当前位置:网站首页>Secondary vocational network security skills competition P100 web penetration test
Secondary vocational network security skills competition P100 web penetration test
2022-07-25 03:22:00 【Beluga】
One 、 What is penetration testing
Penetration test (penetration testing) It is an authorization attack on computer system , To evaluate the system / The security of the network , Perform tests to identify vulnerabilities and their risks . generally speaking , The penetration test process is divided into five stages : Including identifying the target system 、 Detect the existing vulnerabilities and the availability of each vulnerability . The goal of penetration testing is to find as many vulnerabilities as possible , And deliver reports in a common format acceptable to customers .
Two 、 Penetration test type
White box (white box): In the white box test , The testee will generally provide the target system to the tester 、 The Internet 、 Application and other details ( Including account number 、 password 、SSH/Telnet login information 、 framework 、 Network structure 、 Source code … … wait ).
Black box (black box): Test simulating the attacker scenario . Act as a real attacker's perspective , There is no information about the target system ( White box test description ), The biggest feature of this test is that the tester will pay more attention to the first stage of penetration test —— information gathering . The more information you collect , The better the effect of post test .
Gray box (gray box): Between black and white box test , In a typical gray box test , The tester will know the relevant target system in advance 、 Applications 、 Internet Information … … wait . This kind of test is usually applicable to organizations with time limit requirements , The tested person provides effective information , Testers can focus on systems that are more risky , Save the early information collection time .
3、 ... and 、 Penetration test phase
according to Harpreet Singh、Himanshu Sharma Professional description of others , The infiltration process can be divided into the following stages :
Stage 1: Information collection and investigation
Stage 2: enumeration
边栏推荐
- A queue of two stacks
- FLASH read / write problem of stm32cubemx
- Download the jar package of jsqlparser and PageHelper
- Function method encapsulation -- mutual conversion of image types qpixmap, qimage and mat
- Analysis of cascading relation operation examples of cascade
- Vscode configuration, eslint+prettier combined with detailed configuration steps, standardized development
- CVPR 2020 | social stgcnn: pedestrian trajectory prediction based on graph convolution
- Learning record Xi
- Dc-2-range practice
- Concurrent programming day01
猜你喜欢
Decoding webp static pictures using libwebp
Hashcode details
Hal library serial port for note taking
mysql_ Record the executed SQL
292. Nim game
Riotboard development board series notes (VIII) -- building desktop system
Day 10: BGP border gateway protocol
NC | progress has been made in the study of the ecological network relationship between dissolved organic carbon and microorganisms in the context of global change
Stm32cubemx quadrature encoder
![[stm32f130rct6] idea and code of ultrasonic ranging module](/img/a6/1bae9d5d8628f00acf4738008a0a01.png)
[stm32f130rct6] idea and code of ultrasonic ranging module
随机推荐
Review all frames before sum of SSM frames
Database transactions (often asked)
Query the information of students whose grades are above 80
Imeta | ggclusternet microbial network analysis and visualization nanny level tutorial
[stm32f130rct6] idea and code of ultrasonic ranging module
C language_ Defining structures and using variables
Leetcode programming practice -- Tencent selected 50 questions (I)
What is technical support| Daily anecdotes
mysql_ Create temporary table
mysql_ Record the executed SQL
Method of adding kernel in Jupiter notebook
Reasons for not sending requests after uni app packaging
Common methods of array
LeetCode. 302 weekly games___ 03_ 6121. Query the number smaller than k after cutting the number____ sort
Time formatting
The dolphin scheduler calls the shell script and passes multiple parameters
JS password combination rule - 8-16 digit combination of numbers and characters, not pure numbers and pure English
Easyexcel sets the style of the last row [which can be expanded to each row]
Can bus baud rate setting of stm32cubemx
A. Subtle Substring Subtraction