Information security testing, a software testing report (or third-party testing report, software security testing report) issued for a software/information system , is a test report that is required before an information system/software goes online.
Standards for information security testing:
Information security testing is based on DB31/T272-2008 "General Technical Specifications for Computer Information System Security Evaluation", referring to GB/T 18336.2-2015 "Information Technology Security Technology Information Technology Security Evaluation Guidelines Part 2: Security Functional Components", GB/T 22239 - The relevant requirements in the 2019 "Basic Requirements for Information Security Technology Information System Security Level Protection" (Level 2) are evaluated.
Information system security evaluation, software evaluation has advantages in application information system security testing:
1. Multi-dimensional, in-depth vulnerability detection and scanning
The software evaluation center has a variety of different scanning tools for special vulnerability scanning of applications , multi-dimensional in-depth scanning of applications, and accurate location of vulnerabilities.
2. Have a technical team
The average evaluation work experience of the safety practitioners in the software evaluation center is more than 10 years. The safety testers have corresponding certificates. The evaluation laboratory has a perfect software testing quality in line with ISO/IEC17025 "General Requirements for Calibration and Testing Laboratory Capabilities" Management system, providing all aspects of security testing items, providing a comprehensive application security testing program!
3. Rapid response
Through the application of security testing tools, fast and accurate scanning, and automatic generation of test reports; provide vulnerability solutions, strictly abide by the time agreement with customers, and meet customer delivery requirements.
standardized testing process
Comply with technical regulations and specifications, reflecting the correctness and effectiveness of objective testing. The test process follows the requirements of GB/T25000.51; the stage review mechanism, process supervision mechanism, and result review mechanism; the test process is combined with manual and automatic.
4. Rich testing experience
The average evaluation work experience of the evaluation staff is more than 10 years, and it provides 400+ security test items in all aspects to make the problem transparent; it can conduct security tests for WEB terminals, H5 interfaces, small programs, APP and other application types.
5. Testing laboratory
With CMA\CNAS testing certificate, the laboratory has an independent testing environment and is isolated from the Internet to ensure the safety and confidentiality of the testing process; the laboratory equipment is regularly calibrated to ensure the accuracy of the results.
Information system/software security assessment is carried out before the launch, usually directly find a third party with CMA\CNAS qualifications for testing, and issue a software system security assessment report/software security test report, and apply for national, provincial and municipal science and technology projects for later enterprises, or Enterprises apply for small and medium-sized enterprise innovation funds, accept scientific and technological projects, and appraise scientific and technological achievements to provide certification materials for the evaluation reports of third-party testing agencies. One report can be used for multiple purposes.
Tags: information security, security testing