【译安】传统渗透测试与具有Web应用程序安全性的PTaaS对比

“译安”，意在使用中英双译给读者阅读信息安全类文章，主要聚焦APT攻击，网络事件，偶尔也发一些技术文章。翻译安全，议论安全是本系列的特色。不仅能学习到安全知识，洞悉最新安全事件，还能学习到英语，并列举出重要词汇，有助于英语的提升和专业词汇量的积累。没有特殊情况，每周五更新一篇“译安”系列文章。

Enomothem

While traditional penetration testing (pen testing) has long been the go-to method for identifying security gaps in a organization’s network and web application, a new approach has emerged: penetration testing as a service (PTaaS).

传统的渗透测试长期以来一直是组织识别其网络和Web应用程序中安全漏洞的常用方法，而一种新的方法已经出现：作为服务的渗透测试（PTaaS）。

With evolving cyberthreats in the digital landscape, organizations search for effective ways to secure their web applications. PTaaS combines the thoroughness of traditional pen testing with the continuous vigilance of scanners offering a new perspective on security testing.

随着数字领域中不断演变的网络威胁，组织寻求有效的方式来保护其Web应用程序。PTaaS将传统渗透测试的彻底性与扫描工具的持续监视相结合，为安全测试提供了新的视角。

But is this just a new coat of paint on an old practice or a legitimate, innovative option for companies seeking stronger security?

但这只是对旧实践的新装饰，还是对寻求更强大安全性的公司来说一种合法的创新选择呢？

This article delves into the heart of PTaaS, uncovering its distinctive features and advantages over traditional pen testing. We examine the integral role of scanners in PTaaS, illuminating how they complement human-led testing by catching anomalies that might slip past the human eye.

本文深入探讨了PTaaS的核心特点和相对于传统渗透测试的优势。我们将研究扫描工具在PTaaS中的重要作用，阐明它们如何通过捕捉人眼可能忽视的异常来补充人工测试。

Penetration testing, or pen testing, is a traditional method of identifying vulnerabilities in a system. It typically involves a team of cybersecurity experts simulating cyberattacks on a company’s network or application to uncover potential security gaps.

渗透测试是一种识别系统漏洞的传统方法。它通常涉及一个网络安全专家团队模拟对公司的网络或应用程序进行网络攻击，以发现潜在的安全漏洞。

Once the process is complete, the team provides a detailed report outlining the identified weaknesses and suggesting ways to mitigate them.

一旦测试完成，团队会提供详细的报告，概述已识别的弱点并提出缓解措施。

However, this approach to pen testing is, by nature, a point-in-time exercise. It provides a snapshot of the application’s security status at the moment of the test but does not account for any new vulnerabilities that might emerge after the test.

然而，这种渗透测试方法本质上是一次性的。它只提供了在测试时刻应用程序的安全状态的快照，而不考虑测试之后可能出现的新漏洞。

As a result, the time between pen tests can leave organizations vulnerable to threats. This is where penetration testing as a service, or PTaaS, comes in.

因此，渗透测试之间的时间间隔可能会让组织容易受到威胁。这就是渗透测试作为服务（PTaaS）的作用所在。

PTaaS revolutionizes the traditional pen testing model by introducing a continuous approach to web application security testing. Instead of a one-off examination, PTaaS offers ongoing, real-time testing that combines the benefits of manual pen tests with automated scanning tools.

PTaaS通过引入连续的Web应用程序安全测试方法，改革了传统的渗透测试模式。与一次性的检查不同，PTaaS提供了结合了手动渗透测试和自动化扫描工具优势的实时持续测试。

The most distinguishing feature of PTaaS is its continuous approach to security testing. In contrast to traditional pen testing, which offers a one-time view of vulnerabilities, PTaaS provides ongoing monitoring and testing of web applications.

PTaaS最显著的特点是其对安全测试的连续性方法。与传统的渗透测试相比，后者只能提供漏洞的一次性视图，PTaaS提供了对Web应用程序的持续监视和测试。

This strategy ensures that new vulnerabilities are detected and addressed promptly, reducing the window of opportunity for potential cyberattacks.

