渗透测试阶段_什么是渗透测试？什么是渗透测试阶段？

最新推荐文章于 2023-09-19 15:33:49 发布

cunjiu9486

最新推荐文章于 2023-09-19 15:33:49 发布

阅读量440

点赞数

文章标签：网络 java python 区块链人工智能

原文链接：https://www.poftut.com/penetration-test-penetration-test-phases/

版权

渗透测试阶段

Modern days IT needs are changed according to 80’s and 90’s. In the old days just operating IT was enough for success but today’s situation it is changed. We need to secure the IT environment to in order to be successful. There are different methodologies, standard, architectures to design, plan, implement, evolve the security of the corporates. Penetration tests provide very useful input and metrics for different type of the practical security issues and vulnerabilities.

随着80年代和90年代，IT需求发生了变化。在过去，仅靠操作IT就能取得成功，但今天的情况已经改变了。为了确保成功，我们需要确保IT环境的安全。有不同的方法，标准，体系结构来设计，计划，实施，发展公司的安全性。渗透测试为不同类型的实际安全问题和漏洞提供了非常有用的输入和度量。

什么是渗透测试？ (What is Penetration Test?)

As the name suggest this type of security test is used to penetrate into systems, applications, networks, information, corporates etc. (put here whatever you want) to implement real world cyber attacks.Penetration test is know as Pentest. Penetration test may have different attributes according t different factors. We will look some of them below.

顾名思义，这种类型的安全测试用于渗透到系统，应用程序，网络，信息，公司等(在这里随便输入)以实施真实世界的网络攻击。渗透测试称为Pentest。渗透测试可以根据不同的因素具有不同的属性。我们将在下面查找其中的一些。

目标 (Aim)

Aim is very important aspect of the Penetration test. The whole penetration test attributes like type, scope, implementation, tools, report, … are selected according to the aim. As an example we may want to test our external web applications and related network infrastructure for internal and contractor related vulnerabilities. This will mainly changes the attributes of the penetration test.

目的是渗透测试非常重要的方面。根据目标选择整个渗透测试属性，例如类型，范围，实现，工具，报告等。例如，我们可能要测试我们的外部Web应用程序和相关的网络基础结构是否存在内部和承包商相关的漏洞。这将主要改变渗透测试的属性。

类型/方法 (Types/Methodologies)

There are 3 most known and used type of Penetration test.

有3种最常用和最常用的渗透测试类型。

Black Box penetration test is done where Penetration testers do not know any specific information about scope. They have very little information.
Black Box渗透测试是在渗透测试人员不知道有关范围的任何特定信息的情况下完成的。他们掌握的信息很少。
Gray Box penetration test is done with more information about scope and related IT systems. But this information is not complete as White Box.
使用有关范围和相关IT系统的更多信息来完成Gray Box渗透测试。但是，此信息不像白盒一样完整。
While Box test is done with a lot of information known by pentesters. They generally skip reconnaissance step of the penetration test
While Box测试是由渗透测试者已知的许多信息完成的。他们通常跳过渗透测试的侦察步骤

LEARN MORE How To Ping Specified Port Number?

了解更多信息如何Ping指定的端口号？

范围 (Scope)

Scope is another important aspect of the penetration test. Scope draws or sets the boundaries of the test. Scope is also important factor to decide the penetration test value. Scope is generally defined as following metrics

范围是渗透测试的另一个重要方面。范围绘制或设置测试的边界。范围也是决定渗透测试值的重要因素。范围通常定义为以下指标

IP address,
IP地址，
System counts,
系统计数
Applications interface count
应用程序接口数
Applications source code count
应用程序源代码数
Wireless SSID count
无线SSID计数
Social Engineering mail receiver count
社会工程邮件收件人数
End User System count
最终用户系统计数
…
…

实作 (Implementation)

.There are 4 steps for a penetration test. But keep in mind that penetration tests do not have very formal structure so these steps can be implemented in different times and phases

渗透测试有4个步骤。但请记住，渗透测试没有非常正式的结构，因此可以在不同的时间和阶段实施这些步骤

Reconnaissance
侦察
Thread Modelling
线程建模
Exploit
利用
Post Exploit
漏洞利用

工具类(Tools)

There are may tools to use in penetration tests but some of them very popular in hacker and penetration tester community. These tools are used to implement phases Reconnaissance, Exploit and Port Exploit. Here are some of them

在渗透测试中可能会使用一些工具，但是其中一些工具在黑客和渗透测试人员社区中非常流行。这些工具用于实施侦察，利用和端口利用阶段。这里是其中的一些

Kali
卡利
nmap
纳帕
sqlmap
sqlmap
hydra
九头蛇
metasploit
元胞
acunetix
针灸
Linux tools
Linux工具
w3af
w3af
Burp suite
打p套房

报告(Report)

A penetration test report provides useful information about the findings of penetration test. All the penetration test outcome is putted in the report. So good penetration test are expressed with good penetration test reports, if not the penetration test feasibility lowers and the gain will be less then the expected.

渗透测试报告提供有关渗透测试结果的有用信息。所有的渗透测试结果都记录在报告中。因此，良好的渗透测试将以良好的渗透测试报告来表示，如果不降低渗透测试的可行性，则收益将小于预期。

翻译自: https://www.poftut.com/penetration-test-penetration-test-phases/

渗透测试阶段

cunjiu9486

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
渗透测试阶段_什么是渗透测试？什么是渗透测试阶段？

渗透测试阶段Modern days IT needs are changed according to 80’s and 90’s. In the old days just operating IT was enough for success but today’s situation it is changed. We need to secure the IT environment to...
复制链接

扫一扫