Alibaba Cloud Vulnerability Discovery Service (Coming Soon)

Deeper and more precise vulnerability assessment based on asset discovery.

Alibaba Cloud Vulnerability Discovery Service (AVDS) is a SaaS-based network vulnerability scanning service. It can adaptively discover your network asset fingerprints, such as domains, subdomains, IPs, ports, protocol service, and web components. On this basis, it also deeply assesses the weaknesses of these assets in a continuous way, to help better mitigate relevant risks


High Accuracy With Multi-layer Verification Rules
Based on Alibaba’s in-house experience with advanced threat defense, AVDS provides multiple-layer verification rules to reduce false positives and deliver highly accurate scanning reports.
Intelligence-based IT assets discovery
Start from one domain, it discovers its relevant IPs, subdomains, ports, protocol services and web components. It gives you a bird-view of all your assets and helps to uncover the attack surface.
Fast scanning with a scalable architecture
With a flexible and scalable architecture built on Alibaba Cloud, AVDS supports up to thousands of scanning engines to work simultaneously and ensure rapid fast scanning.
No Agent and Deployment Required
Log on to the AVDS console to execute scanning at any time and eliminate the need to deploy and maintain any agent or boxes on-premises.


  • Continuous Website/Network/Host Vulnerability Assessment

    Weak password

    Protects against FTP, SSH, RDP, SMB, SMTP, POP3, IMAP, MYSQL, MSSQL, MongoDB, MemCache, Redis, Oracle, Subversion, LDAP, PPTP, VPN, HTTP basis login, WebFrom login form, and other threats

    Web injection

    Safeguards your online infrastructure from SQL injection, command execution, code injection, SSRF injection, expression injection, JAVA expression injection command execution, deserialization, XPATH injection, and other injection vulnerabilities

    File inclusion

    Manages local/remote file inclusion (LFI/RFI), arbitrary file read, arbitrary file upload, XXE, arbitrary file deletion, and more

    Logic vulnerability

    Protects against JSON data hijacking, identity authentication security, verification code limitation bypass, business consistency security, business data tamper, authentication permission recall logic, business authorization (horizontal/vertical arrogation) security, business procedure derangement, and business interface calling security

    Front-end vulnerability

    Ensures protection against cross-site (XSS) Request Forgery (CSRF), ClickJacking, Jsonp hijacking, HTTP head injection CRLF, and URL redirection


    Manage and mitigate WebServer misconfiguration, middleware misconfiguration, and container misconfiguration

    Information leakage

    Manage and control configuration file, test file, directory traversal attack, back-up file, SVN, GIT, compression package, temporary file, interface exposure, Heartbleed bug, and more

  • Discovery of Unknown Assets

  • Professional Reports and Remediation Suggestions

  • Vulnerability Consultation Services