这种策略确保新的漏洞能够被及时发现和处理，减少潜在网络攻击的机会。

PTaaS leverages both human expertise and machine efficiency by integrating regular pen tests with automated scanners. While manual pen tests carry out in-depth testing and can simulate sophisticated attacks, automated scanners offer continuous scanning capabilities.

PTaaS通过将定期的人工渗透测试与自动化扫描工具相结合，充分利用了人类专业知识和机器效率。虽然人工渗透测试可以进行深入测试并模拟复杂的攻击，但自动化扫描工具具有持续扫描的能力。

These scanners can quickly go through vast amounts of data and identify issues that might be missed by human testers, such as minor configuration errors. They can also promptly identify common vulnerabilities and exposures (CVEs) as they emerge.

这些扫描工具可以快速处理大量数据，并识别出人工测试人员可能会忽略的问题，如微小的配置错误。它们还可以迅速识别新出现的常见漏洞和曝光（CVE）。

This combination of manual and automated testing allows for a more thorough and continuous security assessment. It ensures that vulnerabilities are not just identified during scheduled pen tests but are also continuously detected and addressed as they arise.

人工和自动化测试的结合可以进行更全面和持续的安全评估。它确保不仅在定期的人工渗透测试中发现漏洞，而且在漏洞出现时能够持续地检测和解决这些漏洞。

Automated scanners are renowned for their proficiency in swiftly identifying common vulnerabilities. Their capabilities include pinpointing issues like outdated software, incorrect configurations, and known vulnerabilities, achieving speed and scale that is humanly unattainable.

自动化扫描工具以快速识别常见漏洞而闻名。它们能够准确定位过时软件、错误配置和已知漏洞等问题，达到了人类无法企及的速度和规模。

In contrast, the unique value of human pen testers lies in their capacity for creative thinking, complex vulnerability exploitation, and understanding the intricate business context. They are skilled at crafting unique attack vectors, simulating social engineering attacks, and detecting business logic flaws — issues that automated scanners might miss.

相比之下，人工渗透测试人员的独特价值在于他们的创造性思维、复杂漏洞利用能力和对复杂商业环境的理解。他们擅长制定独特的攻击向量、模拟社交工程攻击和检测业务逻辑缺陷等问题，而这些是自动化扫描工具可能会忽视的。

PTaaS optimally leverages the power of both, offering a comprehensive and potent cybersecurity solution.

PTaaS最佳地发挥了两者的力量，提供了一种全面而强大的网络安全解决方案。

Industry opinions on PTaaS are varied and reflect a broad spectrum of experiences and expectations.

行业对PTaaS的看法因经验和期望的不同而各有不同。

In digital communities where cybersecurity professionals gather to share insights, like Reddit and StackExchange, PTaaS is a topic of ongoing discussion. Some industry professionals view PTaaS as a dynamic solution that combines the benefits of automated testing with human expertise, providing a more continuous and adaptive approach to security testing.

在网络安全专业人员聚集的数字社区（如Reddit和StackExchange）中，PTaaS是持续讨论的话题。一些行业专业人士认为，PTaaS是一种动态解决方案，将自动化测试的好处与人类专业知识相结合，提供了更连续和自适应的安全测试方法。

However, concerns are also raised within these discussions. For instance, some express skepticism regarding the ability of PTaaS to match the depth of traditional penetration testing conducted by experienced professionals. Others worry about the reliance on automation, the possibility of false positives, and the potential for overlooking vulnerabilities that a human tester might spot.

然而，在这些讨论中也提出了一些关注点。例如，一些人对PTaaS能否达到经验丰富的专业人士进行传统渗透测试的深度表示怀疑。其他人担心过度依赖自动化、可能产生误报的可能性以及可能忽视人工测试人员可能发现的漏洞。

Despite these concerns, there is a recognition of the benefits that PTaaS can bring to the table. These include the continuous monitoring of systems, the ability to identify and respond to vulnerabilities rapidly, and the combination of human-led testing and automated scanning for a more comprehensive security assessment.

