Product section Group test two: Penetration testing

摘要

Penetration and vulnerability testing is a complex area. One might think of it in terms of layers, from straightforward, vendor-specific tools such as Microsoft's Baseline Security Analyzer (which checks for obvious misconfigura-tions and missing security patches) to sets of sophisticated tools used by experts to probe and check an organization's network infrastructure and the applications on it. Another way to think about penetration testing is as the in-depth testing of a specific software product in order to uncover vulnerabilities before general release. Penetration testing and vulnerability testing are frequently confused. Penetration testing usually refers to a specific attempt to penetrate a network from outside to gain access to files and information accordingly. It is often undertaken by a specialist and a trusted third-party agency on behalf of an organization.