current position：Home>Penetration test: see how "moral hackers" conduct simulated attacks
Penetration test: see how "moral hackers" conduct simulated attacks
2022-02-03 00:41:22 【Code stay up late to knock】
Penetration testing means that security professionals with the permission of the system owner , The process of simulating an attack on a network or computer system to evaluate its security . however , Even though it is “ simulation ” attack , But penetration testers will also use all the tools and technologies of attackers in the real world on the target system , It's just that they don't use the loopholes they find or the information they get for profit , Instead, report the results to the owner , To help it improve system security .
Because penetration testers follow the same attack strategy as malicious hackers , So they are sometimes called “ Moral hackers ” or “ White hat hacker ”. Penetration testing can be performed by teams or independent hackers , They may be internal employees of the target company , It may also work independently or for a security company that provides professional penetration testing services .
In a broad sense , Penetration testing works in exactly the same way as really trying to destroy organizational systems . The penetration tester first checks and identifies the hosts associated with the target organization 、 Port and network services . And then , They will study potential vulnerabilities in this attack surface , This step requires a deeper understanding of the target system 、 More detailed detection . Last , They will try to break through the boundaries of their targets and access protected data or control their systems .
Of course , The details of penetration testing and real-world attacks can be very different . But it should be noted that , The tester must agree in advance with the target organization on the exact type of test to be carried out and the scope of the simulated attack , In order to avoid uncontrollable damage to the user system .
Type of penetration test
Application security company Contrast Security The penetration test types are divided into the following categories ：
External penetration test . In this way , The penetration test team will evaluate the target network infrastructure from a remote location , They don't have any information about the internal topology of the target network , Completely simulate the external attackers in the real network environment , Adopt popular attack technologies and tools , Organized 、 Gradually infiltrate and invade the target organization step by step , Reveal some known or unknown security vulnerabilities in the target network , And assess whether these vulnerabilities can be exploited to gain control or cause loss of business assets .
Internal penetration test . The team conducting internal testing will be able to learn all the internal and underlying knowledge about the target environment , Therefore, the penetration tester can find and verify the more serious security vulnerabilities in the system at the least cost . Internal tests revealed disgruntled employees 、 How do malicious contractors or cross-border super hackers invade the system .
Blind measurement （blind test）. Blind test simulates the attack from the attacker “ real ” attack . The penetration tester will not receive any information about the organization's network or system , This forces them to rely on publicly available information or information collected by their own skills .
“ Double blind ” test （double-blind test）. The double-blind test also simulates the real attack of the target organization , But in this type of test ,IT And security personnel are unaware of the fact that penetration testing is being carried out , To ensure the real security situation of the testing company .
Targeted testing . Targeted testing , Sometimes it's also called “ Light on test ”, Refers to the of penetration testers and target organizations IT People simulate in specific scenarios that focus on specific aspects of the network infrastructure “ Confrontation game ”. Targeted testing usually requires less time or effort than other options , However, it cannot provide a complete view of the system security situation .
Penetration test steps
Although different types of penetration tests have their own uniqueness , But the penetration test developed by industry experts implements the standard （PTES） Summarizes the seven main steps involved in most penetration testing scenarios ：
Pre action negotiation ： The scope and objectives of any penetration test should be determined in advance by the tester and the target organization , It is best to determine in writing .
Intelligence gathering ： The tester should first scout the target to collect as much information as possible , This process may include gathering open source intelligence or publicly available information about the target organization .
Threat modeling ： At this stage , Penetration testers should model the capabilities and motivations of potential real attackers , And try to determine which targets in the target organization may attract the attention of attackers .
Vulnerability analysis ： When conducting formal penetration test , This may be the core of most people's thinking , That is, analyze whether there are security vulnerabilities in the infrastructure of the target organization that allow hackers to invade .
Exploit ： At this stage , Penetration testers use the vulnerabilities they find to enter the target organization's system , And steal data . The goal of this step is not just to break through their borders , Instead, bypass active defense measures and stay undetected for as long as possible .
Post exploit ： In this phase , The penetration tester will try to maintain control of the damaged system , And determine their value . For the relationship between penetration testers and their customers , This can be a particularly delicate stage . At this stage , Here's the important thing , The first stage “ Pre action negotiation ” Generate a well-defined set of basic rules , To protect customers and ensure that critical services are not adversely affected by testing .
The report ： Last , The tester must provide the customer with a comprehensive and detailed report on risks and vulnerabilities . In the process , The communication skills needed to clearly convey this information are undoubtedly more important .
