Security Management
Data Security
Network Security
Application Security
Cloud Security
MSS Service
Professional Service
Security Service
Product Support Service
-
DAS Vulnerability Scanning System (DAS-RAS)
The DAS Vulnerability Scanning System (DAS-RAS) integrates DAS-Security's years of best-practice experience in vulnerability mining, penetration testing, and vulnerability inspection methods. It combines host security scanning, website security scanning, database security scanning, weak password discovery, and baseline configuration verification. DAS-RAS helps users improve their network security protection performance and anti-damage capabilities.
-
-
-
-
Comprehensive scanning task types
"Active + passive" dual-engine driven, it can fully cover various asset types such as hosts, websites, databases, and container images, and accurately detect risks such as security vulnerabilities, configuration issues, weak passwords, and sensitive events.
-
-
-
-
Intelligent collaborative mode
An innovative collaborative scanning mode that can complete asset detection, host and Web vulnerability scanning with a single click, realize "asset-vulnerability-risk" correlation analysis, and significantly improve the detection efficiency and coverage in complex network environments.
-
-
-
-
Rich evaluation templates
It has built-in compliance policy libraries such as Classified Protection 2.0, MIIT baselines, and DAS-Security's specifications, and supports custom baseline configuration to flexibly adapt to regulatory requirements of different industries.
-
-
-
-
Multi-dimensional asset identification
With a rich asset fingerprint library, it can automatically detect assets in IP segments, use flexible port detection methods and multi-granularity service detection to automatically and accurately identify open ports, service banners, Web fingerprints, operating systems, hostnames, and large-model services of assets.
-
-
-
-
Comprehensive and efficient system scanning
It has a built-in library of over 300,000 system vulnerabilities and supports both authorized and unauthorized methods to efficiently scan and discover security vulnerabilities in operating systems, databases, middleware, network devices, security devices, commonly used applications, and container images.
-
-
-
-
Leading Web vulnerability scanning
It has an industry-leading Web vulnerability library. It crawls the target website through dynamic and static crawler technologies or collects URLs through passive scanning, and automatically conducts vulnerability detection. It supports Web 2.0 crawlers and OWASP_TOP10 detection.
-
-
-
-
Complete baseline verification capabilities
Based on security configuration templates from the MIIT, the Ministry of Public Security, our self-developed templates, or custom templates, it can conduct online or offline configuration checks on target operating systems, databases, network devices, middleware, etc., and output configuration compliance reports.
-
-
-
-
In-depth database scanning
By logging into the database, it conducts in-depth security detection from aspects such as basic database information, insecure configurations, weak passwords, vulnerabilities, and patches, and accurately evaluates the security vulnerabilities and weaknesses in the database system.
-
-
-
-
Comprehensive weak password detection
It uses intelligent weak password dictionary generation, scanning, and local password collision methods to efficiently discover weak password risks in target assets and supports weak password detection for over 30 protocols.
-
- Application program security check
- Critical security protection
- Large-model asset and risk investigation
-
- Requirement
Security checks during the business development and testing phase and during routine maintenance.
Solution
Integrate vulnerability scanning into the entire business development process. The product can conduct in-depth scans of Web applications, detect common Web vulnerabilities such as SQL injection, XSS attacks, and file upload vulnerabilities, protect website security, and prevent security incidents such as website tampering and user data theft.
-
- Requirement
Vulnerability scanning serves as an important tool to assess the security vulnerabilities of the entire network and make up for deficiencies in advance.
Solution
Leveraging our years of accumulated security service experience, the product has a built-in rich and highly available vulnerability policy library. It can quickly issue high-risk vulnerability, high-risk port and weak password ("two highs and one weak") detection tasks, ransomware risk detection tasks, and highly available vulnerability detection tasks to identify network security weaknesses ahead of attackers.
-
-
Requirement
Identify large-model assets, service types, and vendors within the domain to avoid the increased risk exposure caused by privately built large models.
Solution
Based on a powerful asset engine, it can collect information such as IP addresses, ports, types, model vendors, and model names of large models, and perform vulnerability scans on large-model website applications and service frameworks, such as Ollama security vulnerabilities, vLLM security vulnerabilities, Open WebUI security vulnerabilities, and Gradio security vulnerabilities.
