purchase guide - developer-res-cbc-cn.obs.cn-north-1 ... · security assessment service purchase...

Security Assessment Service

Purchase Guide

Issue 05

Date 2018-04-03

HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2018. All rights reserved.No part of this document may be reproduced or transmitted in any form or by any means without prior writtenconsent of Huawei Technologies Co., Ltd. Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respectiveholders. NoticeThe purchased products, services and features are stipulated by the contract made between Huawei and thecustomer. All or part of the products, services and features described in this document may not be within thepurchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,and recommendations in this document are provided "AS IS" without warranties, guarantees orrepresentations of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute a warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.Address: Huawei Industrial Base

Bantian, LonggangShenzhen 518129People's Republic of China

Website: http://e.huawei.com

Issue 05 (2018-04-03) Huawei Proprietary and ConfidentialCopyright © Huawei Technologies Co., Ltd.

i

http://e.huawei.com

Contents

1 Overview......................................................................................................................................... 1

2 Charging Standard........................................................................................................................ 2

3 Purchasing SAS..............................................................................................................................33.1 Assess Now.....................................................................................................................................................................33.2 Pre-order......................................................................................................................................................................... 8

Security Assessment ServicePurchase Guide Contents


ii

1 Overview

Security Assessment Service (SAS) is an "expert" service that, by security tests, identifiessecurity risks in your information assets and provides handling suggestions.

SAS provides two assessment modes: Preliminary Assessment and Accurate Assessment.Table 1-1 describes them in detail.

Table 1-1 SAS assessment modes

Mode Charge Check Item

PreliminaryAssessment

Free of charge l Common port scanningl Opened service identificationl Preliminary web security analysis

AccurateAssessment

Charged onceonly by thenumber of sites

l Common port scanningl Opened service identificationl Preliminary web security analysisl Structure Query Language (SQL) injectionl Cross-site scripting (XSS)l File inclusionl Random file uploadl Random file downloadl Weak password testingl Sensitive information leakage

Security Assessment ServicePurchase Guide 1 Overview


1

2 Charging Standard

SAS provides a free preliminary assessment mode and a charged accurate assessment mode.Accurate Assessment charges once only by the number of sites to be assessed.

For price details, see Product Price Details.

Security Assessment ServicePurchase Guide 2 Charging Standard


2

http://support.huaweicloud.com/en-us/pro_price/index.html

3 Purchasing SAS

SAS provides two service modes:

l Assess NowWhen purchasing SAS, you can select Assess Now. In this mode, you need to specify thenumber of sites to be assessed and information about the sites. SAS will thenauthenticate the sites. After a service order is created, a Huawei expert will contact youwithin one workday to determine your test scope and review your credentials. After theservice order is approved and paid, a third-party evaluation institute of informationsecurity will inspect your sites based on the order.

l Pre-orderWhen purchasing SAS, you can select Pre-order. In this mode, you need to specify thenumber of sites to be assessed (mandatory for accurate assessment). You can completesite information within one year. After the service order is approved, a third-partyevaluation institute of information security will inspect your sites based on the order.

Select a mode based on your needs.

3.1 Assess Now

Scenario

Before purchasing SAS, you can consult experts for more information about SAS using thecontact information provided on the SAS console.

You can purchase SAS directly if you are familiar with its service process and check items.

Prerequisites

You have obtained an account and its password for logging in to the management console.

Procedure

Step 1 Log in to the management console.

Step 2 Choose Security > Security Assessment Service > Overview. The Overview page isdisplayed.

Security Assessment ServicePurchase Guide 3 Purchasing SAS


3

Step 3 Click Purchase Security Assessment.

Step 4 In the Service Model area, click the Assess Now tab and enter information as required, asshown in Table 3-1.

Table 3-1 Parameter description

Parameter Description Example Value

Project Name Indicates the customized name of a project.l The name contains 1 to 32 characters.l The following characters can be used in the

name: uppercase letters, lowercase letters,digits, underscores (_), and hyphens (-).

Main_site_check



4



Preliminary assessment is free of charge andchecks the following items in user-specifiedsites:l Common port scanningl Opened service identificationl Preliminary web security analysisYou can enable or disable preliminaryassessment.

l : enabled

l : disabled

Quantity Set the number of sites for which preliminaryassessment is to be performed.For each service order, a maximum of 10 sitescan be assessed.NOTE

This parameter is available when preliminaryassessment is enabled.

1

PreliminaryAssessmentSites

Enter the address and port of the site to beassessed.NOTE


http://192.168.1.1:80

AccurateAssessment

Accurate assessment charges fees and checksthe following items in user-specified sites:l Common port scanningl Opened service identificationl Preliminary web security analysisl Structure Query Language (SQL) injectionl Cross-site scripting (XSS)l File inclusionl Random file uploadl Random file downloadl Weak password testingl Sensitive information leakageYou can enable or disable accurate assessment.

l : enabled

l : disabled



5


Quantity Set the number of sites for which accurateassessment is to be performed. For each serviceorder, a maximum of 10 sites can be assessed.NOTE

This parameter is available when accurate assessmentis enabled.

1

AccurateAssessmentSites

Enter the address and port of the site to beassessed.NOTE

This parameter is available when accurate assessmentis enabled.

http://192.168.10.10:8080

Tag Attaching tags to orders facilitates orderidentification and management. A tag consistsof a tag key and a tag value.NOTE

An order can have a maximum of 10 tags. For oneorder, one tag key corresponds to one tag value.

