在安全领域和在生活中一样,最难指出的弱点是你自己. 幸运的是,我们可以彻底记录你所有的缺点. In fact, it’s kind of our job. And that’s a good thing: Knowing your vulnerabilities—and the ways in which attackers could exploit them—is one of the greatest insights you can get in improving your security program. With that in mind, Rapid7’s Penetration Testing Services team will simulate a real-world attack on your networks, applications, devices, and/or people to demonstrate the security level of your key systems and infrastructure and show you what it will take to strengthen it. Much like your mom, we don't highlight your failings because it bothers you—we do it because we care.
How can we help?
Let our experts simulate an attack on your network to show you your weaknesses (and how to bolster them).
Contact UsWay more than security experts
阻止攻击者的最好方法是像攻击者一样思考和行动. Which is why, unlike many security firms, we don’t hire recent grads or people with more experience in IT than security as pen testers. 相反,我们发现好人知道坏事. Things like ATM hacking, 多功能打印机开发, 汽车无钥匙进入攻击, 端点保护旁路技术, RFID cloning, 绕过安全警报系统,你懂的. And those kinds of people? 他们不仅仅是安全专家,他们是真正的黑客.
To stay perpetually one step ahead of attackers—and help others do the same—our testers devote 25% of their time to conducting research and contribute to the security community, publishing articles, presenting at conferences, 开发和发布开源测试工具, 以及编写流行的Metasploit模块. (Bonus: Since we own Metasploit, our pen testers get unparalleled access to the most widely used penetration testing tool in the world.)
修复什么,何时修复,如何修复
The best you can hope for from most penetration tests is a long list of problems with little context on how to fix them or where to start. Helpful, right? Rapid7提供了问题的优先级列表, based on the exploitability and impact of each finding using an industry-standard ranking process.
What can you expect? 每个发现的详细描述和概念证明, 以及一个可行的补救计划. And because we understand that risk severity is only one factor in prioritizing remediation efforts, we'll also provide insight into the level of effort needed to remediate the findings. In addition, you'll receive:
- 一个带你经历复杂连锁攻击的攻击故事板
- Scorecards that compare your environment with best practices from an attacker’s perspective
- 积极的调查结果表明您拥有哪些有效的安全控制
遵从性是良好安全性的副产品
我们相信良好的安全性会带来良好的合规性. That's why everything we do—from our investment and commitment in Metasploit to our new attacker analytics products—is focused on helping you better understand attackers and how to defend against them. This extends to our penetration testing services; every company’s network and challenges are unique, so our penetration testers tailor their methods and attack vectors for each engagement. 我们也会定期对自己的网络和产品进行渗透测试, 以确保它们在检测真实世界的攻击时始终处于最新状态.
Our pen testing services
Rapid7提供了一系列的渗透测试服务来满足您的需求. 找不到你要找的东西? 联系了解我们的定制解决方案.
-
网络渗透测试服务-外部或内部
We simulate real-world attacks to provide a point-in-time assessment of vulnerabilities and threats to your network infrastructure.
-
Web应用渗透测试服务
In addition to the 开源安全测试方法手册(OSSTMM) and the Penetration Testing Execution Standard (PTES) Rapid7’s application penetration testing service leverages the Open Web Application Security Project (OWASP), 用于评估基于web的应用程序安全性的综合框架, 作为我们web应用程序评估方法的基础.
-
移动应用渗透测试服务
随着移动应用程序的广泛使用不断增长, 消费者和企业发现自己面临着隐私方面的新威胁, 不安全的应用集成, and device theft. We go beyond looking at API and web vulnerabilities to examine the risk of the application on a mobile platform. 我们利用开放Web应用程序安全项目(OWASP), 开源安全测试方法手册(OSSTMM), and Penetration Testing Execution Standard (PTES) methodologies to thoroughly assess the security of mobile applications.
-
物联网和互联网感知设备测试
互联网感知设备从无所不在, 商用物联网(IoT)设备和系统到汽车, 医疗保健和关键任务工业控制系统(ICS). Our testing goes beyond basic device testing to consider the entire ecosystem of the target, 涵盖通信渠道和协议等领域, 加密和密码学的使用, interfaces and APIs, firmware, hardware, and other critical areas. Our deep dive manual testing and analysis looks for both known and previously undiscovered vulnerabilities.
-
社会工程渗透测试服务
Malicious users are often more successful at breaching a network infrastructure through social engineering than through traditional network/application exploitation. 帮助你为这种罢工做好准备, 我们使用人工和电子相结合的方法来模拟攻击. Human-based attacks consist of impersonating a trusted individual in an attempt to gain information and/or access to information or the client infrastructure. Electronic-based attacks consists of using complex phishing attacks crafted with specific organizational goals and rigor in mind. Rapid7将为您的组织定制方法论和攻击计划.
-
Red Team Attack Simulation
希望关注组织的防御、检测和响应能力? Rapid7 works with you to develop a customized attack execution model to properly emulate the threats your organization faces. 模拟包括现实世界的对抗行为和战术, techniques, and procedures (TTPs), allowing you to measure your security program’s true effectiveness when faced with persistent and determined attackers.
-
无线网络渗透测试服务
We leverage the 开源安全测试方法手册(OSSTMM) and the Penetration Testing Execution Standard (PTES) as a foundation for our wireless assessment methodology, which simulates real-world attacks to provide a point-in-time assessment of vulnerabilities and threats to your wireless network infrastructure.
帽衫之下:来自Rapid7渗透测试员的真实故事
每年,Rapid7渗透测试人员完成超过1000次的评估. We've collected just a few stories to give you some true insight into what goes on beneath the hoodie.
The Bank Job
这个社会工程的真实故事归功于它的成功——有些是象征性的, 还有一些大到可以穿过. Find out how our makeshift MacGyver bypassed a bank’s security checkpoints to make a devious deposit that helped him hack from the parking lot.
