Update nexus: fix conflicts and sync local changes
This commit is contained in:
Shen Wei
@@ -1,81 +1,81 @@
|
||||
# Penetration Testing
|
||||
|
||||
## Definition
|
||||
Penetration testing (pen testing) is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system.
|
||||
|
||||
## Aliases
|
||||
- Pen Testing
|
||||
- Ethical Hacking
|
||||
- Security Testing
|
||||
|
||||
## Concept
|
||||
渗透测试是授权的模拟网络攻击,用于评估系统的安全性。
|
||||
|
||||
## Types
|
||||
|
||||
### By Scope
|
||||
- **Black Box**:测试人员不了解目标内部结构
|
||||
- **White Box**:测试人员完全了解系统
|
||||
- **Grey Box**:部分了解系统信息
|
||||
|
||||
### By Target
|
||||
- Network Penetration Testing
|
||||
- Web Application Penetration Testing
|
||||
- Mobile Application Testing
|
||||
- Social Engineering
|
||||
- Physical Security Testing
|
||||
|
||||
## Methodology
|
||||
|
||||
### PTES (Penetration Testing Execution Standard)
|
||||
1. Pre-Engagement Interactions
|
||||
2. Intelligence Gathering
|
||||
3. Threat Modeling
|
||||
4. Vulnerability Analysis
|
||||
5. Exploitation
|
||||
6. Post-Exploitation
|
||||
7. Reporting
|
||||
|
||||
### OWASP Testing Guide
|
||||
- 信息收集
|
||||
- 配置和部署管理测试
|
||||
- 身份管理测试
|
||||
- 认证测试
|
||||
- 授权测试
|
||||
- 会话管理测试
|
||||
- 输入验证测试
|
||||
- 错误处理测试
|
||||
- 密码学测试
|
||||
- 业务逻辑测试
|
||||
- 客户端测试
|
||||
|
||||
## Tools
|
||||
- Metasploit — 渗透测试框架
|
||||
- Burp Suite — Web 应用测试
|
||||
- Nmap — 网络扫描
|
||||
- Wireshark — 网络协议分析
|
||||
- SQLmap — SQL 注入测试
|
||||
- Kali Linux — 渗透测试操作系统
|
||||
|
||||
## Integration with DevSecOps
|
||||
|
||||
### Continuous Pen Testing
|
||||
- 定期执行
|
||||
- 自动化工具集成
|
||||
- 关键时间点测试
|
||||
|
||||
### Red Team Operations
|
||||
- 模拟真实攻击
|
||||
- 全面评估防御能力
|
||||
- 团队对抗演练
|
||||
|
||||
## Related Concepts
|
||||
- [[DevSecOps]] — 渗透测试是安全评估的重要组成
|
||||
- [[Bug-Bounty]] — 持续外部安全测试
|
||||
- [[Vulnerability-Scanning]] — 自动化漏洞发现
|
||||
- [[DAST]] — 动态应用安全测试
|
||||
- [[Threat-Modeling]] — 威胁建模
|
||||
- [[Incident-Response]] — 事件响应
|
||||
|
||||
## Sources
|
||||
- [[what-is-devsecops-best-practices-benefits-and-tools]]
|
||||
# Penetration Testing
|
||||
|
||||
## Definition
|
||||
Penetration testing (pen testing) is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system.
|
||||
|
||||
## Aliases
|
||||
- Pen Testing
|
||||
- Ethical Hacking
|
||||
- Security Testing
|
||||
|
||||
## Concept
|
||||
渗透测试是授权的模拟网络攻击,用于评估系统的安全性。
|
||||
|
||||
## Types
|
||||
|
||||
### By Scope
|
||||
- **Black Box**:测试人员不了解目标内部结构
|
||||
- **White Box**:测试人员完全了解系统
|
||||
- **Grey Box**:部分了解系统信息
|
||||
|
||||
### By Target
|
||||
- Network Penetration Testing
|
||||
- Web Application Penetration Testing
|
||||
- Mobile Application Testing
|
||||
- Social Engineering
|
||||
- Physical Security Testing
|
||||
|
||||
## Methodology
|
||||
|
||||
### PTES (Penetration Testing Execution Standard)
|
||||
1. Pre-Engagement Interactions
|
||||
2. Intelligence Gathering
|
||||
3. Threat Modeling
|
||||
4. Vulnerability Analysis
|
||||
5. Exploitation
|
||||
6. Post-Exploitation
|
||||
7. Reporting
|
||||
|
||||
### OWASP Testing Guide
|
||||
- 信息收集
|
||||
- 配置和部署管理测试
|
||||
- 身份管理测试
|
||||
- 认证测试
|
||||
- 授权测试
|
||||
- 会话管理测试
|
||||
- 输入验证测试
|
||||
- 错误处理测试
|
||||
- 密码学测试
|
||||
- 业务逻辑测试
|
||||
- 客户端测试
|
||||
|
||||
## Tools
|
||||
- Metasploit — 渗透测试框架
|
||||
- Burp Suite — Web 应用测试
|
||||
- Nmap — 网络扫描
|
||||
- Wireshark — 网络协议分析
|
||||
- SQLmap — SQL 注入测试
|
||||
- Kali Linux — 渗透测试操作系统
|
||||
|
||||
## Integration with DevSecOps
|
||||
|
||||
### Continuous Pen Testing
|
||||
- 定期执行
|
||||
- 自动化工具集成
|
||||
- 关键时间点测试
|
||||
|
||||
### Red Team Operations
|
||||
- 模拟真实攻击
|
||||
- 全面评估防御能力
|
||||
- 团队对抗演练
|
||||
|
||||
## Related Concepts
|
||||
- [[DevSecOps]] — 渗透测试是安全评估的重要组成
|
||||
- [[Bug-Bounty]] — 持续外部安全测试
|
||||
- [[Vulnerability-Scanning]] — 自动化漏洞发现
|
||||
- [[DAST]] — 动态应用安全测试
|
||||
- [[Threat-Modeling]] — 威胁建模
|
||||
- [[Incident-Response]] — 事件响应
|
||||
|
||||
## Sources
|
||||
- [[what-is-devsecops-best-practices-benefits-and-tools]]
|
||||
|
||||
Reference in New Issue
Block a user