The world's leading penetration testing company
Penetration testing is a professional field in the technology industry , So far, integration has been resisted . let me put it another way , Many companies offer penetration testing services , Some of them are part of a larger product suite , Others specialize in ethical hacking . Let's introduce 5 A mainstream penetration testing company ：
a1qa Is a software testing company from Lakewood, Colorado , In its 17 In operation in , It has been delivered 1,500 Several successful projects and established 10 A center of excellence . It has been associated with 500 Many companies have established cooperation , From small businesses to wealth 500 Strong giant . The company's main customers include Adidas 、 Kaspersky Laboratory 、SAP、Yandex、Forex Club etc. .
a1qa Dedicated to the full cycle QA And test services , Including comprehensive safety penetration testing . Its expertise includes testing portals 、 Electronic Commerce 、 Media and e-learning platforms 、 Online applications such as games and online casinos , And line of business testing , for example CRM 、 Collaboration 、 Document management and financial system . The company also operates a special safety testing laboratory .
2. QA Mentor
2010 Founded in New York in QA Mentor Has successfully established a strong global influence , It has... All over the world 12 A test center . Its team consists of 300 A certified QA Composition of professionals , They succeeded in 870 Multiple projects , Including Amazon 、eBay、 Bosch 、HTC Projects such as . The company offers 30 Multiple testing services , This includes network security penetration testing .
QA Mentor stay Clutch、GoodFirms and Gartner And other research institutions , At present, they are all in the quadrant of industry leaders .
UnderDefense Is a certified computer and network security company , On 2016 Founded in New York in . It provides a wide range of testing services , Special focus on safety penetration testing . The company has conducted hundreds of penetration tests , Include specific compliance tests 、 Application and wireless network penetration testing and social engineering security testing .UnderDefense I have been awarded many times Clutch The award for .
Iflexion Founded on 1999 year , Is a full cycle software development company . Now , The company has developed into a company with 850 A number of IT Professional enterprises . Its expertise covers a wide range of services from application development to testing .Iflexion Has worked with... From different industries 500 Many companies have established cooperation , Include PayPal、 philips 、 Adidas 、eBay、 Xerox 、Expedia、 KPMG et al .
KiwiQA Founded on 2009 year , Is an international quality assurance and consulting company , Have more than 100 A team of professionals , It has been delivered 2,000 Multiple projects . Their software testing expertise covers Automation 、 Manual and innovative testing techniques . The company's security tests include ethical hacking 、 Network security penetration testing and vulnerability audit .KiwiQA By GoodFirms and Clutch named “ Top testing companies ”.
Penetration testing prospects
The fact proved that , Penetration testers are in great demand , And these jobs are not just in independent security companies , Large technology companies like Microsoft also have complete internal penetration testing teams .
From North Carolina State University IT The occupational sector survey found that , only 2020 Years have 16,000 There is a job gap . however , It should be noted that , The career trajectory of penetration testing and vulnerability analysts has many common skills , But vulnerability analysts focus on identifying security vulnerabilities in applications and systems during development or before deployment , Penetration testers detect active systems .
Like many highly demanding technical safety positions , Penetration testers can get a good salary .Infosec Institute A good overview of compensation and positions in various regions of the United States ： Overall speaking , Most penetration testers expect a higher salary . This is obviously a job with great potential 、 Also very interesting work .
Penetration testing training and certification
The ethical hacking industry was founded by once unethical hackers , They are looking for a way to mainstream and legal ways , Let them use their skills to make money . As in many technical fields , The first generation of penetration testers were mainly self-taught . Although there are still people who develop skills in this way , But penetration testing has now become computer science or IT A common topic in college and online courses , Many hiring managers evaluate candidates , They will also want to have some formal training .
One of the best ways to prove that you've been developing penetration testing skills , Is to obtain some widely accepted certification in this field . The licensed training courses attached to these certificates are a good way to acquire or strengthen relevant skills ：
EC-Council Certified Ethical hackers (CEH) And a licensed Penetration Tester (Master) (LPT);
IACRB Certified Penetration Tester (CPT)、 Certified Expert Penetration Tester (CEPT)、 Mobile and mobile authentication Web Application Penetration Tester (CMWAPT) And certified red team operations experts (CRTOP);
CompTIA Of PenTest+ ;
GIAC Penetration tester (GPEN) And vulnerability exploitation researchers and senior penetration testers (GXPN);
Offensive Security Certified experts 、 Wireless experts and senior penetration testers .
author[Code stay up late to knock],Please bring the original link to reprint, thank you.
The sidebar is recommended
- Tencent's 9 apps are gradually restored and updated: including QQ music, enterprise wechat, etc
- Release of anti food waste work plan: it is forbidden to produce audio and video such as eating mostly and overeating
- [Jieju] many countries secretly help Taiwan build submarines? No one dares to admit it
- A fire in a building in Osaka, Japan, has caused 27 people's lung function to stop
- Pingdingshan youth help! Official latest response
- Why did Shanghai's "wanghong" community stop selling from "10000 people grabbing"?
