• 欢迎访问速搜资源吧,如果在网站上找不到你需要的资源,可以在留言板上留言,管理员会尽量满足你!

【速搜问答】渗透测试是什么

问答 admin 8个月前 (04-05) 135次浏览 已收录 0个评论

汉英对照:
Chinese-English Translation:

渗透测试是模拟黑客攻击对业务系统进行安全性测试,比黑客更早发现可导致企业数据泄露、资产受损、数据被篡改等漏洞,并协助企业进行修复。

Penetration testing is to simulate hacker attacks to test the security of business systems. It can find out earlier than hackers that can lead to enterprise data leakage, asset damage, data tampering and other vulnerabilities, and help enterprises to repair them.

渗透测试是模拟黑客攻击对业务系统进行安全性测试,比黑客更早发现可导致企业数据泄露、资产受损、数据被篡改等漏洞,并协助企业进行修复。

Penetration testing is to simulate hacker attacks to test the security of business systems. It can find out earlier than hackers that can lead to enterprise data leakage, asset damage, data tampering and other vulnerabilities, and help enterprises to repair them.

渗透测试 (penetration test)并没有一个标准的定义,国外一些安全组织达成共识的通用说法是:渗透测试是通过模拟恶意黑客的攻击方法,来评估计算机网络系统安全的一种评估方法。这个过程包括对系统的任何弱点、技术缺陷或漏洞的主动分析,这个分析是从一个攻击者可能存在的位置来进行的,并且从这个位置有条件主动利用安全漏洞。

There is no standard definition of penetration test. Some foreign security organizations have reached a consensus that penetration test is an evaluation method to evaluate the security of computer network system by simulating the attack method of malicious hackers. This process includes the active analysis of any weakness, technical defect or vulnerability of the system. The analysis is carried out from the possible location of an attacker, and conditionally and actively exploit the security vulnerability from this location.

换句话来说,渗透测试是指渗透人员在不同的位置(比如从内网、从外网等位置)利用各种手段对某个特定网络进行测试,以期发现和挖掘系统中存在的漏洞,然后输出渗透测试报告,并提交给网络所有者。网络所有者根据渗透人员提供的渗透测试报告,可以清晰知晓系统中存在的安全隐患和问题。

In other words, penetration testing refers to that penetration personnel use various means to test a specific network in different locations (such as from the intranet, from the extranet, etc.) in order to find and mine the vulnerabilities in the system, and then output the penetration test report and submit it to the network owner. According to the penetration test report provided by the penetration personnel, the network owner can clearly know the security risks and problems existing in the system.

我们认为渗透测试还具有的两个显著特点是:渗透测试是一个渐进的并且逐步深入的过程。渗透测试是选择不影响业务系统正常运行的攻击方法进行的测试。

We think that penetration testing also has two remarkable characteristics: penetration testing is a gradual and gradual process. Penetration test is to choose the attack method which does not affect the normal operation of the business system.

作为网络安全防范的一种新技术,对于网络安全组织具有实际应用价值。但要找到一家合适的公司实施渗透测试并不容易。

As a new technology of network security, it has practical application value for network security organization. But it is not easy to find a suitable company to carry out penetration testing.

专业服务

professional services

渗透测试有时是作为外部审查的一部分而进行的。这种测试需要探查系统,以发现操作系统和任何网络服务,并检查这些网络服务有无漏洞。你可以用漏洞扫描器完成这些任务,但往往专业人士用的是不同的工具,而且他们比较熟悉这类替代性工具。

Penetration testing is sometimes conducted as part of an external review. This kind of testing needs to probe the system to discover the operating system and any network services, and check whether these network services are vulnerable. You can do these tasks with vulnerability scanners, but often professionals use different tools, and they are familiar with such alternative tools.

渗透测试的作用一方面在于,解释所用工具在探查过程中所得到的结果。只要手头有漏洞扫描器,谁都可以利用这种工具探查防火墙或者是网络的某些部分。但很少有人能全面地了解漏洞扫描器得到的结果,更别提另外进行测试,并证实漏洞扫描器所得报告的准确性了。

On the one hand, the function of penetration testing is to explain the results obtained by the tools used in the process of exploration. Anyone with a vulnerability scanner on hand can use this tool to detect firewalls or parts of the network. However, few people can fully understand the results obtained by vulnerability scanner, let alone test and verify the accuracy of the reports obtained by vulnerability scanner.


速搜资源网 , 版权所有丨如未注明 , 均为原创丨转载请注明原文链接:【速搜问答】渗透测试是什么
喜欢 (0)
[361009623@qq.com]
分享 (0)
发表我的评论
取消评论
表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址