This procedure is the final step that should be made from the second step, since the results that speak from the times and delicate than making Vulnerability. Assessment principle of doing Pen-Test or to try to penetrate the system similar to the drilling system of virus.(Ethical Simulated Hacking) make the administrator's awareness of the protection system of himself, because the examiner can reach and other important information. In the system by the examiner. No Username or Password. Relying on pure skill drilling systemDrilling system is divided into clause as follows:
.
a. Black-Box Penetration Testing
.Mean drilling system without information system before, only know the position of the target, such as URL or IP Address of Web site. Penetration Tester have demonstrated the ability to hack into by may be Double Blind Testing.To check the availability of The administrator that is prepared to all forms of attack at any time or
.
B. White-Box Penetration Testing
.Mean drilling system from the inside of the organization, such as from the system LAN inside, etc., to simulate the situation of the virus or worm that may spread in the organization. Or simulation that an intruder from inside the organization as well.The results more clearly. Because the drilling system from the inside is easier than drilling system from the outside network
.
.Currently, the bank (Bank of Thailand) has announced that High Risk Services banks everywhere (such as Internet. Banking) to do. "Penetration Testing." first, service system to the general user to prove the level of security that standard.OWASP Web Application Security Standard etc., that steps to check the 3 steps is an audit system. External information system is popular used the internal information system auditor has its applications as well.Making Vulnerability Assessment that can be achieved by the information system inside, usually do Vulnerability guidelines. Assessment should change the way a Vulnerability Management by finding Vulnerability Management Solution instead of making Vulnerability. Assessment because.Management can detect the system throughout the 24 hours instead of inspectors and for making Pen-test within recommended that create External IT, Auditor chargers To be better, because if.
การแปล กรุณารอสักครู่..