Help Center/ SAP Cloud/ SAP Security White Paper/ Development and Test Environment Security Solution/ Security Management
Updated on 2022-03-04 GMT+08:00
View PDF
Share

Security Management

Security Evaluation

It is recommended that you regularly perform security evaluation (provided by Huawei Security Assessment Service) on websites and key hosts in order to discover and mitigate security risks.

  • Check items include:
    • For websites: structured query language (SQL) injection, cross-site scripting (XSS), file inclusion, any file upload, any file download, web weak password, and service weak password.
    • For hosts: remote vulnerability scanning, weak password scanning, high-risk port identification, high-risk service identification, and baseline check.
  • The Huawei security expert team will review the security evaluation reports submitted by professional organizations and direct the professional organizations to improve service quality for better customer experience.
  • Security evaluation identifies vulnerabilities accurately and provides information about how to fix them. Customized overall solutions are available for users to build a comprehensive security system.

Website Monitoring

  • Unauthorized tampering detection (monitoring web page tampering, especially unauthorized tampering and hidden link tampering)
  • Broken link detection (detecting links whose target pages were deleted or removed, invalid links whose associated websites were migrated, and unreachable article links that were static links)
  • Vulnerability check (detecting SQL injection, XSS, file inclusion, sensitive information disclosure, and any file download)
  • Availability check (monitoring network availability through nationwide availability and domain name service (DNS) monitoring sites)
  • Unnecessary service check (regularly checking whether a website provides unnecessary services)
  • Sensitive content audit (regularly checking whether a website provides sensitive content and generating alarms for pages with sensitive content)
  • Collaborative prewarning (assisting the technical team to provide prewarning concerning newly-detected vulnerabilities and threats)

Key Management

If a service in the system requires data encryption, it is recommended that you use HUAWEI CLOUD Key Management System (KMS) for key management on the service to meet security and compliance requirements.