摘要
随着网络技术的快速发展,特别是近年来各种Web技术的普遍升级,信息网络所面临的威胁日趋多样化。对于网络管理者而言,渗透测试(Penetration Testing)已成为保障网络安全的重要手段和方法。Kali Linux系统被设计成用于数字取证和渗透测试的专用平台。本文参考业界正在完善的PTES标准~([1]),结合Kali Linux系统本身的功能与特色,分析了渗透测试的思路与步骤。
With the rapid development of network technology,especially the general upgrading of various Web technologies in recent years,information network is facing increasingly diverse threats.For network managers,penetration testing has become an important method to guarantee the network security.Kali Linux system is designed to be a special platform for digital evidence collection and penetration testing.This paper,drawing references from PTES Standard which is gradually being perfected,combined with the feature and function of Kali Linux system itself,analyzes the ideas and steps of the penetration testing.
引文
[1]诸葛建伟.PTES渗透测试执行标准mindmap中文版[EB/OL].[2011-7-28].http://netsec.ccert.edu.cn/hacking/2011/07/28/ptes/.
[2]谢冬青,欧家权,黄海.基于BackTrack的渗透测试方法[J].广州大学学报(自然科学版),2013(12):63.
[3]常艳,王冠.网络安全渗透测试研究[J].等级保护,2012(11):3.
[4]DavidKennedy,Jim O'Gorman,.Metasploit渗透测试指南[M].诸葛建伟.译.北京:电子工业出版社,2012:2-4.
[5]姜洋.渗透测试关键技术研究.[D].西安:西安电子科技大学,2014.
[6]安全咖啡屋.解析安全测试与渗透测试的区别[J].计算机与网络,2012(17):38.