摘要
为了减少传统渗透测试中人力资源投入的浪费,摆脱测试过程中对测试者专业技能的依赖,提高测试效率,缩短测试周期,完善测试结果,设计并实现了一种基于SNMP、多源漏洞库以及基于NASL插件的自动化渗透测试系统。该系统完全可以实现对被测网络及设备的信息探测、漏洞评估、渗透攻击和报告生成,可以自动完成渗透测试而不依赖于测试人员的知识经验,可以明显提高渗透测试的效率及其方便性、完整性和准确性。
To reduce the waste of human resources in traditional penetration testing,to shake off dependence on the professional skills of tester during the test process and improve test efficiency,shorten test cycle,and improve test results,this paper designed and implemented an automated penetration testing system based on SNMP,multi-source vulnerability database and a plug-in mechanism which was based on the NASL.The system could detect the network and device information well,vulnerability assessment,penetration attack,generate report.Then,it could automatically complete the penetration testing,not depending on the knowledge and experience of testers,significantly improved the efficiency and convenience,integrity,accuracy of penetration testing.
出处
《计算机应用研究》
CSCD
北大核心
2010年第4期1384-1387,共4页
Application Research of Computers
基金
国家科技支撑计划资助项目(2007BAH08B01)