- Gaode map Lane level navigation adaptation oppo find n folding screen mobile phone
- Rivian's share price fell more than 11% after announcing its first financial report
- Suddenly lost contact! What kind of "Waterloo" has Wang Chaoyong, a 10 billion PE boss, experienced
- Alpha's smart city project was merged into Google's project, and the founder and CEO resigned
guess what you like
See unreasonable pressure again! The US Treasury will list eight Chinese science and technology enterprises in the "investment blacklist"
Autonomous vehicles hit pedestrians! Waymo clarified that the driver was driving manually
Reddit submitted an IPO application with a valuation of more than US $15 billion
The biggest acquisition in Oracle's history! It is said that it plans to buy Senna for us $30 billion
According to the industry chain news, Samsung has obtained the OEM order of Italian French semiconductor MCU for the next generation iPhone
US regulators investigate "buy before pay" service providers
Sources said that Facebook's acquisition of kustomer was approved by the European Union
Google joins hands with well-known female video creators to send her blessings
Openai taught gpt-3 how to surf the Internet, and the AI model of "omniscient and omnipotent" was launched
Shangtang is expected to restart its IPO next Monday, maintaining its target of $767 million
- This company makes AI technology and focuses on "people"
- AI's prediction of protein structure has reached the annual technological breakthrough of science and nature, and AI for science has infinite potential
- The Institute of automation of the Chinese Academy of Sciences and the Northern Institute of electronic equipment have proposed a multi input text face synthesis method, and the data code has been open source
- PKS "tens of thousands" ecological cooperation action plan will be released in late December
- Netease Ding Lei: the discussion and continuous exploration of the unknown world is the best moral character of mankind
- Micro step online selected in Gartner 2021 Global Threat Intelligence Market Guide
- Foreign media said that Japan had invited TSMC to invest and build a factory in 2019, but it was rejected
- Make a fortune in silence! This year, the share prices of these overseas upstream manufacturers far outperformed Tesla
- Why does Tesla stick to the pure visual route?
- Just a happy day! U.S. stock technology giants fell across the board, and they still can't escape the tightening storm of the federal reserve after all?
- Oracle plans to acquire Cerner, an electronic medical information company
- Can the mobile phone be used for a week without charging? Samsung and IBM launch new chip transistor
- Douban's recovery function was restored. It was suspended two weeks ago
- Rivian announced its first financial report after listing: a net loss of $1.233 billion in the third quarter, expanding year-on-year
- Cha Yan Yuese apologized for the salary dispute: managers will reflect and correct their misconduct and dereliction of duty
- India plans to spend $10 billion to attract semiconductor and display manufacturers
- Hungry? Upgrade the knight support system and improve the knight experience from five dimensions
- New value of quark app link from retrieval to ecological service
- US court approves US $460 million debt restructuring plan of Ruixing coffee
- Where is the next boundary of cloud services? Amazon cloud technology has sent cloud services into space
- CEO of cruise, GM's autonomous driving subsidiary, resigned
- Tearful eyes! Liu Yutan, thank you for coming
- Bona film applies for the trademark of shuimenqiao of Changjin Lake
- Convenience bee is accused of secretly photographing hundreds of thousands of pedestrian data
- Wangsu technology won the "China Patent Excellence Award"
- Tea Yan Yuese is exposed to salary civil strife, and the monthly salary of employees does not exceed 3000
- The divorce of the couple who are the actual controllers of saiteng shares involves the division of property of 3 billion yuan. The enterprise investigation shows that the profit in the first three quarters exceeded 100 million yuan
- The board of directors of Lianhua electronics approved US $2.7 billion in capital expenditure for the purchase of new equipment
- There are more than 570 companies in chayan Yuese commercial territory
- Join hands with Zeiss and other partners vivo 2021 vision + to convey "the joy of humanity" with images
- Enterprise investigation shows that China Post has added education consulting services to its business scope
- Nezha automobile will hold "New Year's tide play" on December 22
- one's fundamental views get totally twisted! Shanghai Baoma group's highly sought after "Disney celebrities" are sad at home
- Fairy's Thoughts on Friday (in memory of 2021)
- Hard core watch 488 Google called the NSO Pegasus vulnerability "the most technically complex vulnerability ever"
- Hungry? The application for the trademark of hungry meow was rejected
- He is only one meter tall, but he guards the health of more than 2000 people
- Shell once again responded to the muddy water short report: there are a lot of factual errors and lack of basic understanding of the industry
- Hikvision "supports", and the smart home ecology of fluorite network still needs to grow
- The second Ruixing coffee? Is it tenable for muddy water to short shells