渗透测试 - 简介 OS

admin 2019-8-14 120

什么是渗透测试?

渗透测试是一种安全测试,用于测试应用程序的不安全性。进行此操作是为了找出系统中可能存在的安全风险。

如果系统不受保护,则任何攻击者都可以中断或获取对该系统的授权访问权限。安全风险通常是在开发和实施软件时发生的意外错误。例如,配置错误,设计错误和软件错误等。

为什么需要渗透测试?

渗透测试通常评估系统保护其网络,应用程序,端点和用户免受外部或内部威胁的能力。它还尝试保护安全控制并确保仅授权访问。

渗透测试至关重要,因为 -

  • 它确定了一个模拟环境,即入侵者如何通过白帽攻击攻击系统

  • 它有助于找到入侵者可以攻击的弱区域,以获取对计算机功能和数据的访问权限。

  • 它支持避免黑帽攻击并保护原始数据。

  • 它估计了对潜在业务的攻击程度。

  • 它提供了证据,表明为什么增加对技术安全方面的投资很重要

何时进行渗透测试?

渗透测试是一项必不可少的功能,需要定期执行以确保系统的正常运行。除此之外,它应该在任何时候执行 -

  • 安全系统发现攻击者的新威胁。
  • 您添加了新的网络基础结构。
  • 您更新系统或安装新软件。
  • 你搬迁你的办公室。
  • 您设置了新的最终用户计划/策略。

渗透测试如何有益?

渗透测试具有以下优点 -

  • 增强管理系统 - 它提供有关安全威胁的详细信息。除此之外,它还对漏洞的程度进行了分类,并建议您,哪一个更容易受到攻击,哪个更容易受到攻击。因此,您可以通过相应地分配安全资源,轻松准确地管理您的安全系统。

  • 避免罚款 - 渗透测试可以使您组织的主要活动更新并符合审核系统。因此,渗透测试可以保护您免受罚款。

  • 防止财务损失 - 简单地破坏安全系统可能会造成数百万美元的损失。渗透测试可以保护您的组织免受此类损害。

  • 客户保护 - 即使是单个客户的数据泄露也可能导致巨大的财务损失以及声誉受损。它保护与客户打交道并保持数据完整的组织。

原文:

What is Penetration Testing?

Penetration testing is a type of security testing that is used to test the insecurity of an application. It is conducted to find the security risk which might be present in the system.

If a system is not secured, then any attacker can disrupt or take authorized access to that system. Security risk is normally an accidental error that occurs while developing and implementing the software. For example, configuration errors, design errors, and software bugs, etc.

Why is Penetration Testing Required?

Penetration testing normally evaluates a system’s ability to protect its networks, applications, endpoints and users from external or internal threats. It also attempts to protect the security controls and ensures only authorized access.

Penetration testing is essential because −

  • It identifies a simulation environment i.e., how an intruder may attack the system through white hat attack.

  • It helps to find weak areas where an intruder can attack to gain access to the computer’s features and data.

  • It supports to avoid black hat attack and protects the original data.

  • It estimates the magnitude of the attack on potential business.

  • It provides evidence to suggest, why it is important to increase investments in security aspect of technology

When to Perform Penetration Testing?

Penetration testing is an essential feature that needs to be performed regularly for securing the functioning of a system. In addition to this, it should be performed whenever −

  • Security system discovers new threats by attackers.
  • You add a new network infrastructure.
  • You update your system or install new software.
  • You relocate your office.
  • You set up a new end-user program/policy.

How is Penetration Testing Beneficial?

Penetration testing offers the following benefits −

  • Enhancement of the Management System − It provides detailed information about the security threats. In addition to this, it also categorizes the degree of vulnerabilities and suggests you, which one is more vulnerable and which one is less. So, you can easily and accurately manage your security system by allocating the security resources accordingly.

  • Avoid Fines − Penetration testing keeps your organization’s major activities updated and complies with the auditing system. So, penetration testing protects you from giving fines.

  • Protection from Financial Damage − A simple breach of security system may cause millions of dollars of damage. Penetration testing can protect your organization from such damages.

  • Customer Protection − Breach of even a single customer’s data may cause big financial damage as well as reputation damage. It protects the organizations who deal with the customers and keep their data intact.



少客联盟- 版权声明 1、本主题所有言论和图片纯属会员个人意见,与少客联盟立场无关。
2、本站所有主题由该帖子作者发表,该帖子作者admin少客联盟享有帖子相关版权。
3、少客联盟管理员和版主有权不事先通知发贴者而删除本文。
4、其他单位或个人使用、转载或引用本文时必须同时征得该帖子作者admin少客联盟的同意。
5、帖子作者须承担一切因本文发表而直接或间接导致的民事或刑事法律责任。
6、本帖部分内容转载自其它媒体,但并不代表本站赞同其观点和对其真实性负责。
7、如本帖侵犯到任何版权问题,请立即告知本站,本站将及时予与删除并致以最深的歉意。
8、官方反馈邮箱:chinasuc@chinasuc.cn


上一篇:Web安全:文件包含漏洞
下一篇:通过本地文件包含(LFI)攻击XAMPP Web服务器
Whatever is worth doing is worth doing well. juvenile hacker league
最新回复 (0)
    • 少客联盟
      2
        登录 注册 QQ登录(停用)
返回