当前位置:网站首页>Secondary vocational network security skills competition P100 web penetration test
Secondary vocational network security skills competition P100 web penetration test
2022-07-25 03:22:00 【Beluga】
One 、 What is penetration testing
Penetration test (penetration testing) It is an authorization attack on computer system , To evaluate the system / The security of the network , Perform tests to identify vulnerabilities and their risks . generally speaking , The penetration test process is divided into five stages : Including identifying the target system 、 Detect the existing vulnerabilities and the availability of each vulnerability . The goal of penetration testing is to find as many vulnerabilities as possible , And deliver reports in a common format acceptable to customers .
Two 、 Penetration test type
White box (white box): In the white box test , The testee will generally provide the target system to the tester 、 The Internet 、 Application and other details ( Including account number 、 password 、SSH/Telnet login information 、 framework 、 Network structure 、 Source code … … wait ).
Black box (black box): Test simulating the attacker scenario . Act as a real attacker's perspective , There is no information about the target system ( White box test description ), The biggest feature of this test is that the tester will pay more attention to the first stage of penetration test —— information gathering . The more information you collect , The better the effect of post test .
Gray box (gray box): Between black and white box test , In a typical gray box test , The tester will know the relevant target system in advance 、 Applications 、 Internet Information … … wait . This kind of test is usually applicable to organizations with time limit requirements , The tested person provides effective information , Testers can focus on systems that are more risky , Save the early information collection time .
3、 ... and 、 Penetration test phase
according to Harpreet Singh、Himanshu Sharma Professional description of others , The infiltration process can be divided into the following stages :
Stage 1: Information collection and investigation
Stage 2: enumeration
边栏推荐
- Test question f: statistical submatrix
- JS method encapsulation summary
- Color space (1) - RGB
- Image processing based on hog feature
- Implementation principle of virtual DOM
- Learning record XIII
- A 20 yuan facial cleanser sold tens of thousands in seven days. How did they do it?
- Error: tomee required to support ear/ejb deployment
- Download the jar package of jsqlparser and PageHelper
- Method of adding kernel in Jupiter notebook
猜你喜欢
Day 10: BGP border gateway protocol
C language_ Defining structures and using variables
Database transactions (often asked)
Image processing based on hog feature
Force deduction brush question 14. Longest common prefix
Flowlayout in compose
Introduction to Apache Doris grafana monitoring indicators
Why does the legend of superstar (Jay Chou) not constitute pyramid selling? What is the difference between distribution and pyramid selling?
JS construct binary tree
Win10 -- open the hosts file as an administrator
随机推荐
Innobackupex parameter description
How chemical enterprises choose digital service providers with dual prevention mechanism
Question D: pruning shrubs
Reasons for not sending requests after uni app packaging
Solution: owner's smart site supervision cloud platform
Force deduction brush question 14. Longest common prefix
Hal library serial port for note taking
Recursive and non recursive methods are used to realize the first order, middle order and second order traversal of binary tree respectively
Analysis of DNS domain name resolution process
Learning Record V
Li Kou 279 complete square - dynamic programming
How to use two queues to simulate the implementation of a stack
Use and introduction of vim file editor
hello csdn
mysql_ User table_ Field meaning
A 20 yuan facial cleanser sold tens of thousands in seven days. How did they do it?
JS method encapsulation summary
Openlayers draw deletes the last point when drawing
Merge sort / quick sort
Test question f: statistical submatrix