June 2020
Intermediate to advanced
423 pages
7h 58m
Chinese
Content preview from Kali Linux学习手册
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
网络安全测试基础
|
53
工具时,它们可能会无法从正在测试的服务获得响应。这有可能并不是因为
服务终止。这可能是监控程序的问题,也可能是某些安全机制为了防止滥用
而关闭网络。手动验证服务来确保它已经终止是非常重要的。
报告的重要性
当你正在进行测试并且分析服务终止,请确保已经尽力记录发生故障的位置。
告知客户或雇主服务终止并没有什么帮助,因为他们不知道该如何修复它。
保持详细记录将有助于你向客户汇报情况,以便可以在服务终止时告诉他们
你正在做什么,如果他们需要能够重现问题,继而解决它。
可以使用类似
netcat
甚至
telenet
这类客户端进行手动测试。当你使用上述工
具之一连接服务端口时,将获得服务是否响应的信息提示。执行这类手工验证,
特别是如果从单独的系统完成以排除被阻止或列入黑名单,可以帮助排除误
报。最终,许多安全测试可以归结为排除由我们使用不同工具产生的误报。
监控和验证对于你向客户和雇主提供内容的有效性和操作性至关重要。请记
住,你正试图帮助他们改善安全状况,而不仅仅只是指出问题的症结所在。
网络层
正如电影《
Shrek
》中的驴子所述,层次很重要。实际上,史莱克说怪物有层次,
而驴子却说蛋糕有层次,但是史莱克将怪物比作洋葱,蛋糕要比洋葱更贴切。
另外,我仿佛又听到
Eddie Murphy
配音的驴子在说“蛋糕有很多层”。当然
除了蛋糕,这些都不是重点。蛋糕可能是重点,因为我们在讨论系统之间的
网络和通信时,通常会谈到层的概念。想象一下有一块
7
层的蛋糕,每一层
都很薄,你可能就会想到我们对网络的观察方式。另外 ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.