尽管存在这些关切，但人们也认识到PTaaS带来的好处。这些好处包括系统的持续监控、快速识别和响应漏洞以及人工测试和自动化扫描相结合，进行更全面的安全评估。

The industry discussions highlight a key point: the digital landscape is evolving rapidly, and cybersecurity strategies need to evolve in tandem. In this context, PTaaS emerges as a legitimate and progressive option. It’s not merely traditional penetration testing repackaged but an enhancement that leverages the best of both automated and human-led testing.

行业讨论突显了一个关键点：数字领域正在迅速发展，网络安全策略需要与之同步发展。在这种情况下，PTaaS被视为一种合理且先进的选择。它不仅仅是传统渗透测试的重新包装，而是一种结合了自动化和人工测试的增强方法，发挥了两者的优势。

Outpost24, a leading provider in the cybersecurity space, has developed a unique approach to penetration testing as a service (PTaaS) that sets it apart from other service providers. Recognizing the need for a more dynamic, interactive, and real-time solution, Outpost24 has incorporated several innovative features into its PTaaS offering.

Outpost24是网络安全领域的领先提供商，他们开发了一种独特的渗透测试即服务（PTaaS）方法，使其与其他服务提供商区别开来。Outpost24意识到需要一种更具动态性、互动性和实时性的解决方案，并在其PTaaS服务中引入了几个创新功能。

One of the most striking features of Outpost24’s PTaaS is its emphasis on a continuous feedback loop. This means that the process doesn’t stop at merely identifying vulnerabilities. Instead, any remediation undertaken to address the vulnerabilities is also retested, ensuring that the fixes are effective and that the web application’s security posture remains robust.

Outpost24 PTaaS最引人注目的特点之一是强调连续的反馈循环。这意味着该过程不仅仅停留在识别漏洞的阶段。相反，为了解决漏洞，进行的任何修复措施也会进行重新测试，确保修复措施的有效性以及Web应用程序的安全状况保持稳固。

This continuous monitoring and retesting mechanism enhances the web application’s resilience to potential threats.

这种连续的监控和重新测试机制增强了Web应用程序对潜在威胁的弹性。

Outpost24 also offers the unique advantage of allowing clients to interact directly with the penetration testers who carry out their security assessments. This interactive element facilitates clearer communication and a more nuanced understanding of the identified vulnerabilities, their potential impact, and the remediation required.

Outpost24还提供了独特的优势，允许客户直接与进行安全评估的渗透测试人员进行互动。这种互动元素有助于更清晰地沟通，并更细致地了解已发现的漏洞、它们的潜在影响以及所需的修复措施。

It creates an environment of collaborative security improvement, which is more effective than a one-way delivery of test results.

这创造了一种协同安全改进的环境，比单向交付测试结果更有效。

The PTaaS platform provides real-time insights into identified vulnerabilities, enabling businesses to expedite their remediation efforts. Along with real-time vulnerability discovery, Outpost24 provides detailed steps to replicate the identified vulnerabilities.

PTaaS平台提供实时的漏洞洞察，使企业能够加快修复工作。除了实时发现漏洞外，Outpost24还提供了详细的复制漏洞步骤。

This allows businesses to understand the potential exploitation paths a threat actor could take, thereby empowering them to develop more effective defense strategies.

这使企业能够了解威胁行为者可能采取的潜在攻击路径，从而使他们能够制定更有效的防御策略。

While traditional pen testing has served as a vital tool in identifying vulnerabilities, its periodic nature can leave gaps in security. These gaps can become targets for cyber threats that emerge between tests. PTaaS addresses these gaps by offering a continuous, dynamic approach to security testing.

