I think the technology manager make a mistake on concept of "pentest". you can find below I describe .
pentest(penetrating test)
The job:
现在有这样一个兼职赚钱机会:
坐在家里,(经授权后)远程访问客户的网络资源,对其安全性进行测试;找出安全bug,并提出修补建议;最后写成一个《安全评估报告》给客户。
活是case by case, 报酬一活一结,十分优厚!
既能在家赚钱,又能提高自己的实用技术。
基本要求如下:
About the hacker testing (PenTest) requirement as follows,
1) Make a connection to services running on the public computer (the node address will be given once the service contract is established);
2) Gain unauthorised access to routers and other networking devices located behind the firewall (details can be provided at a later stage) by using system scanners, remote exploits and any common hackers techniques;
3) Probe the vulnerabilities of the firewall or of other networking devices (details to be provided) located behind the firewall.
4) Probe the vulnerabilities of the web servers including their web applications. The processes of transaction slips and Electronic Fund Transfer must be studied in detail.
5) Get packets through the firewall and into computers located behind the firewall; and
6) Determine the structure of the network(s) located behind the firewall.
M
also ,the above descriptions demands you to use many hacker ways to attack a host. never give the privilege if you do pentest.
A paper from my lab .
The Database Security Detection System we designed is based on this objective. The system consists of two important modules, so-called Authorization Test and Penetration Test. Penetration test is detection aimed at finding out vulnerabilities and improper configuration of DBMS with no privilege or low privilege, including Dictionary Attack Test, Buffer Overflow Attack Test, Deny-of-Service Attack Test.
pentest(penetrating test)
The job:
现在有这样一个兼职赚钱机会:
坐在家里,(经授权后)远程访问客户的网络资源,对其安全性进行测试;找出安全bug,并提出修补建议;最后写成一个《安全评估报告》给客户。
活是case by case, 报酬一活一结,十分优厚!
既能在家赚钱,又能提高自己的实用技术。
基本要求如下:
About the hacker testing (PenTest) requirement as follows,
1) Make a connection to services running on the public computer (the node address will be given once the service contract is established);
2) Gain unauthorised access to routers and other networking devices located behind the firewall (details can be provided at a later stage) by using system scanners, remote exploits and any common hackers techniques;
3) Probe the vulnerabilities of the firewall or of other networking devices (details to be provided) located behind the firewall.
4) Probe the vulnerabilities of the web servers including their web applications. The processes of transaction slips and Electronic Fund Transfer must be studied in detail.
5) Get packets through the firewall and into computers located behind the firewall; and
6) Determine the structure of the network(s) located behind the firewall.
M
also ,the above descriptions demands you to use many hacker ways to attack a host. never give the privilege if you do pentest.
A paper from my lab .
The Database Security Detection System we designed is based on this objective. The system consists of two important modules, so-called Authorization Test and Penetration Test. Penetration test is detection aimed at finding out vulnerabilities and improper configuration of DBMS with no privilege or low privilege, including Dictionary Attack Test, Buffer Overflow Attack Test, Deny-of-Service Attack Test.