Penetration test service

Baidu provides penetration testing services, simulates hackers' intrusion ideas and technical means, and uses controllable and non-destructive methods and means to conduct in-depth security detection on the system, so as to find out the risk threats and vulnerabilities of the system before hackers, and reduce the business losses and economic losses caused by hackers' intrusion to enterprises.

Application service
Help Documents
  • Service introduction
  • Product advantages
  • Use Scenarios
  • Documentation and Tools
  • Related products

Service introduction

 Based on years of security accumulation of Baidu, the penetration test service simulates hackers' intrusion ideas and technical means under the authorization of users, and uses controllable and non-destructive methods and means to conduct in-depth security detection on the system. Find the risk threats and vulnerabilities of the system before hackers, and assist managers to quickly find and repair the risks and vulnerabilities of the system.

Product characteristics

Safe and controllable

Test cases can be flexibly selected, vulnerability details are completely privatized, and a complete risk aversion plan is formulated to ensure that business continuity is not affected during testing

Standard test specifications

Follow the industry OSSTMM and OWASP test framework, select typical practices for operation, and effectively avoid risks such as business exceptions caused by non-standard processes

Mature and rich knowledge base

Based on Baidu's years of experience in security attack and defense, a mature and rich penetration test case knowledge base has been accumulated to ensure the comprehensiveness of penetration test content and the in-depth excavation of test vulnerabilities

Professional safety team

The safety service team is mainly composed of CISP, CISSP, PMP and other certified senior engineers

Use Scenarios

  • application system

    Conduct security tests on threats such as injection, cross site scripting, ultra vires, CSRF, information disclosure, malicious file execution, and business risks

  • IOS side

    Covering iOS client, server, local package security policy, sensitive information, data communication and other aspects, conduct a comprehensive and detailed security test on iOS APP

  • Android side

    Covering Android client, server, local package security policy, sensitive information, data communication and other aspects, conduct a comprehensive and detailed security test on Android APP

  • Network wide penetration

    Conduct comprehensive assessment and penetration test on the security of the enterprise's entire network, find out the risk threats and vulnerabilities in the network, and let managers understand and master the problems faced by the entire network

Documentation and Tools

Novice Guide

Operation Guide

common problem

Related products

Security detection service
Security detection service
It can detect many common web vulnerabilities such as SQL injection, XSS, and vulnerabilities in system software.
Traffic audit
Traffic audit
On cloud bypass intrusion detection can quickly perceive security threat events and meet the requirements of equal assurance compliance audit.
Application firewall WAF
Application firewall WAF
It can intercept SQL injection, XSS, file upload and other hacker attacks, and customize the protection strategy to effectively protect the security of the user origin.
Host security client
Host security client
Cloud server security protection products for enterprise customers.