网络安全测试是什么？

keyfon94

网络安全测试是什么？

网络安全测试也俗称“渗透测试”。这是试图通过安全地尝试系统的漏洞来评估系统的安全性。这些漏洞可能存在于操作系统，服务和应用程序缺陷，不正确的配置或有风险的最终用户行为中。此类评估对于验证防御机制的有效性以及最终用户对安全策略的遵守情况也很有用。

网络安全测试通常是使用自动化技术软件或人工技术测验来执行。一旦在特定系统上成功利用了漏洞，测试人员可能会尝试使用受损系统在其他内部资源上启动后续利用， 特别是通过逐步实现更高级别的安全许可和通过权限升级更深入地访问电子资产和信息。

有关通过渗透测试成功利用的所有安全漏洞的信息通常会汇总并呈现给IT和网络系统管理人员，以帮助这些专业人士制定战略结论并确定相关补救措施的优先顺序。渗透测试的根本目的是测量系统或最终用户妥协的可行性，并评估此类事件可能对相关资源或操作造成的任何相关后果。

A penetration test, or pen-test, is an attempt to evaluate the security of an IT infrastructure by safely trying to exploit vulnerabilities. These vulnerabilities may exist in operating systems, services and application flaws, improper configurations or risky end-user behavior. Such assessments are also useful in validating the efficacy of defensive mechanisms, as well as, end-user adherence to security policies.

Penetration tests are typically performed using manual or automated technologies to systematically compromise servers, endpoints, web applications, wireless networks, network devices, mobile devices and other potential points of exposure. Once vulnerabilities have been successfully exploited on a particular system, testers may attempt to use the compromised system to launch subsequent exploits at other internal resources – specifically by trying to incrementally achieve higher levels of security clearance and deeper access to electronic assets and information via privilege escalation.