June 2020
Intermediate to advanced
423 pages
7h 58m
Chinese
Content preview from Kali Linux学习手册
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
392
|
第
11
章
记住,你撰写报告的目标不是吓唬任何人。指出世界末日来了并非你的工作。
客观公正而不是哗众取宠。如果你说到点子上,并依靠事实为你说话,那么
会走得更远。始终牢记,你之前也已经听过,你的目标是帮助改进参与测试
的应用程序,系统或网络。你希望增加它们的安全性,使其更难被入侵。
方法论
方法论是对已执行测试的高度概括。你可以声明自己进行了侦查,漏洞测试,
漏洞利用测试和结果验证。同时还可以指出执行测试所采取的步骤。你无需
详细介绍包含特定步骤的任何测试计划。保持高度概括即可。如果你提供了
一种方法论,那么就需要明确表示拥有一套流程,并且不仅仅是随机测试。
定义流程意味着你可以重现测试结果。这很重要。如果你无法重现测试结果,
则需要考虑是否该撰写与之有关的报告。同样,你的目标是提供可以并且也
应该修复的问题。如果不能重现问题,那么也谈不上修复它。
汇报自己的方法论时,介绍使用过的相关工具会有所帮助。这有几个原因。
有些人在这方面可能会有一些狭隘,因为他们觉得可能会因此而泄漏商业秘
密。实际上大家都在使用这些工具。告诉客户或雇主你正在使用的工具并不
会对自己有什么负面影响。其中有些是普通的商业软件,有一些是常见的开
源工具。实际情况是,工具集并没有什么奇特的地方,神奇之处在于你如何
使用这些工具,解释结果,验证结果,以及确定风险,然后提供补救建议。
测试结果
毫无疑问,“调查结果”部分是报告的重点。有很多方法可以格式化此部分,
你可以向其中添加各种细节信息。但是要考虑的一件事情是构建它们的方式。
有无数种方法来组织你的调查结果, ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.