| With the growing popularity of Internet applications and further development of Internet technology,various institutions have realized the importance of building a strong network security defense system to maintain network security of themselves.However,the effectiveness of protection needs to be verified.Penetration testing is an important means to verify if the network defense strategy is solid and effective,its condition is directly related to the security situation of a system.It is of great significance to perform a successful penetration testing to protect the security of enterprise networks.Currently,penetration testing is generally self-initiated by Penetration Testing Engineers,does not have the necessary process management,and lack of management of the process.Thus,the quality and reusability of the test results are not guaranteed.In order to control the process of penetration testing and ensure the accuracy and reusability of the test result,the penetration testing theory and technology is learned and penetration testing management platform is designed and implemented.Firstly,the basic process of penetration testing is reviewed in detail,the design method of test management system is studied,and the requirement analysis is carried out based on the actual penetration testing process.Following,Software engineering design methods are strictly implemented and the detailed function module is divided in the design process.The modules aim to achieve the management of system users,related tools,penetration testing tasks,the customer's assets,vulnerability database and penetration testing reports.Then the corresponding module is designed.Ultimately,the original demand is backtracking in the system implementation and testing stage.It is verified whether the system can meet the needs and if the process of penetration testing is of good control.The main work of this paper includes:a)In the paper,the theory of penetration testing is studied,the problems of penetration testing are analyzed,and the business process of the system is identified.The system requirement is analyzed in detail.b)Through learning from other penetration testing systems and the analysis of the details of the test management,the concrete function structure of the system and the database entity and relation is designed.c)Finally,Penetration Testing Management Platform is implemented which can be used to normatively manage and regularly control the penetration testing process.The program which is used as Web crawler is released,which extracts web data and generate a dictionary of the vulnerability of network security.The implementation of penetration testing management platform standardizes the control process of penetration testing.Using the platform,the controllability of the testing process,the efficiency of test execution,the correctness and the reusability of the test results are guaranteed. |
PDF Full Text Request