Kali Linux penetration testing Introduction

Others 2020-02-07 22:51:16 views: null

  • The root causes of security issues

Advantage : clear division of labor, high efficiency.

Drawback : no employees overall understanding of the system, the more one-sided understanding of security.

The biggest threat is human, people make mistakes, absolute security can not be 100% eradicated.

 

Security objectives :

Before the attacker to detect and prevent loopholes.

Attack: the attacker's thinking discovered vulnerabilities to attack systems.

Protection type: a huge investment, there will be omissions, not comprehensive enough, the effect is not high.

 

Penetration Testing

Try to crack the system defense mechanisms to identify system weaknesses.

Thoughts from an attacker's perspective, measuring the effectiveness of security protection.

Proof problems, rather than destroy.

Have moral constraints, legal.

It is not limited to a single machine problems arise, while focusing on vulnerability and harm the entire system.

 

Penetration Testing Standard: PETS ( http://www.pentest-standard.org )

 

  1. Early interaction: with clients to determine the scope of penetration testing, application system penetration divide tasks, including support various software components of the system;
  2. Intelligence gathering: gather information on the target system, passive and active probing collection;
  3. Threat Modeling: According to the information collected to determine the most effective, the most likely way to succeed in the attack;
  4. Vulnerability analysis: analysis by the system software version, system application vulnerability analysis to write exploit code;
  5. Penetration attacks stage: not as imagined so smoothly, there is often the target system protection system;
  6. After the penetration testing phase: In a permeation machine as a springboard to further penetrate the entire system;
  7. Penetration test report: can be controlled to customers and colleagues demonstrated that other systems, description found that the use of the process, and how to resolve.

 

Penetration Testing Project :

Test range: the entire application system.

Customer authorizes (or just allow an attacker to bleed

Guess you like

Origin blog.csdn.net/qq_41490561/article/details/104215230
Recommended
Rushing to the GitHub hot list——How can open source programming languages and frameworks be so cute?
Beijing Humanoid Robot Innovation Center launches Tiangong, the world's first full-size humanoid robot with purely electric drive for anthropomorphic running
Ranking
8个无需编写代码即可使用 Python 内置库的方法
Java collections interview knowledge Lite
Machine learning algorithms foundation - Introduction a (watermelon materials for the book)
(Easy) Ransom Note - LeetCode
[Five days] Qt from entry to actual combat: the second day
Remember once extremely pit father can not download Maven Jar package of issues: IDEA question
The minimum cost Shortest
OSPF study map (the most complete version)
Network Takeaways
GnuPG
Daily
More
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)

Code World

© 2018 codetd.com