01R&D Phase 1

For the Android application, provide static, dynamic scanning and malicious analysis, detailed interpretation of loopholes and risks, precisely position the code problem and give you the most professional rectification suggestions
service Service
  • Test contents: more than 20 test points cover: environmental security, data security, communication security and so on
  • Delivery period: about 2working days / application
  • Delivery form: report(including vulnerability description, types, grades, explain the vulnerability and risk in detail, position and repair suggestion), expert interpretation
advantage Advantages
  • 1 Presice
  • 2 Convenient and swift
  • 3 Professional security repair suggestions
Detect the security and vulnerability of application source code, and help enterprise discover and repair the potential security problems. Supporting language:a dozen of computer language of JAVA, JSP, C,C++,PHP, ASP, C#,JavaScript,VBScript,Python,HTML,XML, etc.
serviceService contents
  • 1Security development coding specification training
  • 2Security risk detection of source code and problem analysis and repair
  • 03Delivery period:5-10 working days
  • 3Form and process:on-site service of experts team
serviceprocess
  • Preparation phase: Determine audit requirements -> Develop a test plan
  • Detection phase: Build audit testing environment -> professional audit tool scanning
  • Manual Audit: analyze and verify vulnerability risk -> confirm repair and solutions, business logic audit, etc.
  • Results submission: Completion of audit report
advantageAdvantages
  • 1 Professional security service team
  • 2 Standard code audit service flow
  • 3 Senior security experts coding specification training
  • 4 High-quality security risk solution
Senior security experts team of Testin relies on profound knowledge systems and abundant industry experience to help customers build and maintain a comprehensive information security system and protect the security of companies, applications, and data, based on international / national standards and industry supervision standard. Security consultion services include:

Security strategy consultation service

ICON
Information system security risk assessment
Identify, assess the importance of information assets, the possibility of security threats, the severity of security vulnerabilities, and the effectiveness of security control measures, etc., provide security disposal and reinforcement suggestions to enhance the ability of security risk management and security assurance
ICON
Information security grade protection
Refer to the requirement of national grade protection standard GB/T22239, GB/T22240 and industry grade protection standard, help to complete the work of system rating and record, the design and implement of information security management system and grade protection assessment,etc. to meet the supervision requirement and have sufficient information security capabilities
ICON
Information security management system construction
Refer to the state standard ISO27001, ISO27002 and domestice standard GB/T22080, GB/T22081, in accordance with the complete management process of PDCA, ensure that customers establish and maintain a complete and effective information security management system, provide adequate security for operations of key business

Security technology consultation service

ICON
Infrastructure construction consultation
Integrated defense system in depth, from the easy to the diffcult, teach and guide the mothods to protect physical security, network security, host security, application security, and data security
ICON
Security development specification consultation
At the beginning of the development, provide guidance suggestions on demand design, business design, coding development, testing and other stages, and avoid foreseeable risks
ICON
Safety coding specification consultation
Provide guidance to help improve development efficiency and minimize the likelihood of security vulnerabilities and risks
ICON
Application business security consulting
From the perspective of custermer's industry, analyze the possible risks of existing and future business and provide rational repair suggestions for business risks

02Releasing Phase

Deeply security test

Provide non-destructive intrusion test of simulated hacker action, and aim to discover strong logic and deep vulnerabilities. Provide guidance suggestions for the safety configuration and management of the system after the customer understands the security conditions of the system
service Service
  • Test object: Mobile system (Android/IOS), Web system
  • Test contents:
    obile-more than 100 test points cover: client security, server security, Communication security between client and server,etc
    Web version- more than 50 core test points cover:host level security, application level security, network level security
  • Delivery period: about 5 working days / application
  • Delivery form: report(including vulnerability description, types, grades, detailed vulnerability position and repair suggestion), expert interpretation
advantage Advantages
  • 1 Security experts team
  • 2 Comprehensive and deep detection
  • 3 The test process is normative, and it follows the industry standard.