| With the continuous development of computer technologies,the utilization rate of computer networks is also rising.While computer networks bring convenience to people's dailiy life,at the same time,computer network security problems occur frequently.Therefore,it is of great practical significance to find the hidden dangers in the network for improving the computer network environment.With the development of the computer industry,penetration testing gradually develops in the field of computer security,and penetration testing tools are constantly emerging,but the current penetration testing tools have some drawbacks,such as poor human-computer interaction,low degree of automation and hard to add new functions.Aiming at eliminating these drawbacks,this thesis presents the design and implement of a network security automation testing platform for penetration testing.Through the human-computer interaction technology I improved the platform's human-computer interaction capability,reduced the cost of learning for testers,and improved its testing efficiency.An expert mode is also provided so that senior testers can skip the intermediate steps and carry out a penetration testing directly with a command line.Moreover,the workflow technology is utilized to not only control the test process automatically but also provide customizable testing templates so that testers can easily and flexibly carry out the test task.At the same time,the tester can customize the test template to efficiently reuse the test process,so that the test task can be completed quickly and easily.Beside,the plug-in technology is employed to aid the integration of various testing tools,which enhances dramatically the platform's testing functionality.The thesis introduces the research background as well as investigation result of the current status of the technologies and tools of penetration testing both domestic and abroad.According to the current research status,it proposes the functionality,scalability and availability of information display management,process control management and testing tool management of the penetration testing automated test platform.Non-functional requirements such as extensibility availability and stability.According to the requirement analysis,a system design scheme of the platform is proposed.The scheme includes modules for human-computer interaction,control management,and testing tools.Through the task flow,auxiliary management and non-functional experiments,this thesis verifies the effectiveness of the system in reducing learning difficulty,improving automation and reducing the difficulty of function expansion.Finally,a series of testing results on the platform validate its effectiveness. |
PDF Full Text Request