Security Testing 简明教程
Security Testing - Process
安全性测试可以看作对系统的一次受控攻击,它以真实的方式揭示安全漏洞。其目标是评估 IT 系统的当前状态。它也被称为 penetration test 或更通俗地称为 ethical hacking 。
Security testing can be seen as a controlled attack on the system, which uncovers security flaws in a realistic way. Its goal is to evaluate the current status of an IT system. It is also known as penetration test or more popularly as ethical hacking.
渗透测试分阶段进行,在本节中,我们将讨论整个过程。每个阶段都应进行适当的文档记录,以便随时获得重现攻击所需的所有步骤。文档记录还可作为客户在渗透测试结束后收到的详细报告的基础。
Penetration test is done in phases and here in this chapter, we will discuss the complete process. Proper documentation should be done in each phase so that all the steps necessary to reproduce the attack are available readily. The documentation also serves as the basis for the detailed report customers receive at the end of a penetration test.