尽管传统的渗透测试在识别漏洞方面起到了至关重要的作用，但其周期性的特点可能会导致安全方面的漏洞。这些漏洞可能成为测试之间出现的网络威胁的目标。PTaaS通过提供连续、动态的安全测试方法来解决这些漏洞。

Outpost24’s approach to PTaaS exemplifies how the service can be more than just “penetration testing with a new coat of paint.”

Outpost24对PTaaS的方法说明了这种服务可以超越“换汤不换药”的渗透测试。

Through continuous feedback, interactive communication, and real-time insights, Outpost24 provides a PTaaS offering that elevates the standard of web application security testing.

通过持续的反馈、互动式沟通和实时洞察，Outpost24提供了一种提升Web应用程序安全测试标准的PTaaS服务。

1. Penetration testing - 渗透测试

2. Penetration testing as a Service (PTaaS) - 作为服务的渗透测试

3. Security gaps - 安全漏洞

4. Web application - 网络应用程序

5. Traditional pen testing - 传统渗透测试

6. Continuous approach - 持续方法

7. Automated scanners - 自动化扫描工具

8. Vulnerabilities - 漏洞

9. Human expertise - 人工专业知识

10. Cybersecurity - 网络安全

本文介绍了渗透测试作为服务（PTaaS）与传统渗透测试的区别和优势。传统渗透测试是一种点对点的安全漏洞测试方法，而PTaaS采用持续的、实时的方式进行测试，结合了人工专业知识和自动化扫描工具。PTaaS通过持续监控和测试，确保及时发现和解决新的漏洞，减少潜在的网络攻击窗口。

人工渗透测试能进行深入测试和模拟复杂攻击，而自动化扫描工具能快速检测常见漏洞和问题，避免人工漏掉细微配置错误等问题。PTaaS充分利用了人工和自动化测试的优势，提供全面有效的网络安全解决方案。

行业对PTaaS的看法不一，有人认为它结合了自动化测试和人工专业知识，提供了持续和适应性更强的安全测试方法。然而，也有人对PTaaS的深度与传统渗透测试相比持怀疑态度，担心过度依赖自动化可能导致误报，或者可能忽视人工测试者可能发现的漏洞。

文章介绍了Outpost24作为一个信息安全服务提供商，采用独特的PTaaS方法。Outpost24的PTaaS强调持续反馈循环，不仅仅是发现漏洞，还对修复措施进行再次测试，确保修复措施的有效性。此外，Outpost24允许客户直接与进行安全评估的渗透测试人员进行互动交流，创造了一种合作的安全改进环境。Outpost24的PTaaS提供实时的漏洞发现和详细的复现步骤，帮助企业更好地理解潜在攻击路径，并制定更有效的防御策略。

总而言之，PTaaS通过持续的测试、互动的沟通和实时的洞察力，提供了一种优于传统渗透测试的网络应用程序安全测试解决方案。

金蝶云星空远程代码执行漏洞

POC

#https://github.com/chaitin/xpoc
#https://stack.chaitin.com/tool/detail?id=1036

xpoc -r 104 -t 目标URL

Jenkins跨站请求伪造漏洞CVE-2023-35141

漏洞类型：跨站请求伪造

影响：请求伪造

简述：在Jenkins 2.399及更早版本，LTS2.387.3及更早版本中，为了加载上下文操作的列表，会发送POST请求。如果URL的一部分包含了不充分转义的用户提供的值，受害者可能会被诱导在打开一个上下文菜单时发送一个POST请求到一个意想不到的端点。

DNS 递归导致 DoS 攻击——CVE-2023–31893

使用DDoS-Ripper进行DDoS攻击测试：

# https://github.com/palahsu/DDoS-Ripper
python3 DRipper.py -s 192.168.15.250 -t 135 -p 53：

https://github.com/projectdiscovery/subfinder 工具 - 子域名

https://github.com/tangxiaofeng7/CVE-2023-32315-Openfire-Bypass CVE

https://github.com/MiYogurt/network-security-mind-map 思维导图

原文始发于微信公众号（Eonian Sharp）：【译安】传统渗透测试与具有Web应用程序安全性的PTaaS对比