[转载]Understanding Security Testing

信息来源：邪恶八进制信息安全团队（www.eviloctal.com）

Many organizations desire to assess the efficacy of their information technology security implementations. Publicly held companies are required by the SEC to have an independent exam completed on a periodic basis. Articles and reviews refer to “vulnerability assessment,” “vulnerability testing,” “attack and pen,” and”penetration testing,” at times interchangeably. This overview attempts to step the reader through how vulnerability assessments and penetration testing is done, as well as the different and similar aspects of these processes. This can help decision-makers assess which form of testing is the most useful.