| Attack & Penetration Testing |
2009-10-16 ,点击:0 |
The Attack and Penetration Test (“Attack and Pen”) is a term coined at the outset of Internet defense assessment. The purpose of this method is to discover vulnerabilities, then exploit them in order to infiltrate IT assets. Slang naming variants include “Take the Flag”, which reflects a common metric for success; that is, to plant a foreign file onto a system, or to harvest an existing file, to be used as proof of the break and enter. There are several characteristics of the Attack and Pen that have caused it disfavor:
•It is time-intensive and involves iterative processes of discovery and exploit attempts. This time factor translates into high cost;
•The method is intended, by definition, to break systems; it may crash or corrupt systems and stored data;
•The Attack and Penetration offers little addition value over highly evolved vulnerability assessment methodologies, which pose little or no risk
The term “Attack and Penetration” has stuck, to the extent that it has become a misused name for the more conservative vulnerability assessment.
Vulnerability Assessment
The Security Posture Assessment, or SPA, is the standardized WhiteHat vehicle for security and privacy investigations and vulnerability assessments. It serves as a framework within which to build a list of tasks, testing and analysis to meet the requirements of our clients.
Our lengthy experience has demonstrated that every client and every engagement is different. Therefore, we have a wealth of standardized modules to populate the framework, each engagement is different, and therefore, customized.
|
|
|
|
| 【打印】【关闭】 |
|
