June 2020
Intermediate to advanced
423 pages
7h 58m
Chinese
Content preview from Kali Linux学习手册
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
寻找漏洞
|
155
最后,你可以选择在
OpenVAS
服务器中存储报告。你可以指定要存储的数量,
以便将一个扫描结果与另一个扫描结果进行比较以演示进度。最后,所有测
试的目标,包括漏洞扫描,都是为了改善目标的安全状态。如果组织正在征
询你的建议,但是没有采取任何实际行动,那么这比不执行任何扫描更糟糕。
当你向客户提交报告时,他们会发现你已识别出的漏洞。如果他们没有对你
报告的信息做任何应对措施,那么这些信息就有可能会被用来攻击他们。
OpenVAS
报告
报告是你工作中最重要的一环。相关工作完成后,你将会编写自己的报告,
但是漏洞扫描程序提供的报告将有助于你了解从哪里开始入手。当我们开始
查看漏洞扫描程序报告时,有两件事需要注意。首先,漏洞扫描程序使用特
定签名来确定是否存在漏洞。这可能类似于抓取标题来比较版本号。你无法
确定该漏洞是否存在,因为
OpenVAS
等工具不会进行漏洞利用。其次,与之
相关的是你可能会得到某些误报。由于漏洞扫描程序未利用此漏洞,因此最
好的情况是漏洞获取的概率。
如果你没有使用凭据执行扫描,那么将错过检测很多漏洞。你也许会有更高
的误报率。误报率表示漏洞原本存在但却没有报告。这就是
OpenVAS
或任何
其他扫描器报告率不佳的原因。由于无法保证漏洞确实存在,因此你需要能
够验证此报告,以便最终报告显示需要修复的合理漏洞。
不过,这对于提供建议已经足够。让我们继续查看报告,这样我们就可以确
定什么是合理的麻烦,什么是无关紧要的。我们需要做得第一件事是在扫描
完成后返回
OpenVAS Web
界面,扫描具有大量服务的大型网络可能会非常耗 ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.