|
|
计算机应用研究 2010
Design and implementation of automated penetration testing system
|
Abstract:
To reduce the waste of human resources in traditional penetration testing, to shake off dependence on the professional skills of tester during the test process and improve test efficiency, shorten test cycle, and improve test results, this paper designed and implemented an automated penetration testing system based on SNMP, multi-source vulnerability database and a plug-in mechanism which was based on the NASL. The system could detect the network and device information well, vulnerability assessment, penetration attack, generate report. Then, it could automatically complete the penetration testing, not depending on the knowledge and experience of testers, significantly improved the efficiency and convenience, integrity, accuracy of penetration testing.
