信息安全是什么?
• Information Security is the collective set of policies, standards, Technology and procedures that limits or controls
access to, and use of, information to only those that are authorized 信息安全由一套政策、标准和技术组成;限制信息只被授权者使用
• It is the protection of all information, regardless of format (electronic, paper-based, etc.), from unauthorized disclosure, modification or use信息安全是要保护信息不被非法泄漏、更改或使用, 而不论其所存在的介质(电子的、纸质的…)
• Information Security ensures:
- Confidentiality 机密性
• Limit access to authorized individuals
- Integrity 完整性、准确性
• Ensure that information is accurate and correct and has not been subtly changed or tampered with by an unauthorized party
- Availability 可用性
• Systems and processes are accessible to customers and the business when needed
二、渗透测试总体情况
WEB 漏洞汇总
高危漏洞 | 5 | 存储型跨站脚本攻击 |
1 | 布尔型SQL注入 | |
2 | 垂直越权访问 | |
3 | 未授权访问 | |
1 | 邮箱轰炸漏洞 | |
1 | 任意邮件账号发送 | |
中危漏洞 | 11 | 反射型跨站脚本攻击 |
2 | 用户名枚举 | |