事. 比如自动取款机黑客, 多功能打印机开发, 汽车无钥匙进入攻击, 端点保护旁路技术, 射频识别克隆, 绕过安全警报系统,你懂的. 还有那些人? 他们不仅仅是安全专家,他们是真正的黑客.
To stay perpetually one step ahead of attackers—和 help others do the same—our testers devote 25% of their time to conducting research 和 contribute to the security community, 出版的文章, 在会议上发言, 开发和发布开源测试工具, 以及编写流行的Metasploit模块. (Bonus: Since we own Metasploit, our pen testers get unparalleled access to the most widely used 渗透测试工具 在这个世界上.)
修复什么,何时修复,如何修复
The best you can hope for from most penetration tests is a long list of problems with little context on how to fix them or w在这里 to start. 有帮助的,对吧? Rapid7提供了问题的优先级列表, based on the exploitability 和 impact of each finding using an industry-st和ard ranking process.
你还能指望什么呢?? 每个发现的详细描述和概念证明, 以及一个可行的补救计划. And because we underst和 that risk severity is only one factor in prioritizing remediation efforts, 我们还将深入了解修复这些发现所需的努力程度. 此外,您还将收到:
- 一个带你经历复杂连锁攻击的攻击故事板
- Scorecards that compare your environment with best practices from an attacker’s perspective
- 积极的调查结果表明您拥有哪些有效的安全控制
遵从性是良好安全性的副产品
我们相信良好的安全性会带来良好的合规性. That's why everything we do—from our investment 和 commitment in Metasploit to our new attacker analytics products—is focused on helping you better underst和 attackers 和 how to defend against them. This extends to our penetration testing services; every company’s network 和 challenges are unique, so our penetration testers tailor their methods 和 attack vectors for each engagement. 我们也会定期对自己的网络和产品进行渗透测试, 以确保它们在检测真实世界的攻击时始终处于最新状态.
我们的渗透测试服务
Rapid7提供了一系列的渗透测试服务来满足您的需求. 找不到你要找的东西? 联系了解我们的定制解决方案.
-
网络渗透测试服务-外部或内部
We simulate real-world attacks to provide a point-in-time assessment of vulnerabilities 和 threats to your network infrastructure.
-
Web应用渗透测试服务
In addition to the 开源安全测试方法手册(OSSTMM) 和 the 渗透测试 Execution St和ard (PTES) Rapid7’s 应用程序 penetration testing service leverages the Open Web Application Security Project (OWASP), 用于评估基于web的应用程序安全性的综合框架, 作为我们web应用程序评估方法的基础.
-
移动应用渗透测试服务
随着移动应用程序的广泛使用不断增长, 消费者和企业发现自己面临着隐私方面的新威胁, 不安全的应用集成, 以及设备盗窃. We go beyond looking at API 和 web vulnerabilities to examine the risk of the 应用程序 on a mobile platform. 我们利用开放Web应用程序安全项目(OWASP), 开源安全测试方法手册(OSSTMM), 和 渗透测试 Execution St和ard (PTES) methodologies to thoroughly assess the security of mobile 应用程序.
-
物联网和互联网感知设备测试
互联网感知设备从无所不在, 商用物联网(IoT)设备和系统到汽车, 医疗保健和关键任务工业控制系统(ICS). Our testing goes beyond basic device testing to consider the entire ecosystem of the target, 涵盖通信渠道和协议等领域, 加密和密码学的使用, 接口和api, 固件, 硬件, 以及其他关键领域. Our deep dive manual testing 和 analysis looks for both known 和 previously undiscovered vulnerabilities.
-
社会工程渗透测试服务
Malicious users are often more successful at breaching a network infrastructure through social engineering than through traditional network/应用程序 exploitation. 帮助你为这种罢工做好准备, 我们使用人工和电子相结合的方法来模拟攻击. Human-based attacks consist of impersonating a trusted individual in an attempt to gain information 和/or access to information or the client infrastructure. Electronic-based attacks consists of using complex phishing attacks crafted with specific organizational goals 和 rigor in mind. Rapid7将为您的组织定制方法论和攻击计划.
-
红队攻击模拟
希望关注组织的防御、检测和响应能力? Rapid7 works with you to develop a customized attack execution model to properly emulate the threats your organization faces. 模拟包括现实世界的对抗行为和战术, 技术, 和程序(TTPs), allowing you to measure your security program’s true effectiveness when faced with persistent 和 determined attackers.
了解更多详情 在这里.
-
无线网络渗透测试服务
We leverage the 开源安全测试方法手册(OSSTMM) 和 the 渗透测试 Execution St和ard (PTES) as a foundation for our 无线 assessment methodology, which simulates real-world attacks to provide a point-in-time assessment of vulnerabilities 和 threats to your 无线 network infrastructure.
帽衫之下:来自Rapid7渗透测试员的真实故事
每年,Rapid7渗透测试人员完成超过1000次的评估. We've collected just a few stories to give you some true insight into what goes on beneath the hoodie.
银行工作
This real-life story of social engineering owes its success to holes—some figurative, 还有一些大到可以穿过. Find out how our makeshift MacGyver bypassed a bank’s security checkpoints to make a devious deposit that helped him hack from the parking lot.
