摘要
渗透测试能够对目标网络系统的安全进行评估,有效地预防网络攻击,保护目标系统。传统的渗透测试过程依赖专业人员的背景知识,人力和时间开销大。自动化测试通过对目标网络的自动分析,发现并验证其潜在的脆弱性,极大地降低了人工参与的程度。当前的自动化测试主要依赖自动化渗透工具和自动化渗透框架,主流的自动渗透测试工具和框架的实现逻辑各不相同。针对各种渗透工具,论述了多种框架的实现功能和实现逻辑,对比了传统渗透测试和自动化渗透测试的差别,并对渗透测试的发展和未来进行总结和展望。
Penetration testing can evaluate the security of the target network system,effectively prevent network attacks,and protect the target system.The traditional penetration testing process relies on the background knowledge of professionals,which is costly in manpower and time.Automated testing discovers and verifies the potential vulnerabilities through automatic analysis of the target network,greatly reducing the degree of manual involvement.The current automated testing mainly relies on automated penetration tools and automated penetration frameworks,and the implementation logic of mainstream automated penetration testing tools and frameworks varies.For various penetration tools,the implementation functions and implementation logic of various frameworks are discussed,the differences between traditional penetration testing and automated penetration testing are compared,and the development and future of penetration testing are summarized and prospected.
作者
杨飞
周晗
曹京卫
赵通
吴涛
Yang Fei;Zhou Han;Cao Jingwei;Zhao Tong;Wu Tao(China Information Technology Designing&Consulting Institute Co.,Ltd.,Beijing 100048,China;Anhui University of Science and Technology,Hefei 230041,China;China United Network Communications Group Co.,Ltd.,Beijing 100033,China)
出处
《邮电设计技术》
2022年第9期5-8,共4页
Designing Techniques of Posts and Telecommunications
关键词
渗透测试
自动化渗透测试
渗透测试工具
Penetration testing
Automatic penetration testing
Penetration testing tools
