Açıklaması şöyle
Penetration testing is a kind of Non-functional test which intends to make official attempts to breach the system’s security. It is also called a Pen Test or Pen Testing and the QA engineer or tester who performs this testing is considered as a pen tester aka ethical hacker.
Eğer dış kaynak bir Penetration Test yapan şirket kullanılıyorsa bir NDA imzalamak gerekir. Açıklaması şöyle.
Penetration testers operate under a Non-Disclosure Agreement, which is the legal equivalent of "keep your mouth shut about anything you see here". Non-Disclosure Agreements, or NDA for short, are what prevents a penetration tester from talking about the cool vulnerabilities they found when they tested ACME Corp. last week.
Vulnerability Assessment ve Penetration Testing
Vulnerability Assessment ve Penetration Testing'in farkı şöyle
... the VA process shows how big vulnerability is, while the PT shows how bad it is. There is one more subtle difference. Due to the nature of work involved in each process, a VA can be carried out using automated tools, while a PT, in almost all cases, is a manual process. This is because PT essentially simulates what real hackers would do to your network or application.
Hiç yorum yok:
Yorum Gönder