June 2020
Intermediate to advanced
423 pages
7h 58m
Chinese
Content preview from Kali Linux学习手册
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
386
第
11
章
报告
在本书的所有内容中,本章将介绍最重要的主题。虽然你可以花很多时间在
系统交互上,但是最终如果没有生成有用且可操作的报告,那么你的努力将
或多或少会白费。任何安全测试的最终目标始终是使得应用程序,系统或网
络抵御攻击的能力更强。报告的目的是用一种清晰的方式表述你的发现是什
么,以及如何补救。就像任何测试工作一样,这是一项后天的技能。发现问
题与和它们交互不同。如果你发现问题但是无法清晰地向组织描述它以及如
何对它进行修复,那么问题将无法得到解决,从而使得攻击者可以找到它并
进行漏洞利用。
生成报告的一个严重问题是确定对组织的威胁,发生该潜在威胁的可能性以
及威胁产生后对组织的影响。人们可能认为,用很多夸张的形容词来强调问
题的严重性是引起注意的好方法。这种方法的问题在于,它就像“狼来了”
那个故事中的男孩。在人们很快意识到你所评估的任何内容都不可信之前,
你只能提供这么多严重性为
0
的问题(最高优先级的事件)。如果你认真对
待信息安全问题可能会比较困难,但是在报告问题时保持客观至关重要。
对于
Kali
系统来说,除了进行测试之外,它还提供了用于记笔记,记录数据
和辅助用户整理测试结果的工具。你甚至可以在
Kali Linux
中编写报告,因
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.