방법 비교
선택한 방법을 나란히 검토하세요. 서로 다른 행은 강조 표시됩니다.
| 모의 해킹 방법론× | 취약점 평가× | |
|---|---|---|
| 분야 | 암호학 | 암호학 |
| 계열 | Process / pipeline | Process / pipeline |
| 기원 연도≠ | 2008 | 2002 |
| 창시자≠ | National Institute of Standards and Technology (NIST), OWASP | National Institute of Standards and Technology (NIST) |
| 유형≠ | Authorized security exploit and assessment | Vulnerability identification and prioritization |
| 원전≠ | National Institute of Standards and Technology (2008). Penetration Testing and Security Testing. NIST Special Publication 800-115. link ↗ | National Institute of Standards and Technology (2012). Guide for Conducting Security Patch Management Activities. NIST Special Publication 800-40 Revision 3. link ↗ |
| 별칭 | Pen Testing, Ethical Hacking, Security Testing | Vulnerability Scanning, Security Assessment, Risk Assessment |
| 관련 | 3 | 3 |
| 요약≠ | Penetration testing is an authorized, controlled simulated attack on systems, networks, and applications to evaluate their security defenses. Unlike vulnerability assessment (which identifies weaknesses), penetration testing actively exploits vulnerabilities to demonstrate real-world impact, confirm exploitability, and assess an organization's incident response capabilities. | Vulnerability assessment is a systematic process of identifying, quantifying, and prioritizing security weaknesses in systems, networks, and applications. Using automated scanning tools and manual techniques, organizations discover unpatched software, misconfigurations, weak cryptographic practices, and other exposures that attackers could exploit. |
| ScholarGate데이터셋 ↗ |
|
|