zoukankan      html  css  js  c++  java
  • Penetration Test

    Mitigation strategies

    RECOMMEND MITIGATION STRATEGIES
    • Nearly every pen test will discover multiple vulnerabilities.
    • A pen test report should contain recommendations to mitigate each vulnerability
    • Solutions vary, depending on the vulnerability
    MITIGATION STRATEGY CATEGORIES
    • People - behavior changes
      • Social engineering
      • Passwords
    • Process - how things are done
      • Backup media handling
      • ID management
    • Technology
      • Controls based on hardware and/or software
    COMMON FINDINGS
    • Shared local administrator credentials
      • Randomize credentials/LAPS
    • Weak password complexity
      • Minimum password requirements/password filters
    • Plain text passwords
      • Encrypt the passwords
    • No multifactor authentication
      • Implement multifactor authentication
    • SQL injection
      • Sanitize user input/parameterize queries
    • Unnecessary open services
      • Disable or remove unneeded services(system hardening)
    QUICK REVIEW
    • Recommend mitigation activities for each identified vulnerability
    • Suggest different classes of mitigations(technical, administrative, etc.)
    • Know common findings and mitigations for the PenTest.
    相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。
  • 相关阅读:
    什么是MIME
    bit/byte/英文字符/汉字之间的换算及java八大基本数据类型的占字节数
    js 上传文件大小检查
    java.toString() ,(String),String.valueOf的区别
    java 下载文件的样例
    回调函数分析
    IO流详析
    各个秒之间的换算率
    内边距:
    Less-6【报错+BOOL类型】
  • 原文地址:https://www.cnblogs.com/keepmoving1113/p/14152185.html
Copyright © 2011-2022 走看看