Key: 001, Value: 002

Step 5 On the right of the site to be assessed, click Authenticate. In the Authenticate Site dialogbox, authenticate the site.l Automatic authentication

Get the site authenticated as instructed by the page.

l Manual authenticationFill in the authentication form as instructed. Then upload the form and clickAuthenticate. Huawei security experts will authenticate the site on a one-on-one basis.



6

NOTE

The authentication status of a site being authenticated is , and that of a site authenticated is

.

Step 6 In the Contact Information area, enter the contact information and the 6-digit SMSverification code.

Step 7 Read the privacy protection statement. Then select I have read and agree to the PrivacyPolicy Agreement and click Purchase Now.

For any doubt about the pricing, click Price Details.

Step 8 In the Information dialog box, click OK.

A service order in Auditing status is added to the list of service orders, which means youhave successfully created a service order. If you want to modify the order, choose More >Modify in the row containing the order. For details about modifying an order, see the SecurityAssessment Service User Guide.



7

NOTE

After you create a service order, a Huawei expert will contact you within one workday to determine yourtest scope and review your credentials. When your service order is approved, its status becomes Waitingfor payment and you will receive an SMS message about that. Now, you can pay for the order.

Step 9 Pay for the order.

1. Log in to the management console.2. Choose Security > Security Assessment Service > SAS List. The service order list is

displayed.3. In the row containing the desired service order, click Pay.

4. On the Order Details page, confirm the order information, select I have read and agreeto the Security Service Disclaimer, and click Submit Order.

5. Select a payment method and click Pay.– When your account balance is sufficient, the system automatically completes the

payment.– When your account balance is insufficient, charge your account first.When the order is successfully paid, the order status is Paid. The system then sends theorder offline to a qualified professional third party which will perform security checksbased on the order. After the checks are completed, the third-party sends a check reportto the Huawei expert team which will examine the check results. If the report isapproved, a full SAS service process is completed.

NOTE

When the service process is completed, you will receive an SMS message about that. You can thendownload the report and evaluate SAS within 15 days after you receive the message.

----End

3.2 Pre-order

Scenario

Before purchasing SAS, you can consult experts for more information about SAS using thecontact information provided on the SAS console.

You can purchase SAS directly if you are familiar with its service process and check items.

Prerequisites

You have obtained an account and its password for logging in to the management console.

Procedure

Step 1 Log in to the management console.

Step 2 Choose Security > Security Assessment Service > Overview. The Overview page isdisplayed.



8

Step 3 Click Purchase Security Assessment.

Step 4 In the Service Model area, click the Pre-order tab and enter information as required, asshown in Table 3-2.

Table 3-2 Parameter description


Project Name Indicates the customized name of a project.l The name contains 1 to 32 characters.l The following characters can be used in the

name: uppercase letters, lowercase letters,digits, underscores (_), and hyphens (-).

Main_site_check



9



Preliminary assessment is free of charge andchecks the following items in user-specifiedsites:l Common port scanningl Opened service identificationl Preliminary web security analysisYou can enable or disable preliminaryassessment.

l : enabled

l : disabled

Quantity Set the number of sites for which preliminaryassessment is to be performed.For each service order, a maximum of 10 sitescan be assessed.NOTE


1

AccurateAssessment

Accurate assessment charges fees and checks thefollowing items in user-specified sites:l Common port scanningl Opened service identificationl Preliminary web security analysisl Structure Query Language (SQL) injectionl Cross-site scripting (XSS)l File inclusionl Random file uploadl Random file downloadl Weak password testingl Sensitive information leakageNOTICE

Accurate assessment is enabled by default and cannotbe disabled in the Pre-order mode.

Quantity Set the number of sites for which accurateassessment is to be performed. For each serviceorder, a maximum of 10 sites can be assessed.

1

Tag Attaching tags to orders facilitates orderidentification and management. A tag consists ofa tag key and a tag value.NOTE

An order can have a maximum of 10 tags. For oneorder, one tag key corresponds to one tag value.

Key: 001, Value: 002



10

Step 5 In the Contact Information area, enter the contact information and the 6-digit SMSverification code.

Step 6 Read the privacy protection statement. Then select I have read and agree to the PrivacyPolicy Agreement and click Purchase Now.

For any doubt about the pricing, click Price Details.

Step 7 On the Order Details page, confirm the order information, select I have read and agree tothe Security Service Disclaimer, and click Submit Order.

Step 8 Select a payment method and click Pay.l When your account balance is sufficient, the system automatically completes the

payment.l When your account balance is insufficient, charge your account first.

After you pay, a service order in Pre-ordered status is added to the list of service orders,which means you have successfully created a service order. You can set the site informationwithin one year by clicking Complete Information in the row containing your order. Fordetails about completing site information, see the Security Assessment Service User Guide.

After you set the site information, a Huawei expert will contact you within one workday todetermine your test scope and review your credentials. After the order is approved, the systemupdates its status to Paid. The system then sends the order offline to a qualified professionalthird party which will perform security checks based on the order. After the checks arecompleted, the third-party sends a check report to the Huawei expert team which will examinethe check results. If the report is approved, a full SAS service process is completed.

NOTE

When the service process is completed, you will receive an SMS message about that. You can thendownload the report and evaluate SAS within 15 days after you receive the message.

----End



11

purchase guide - developer-res-cbc-cn.obs.cn-north-1 ... · security assessment service purchase...

Documents