So sánh phương pháp
Xem các phương pháp đã chọn cạnh nhau; những hàng khác biệt được làm nổi bật.
| Đánh giá lỗ hổng bảo mật× | Phương pháp kiểm thử xâm nhập× | |
|---|---|---|
| Lĩnh vực | Mật mã học | Mật mã học |
| Họ | Process / pipeline | Process / pipeline |
| Năm ra đời≠ | 2002 | 2008 |
| Người khởi xướng≠ | National Institute of Standards and Technology (NIST) | National Institute of Standards and Technology (NIST), OWASP |
| Loại≠ | Vulnerability identification and prioritization | Authorized security exploit and assessment |
| Công trình gốc≠ | National Institute of Standards and Technology (2012). Guide for Conducting Security Patch Management Activities. NIST Special Publication 800-40 Revision 3. link ↗ | National Institute of Standards and Technology (2008). Penetration Testing and Security Testing. NIST Special Publication 800-115. link ↗ |
| Tên gọi khác | Vulnerability Scanning, Security Assessment, Risk Assessment | Pen Testing, Ethical Hacking, Security Testing |
| Liên quan | 3 | 3 |
| Tóm tắt≠ | Vulnerability assessment is a systematic process of identifying, quantifying, and prioritizing security weaknesses in systems, networks, and applications. Using automated scanning tools and manual techniques, organizations discover unpatched software, misconfigurations, weak cryptographic practices, and other exposures that attackers could exploit. | Penetration testing is an authorized, controlled simulated attack on systems, networks, and applications to evaluate their security defenses. Unlike vulnerability assessment (which identifies weaknesses), penetration testing actively exploits vulnerabilities to demonstrate real-world impact, confirm exploitability, and assess an organization's incident response capabilities. |
| ScholarGateBộ dữ liệu ↗ |
|
|