Found last yearMicrosoft Exchange Server Vulnerabilities, and won the Pwnie Awards, known as the "Oscars of the Cybersecurity Industry"Best Server Vulnerability AwardAfterwards, DEVCORE shared its philosophy on establishing red team drills and other services today (1/12), and emphasized that it hopes to help companies establish adequate system security protection mechanisms through hacker attack ideas.
DEVCORE co-founder and CEO Weng Haozheng said that many companies' security protection concepts are often based on purchasing security protection solutions from outside, but they often ignore the vulnerabilities generated during the actual operation of the system, making it easy for external attacks to invade, leading to data theft or even greater damage.
DEVCORE believes that by using the same attack methods as hackers to penetrate corporate systems, they can more directly and effectively help companies identify security vulnerabilities and improve their protection capabilities without impacting business operations or data security. Therefore, through Red Team Assessments and Penetration Testing, companies can identify vulnerabilities early, preventing them from being overwhelmed in the event of an actual attack.
Weng Haozheng said that building defense through attack has always been the spirit of DEVCORE. He also believes that only through continuous attack and exploitation of loopholes can we truly find security protection methods.
Since its founding in November 2012, DEVCORE has provided high-quality penetration testing services to help companies in security-critical industries, including government, finance, semiconductors, e-commerce, and healthcare, verify their security protections. In 11, DEVCORE officially launched red team exercises, using real-world drills to further validate enterprise security capabilities and uncover potential vulnerabilities.
After winning numerous awards and helping to uncover various security vulnerabilities in enterprises, DEVCORE stated that over 9% of external enterprise systems can be directly penetrated and accessed, and over 7% of core enterprise systems can be breached and controlled, leading to service interruptions. This further highlights that enterprise information security must be verified through actual operations to ensure its actual security level.
However, as corporate security vulnerabilities continue to be discovered and fixed, does this mean that DEVCORE will no longer be able to play a role? DEVCORE co-founder and Red Team Director Xu Fukai believes that the continuous development of technology will indeed make the network environment more and more secure. At the same time, various anti-virus technologies and protection solutions will become smarter, and even new forms of application services and frameworks will be less likely to have vulnerabilities. However, in the process of system iteration and update, old program codes, usage permissions, and more complex system structures will still cause vulnerabilities. Therefore, DEVCORE can still continue to help companies discover vulnerabilities through hacker thinking.
Therefore, when it comes to cybersecurity, DEVCORE believes that companies should place greater emphasis on field drills and simulated penetration results, especially as some countries are beginning to use system vulnerabilities as digital weapons. Furthermore, more organizations are publicly or privately acquiring information on cybersecurity vulnerabilities. In the future, it may become even more difficult to imagine the potential impact of system vulnerabilities.
