Refers to a kind of security detection (penetration attack) behavior based on vulnerability database, which detects the security vulnerabilities of designated remote or local computer systems by scanning and other means, and finds the available vulnerabilities.

Existing vulnerabilities exist in network devices, such as firewalls, routers, switch servers and other applications. This process is automatic, mainly aimed at potential and known vulnerabilities in the network or application layer. Vulnerability scanning does not involve the use of vulnerabilities.

penetration test

Penetration testing service (black-box testing) refers to the use of various mainstream attack technologies to simulate attacks on the network under the authorization of customers, so as to find security vulnerabilities and risk points in the system and discover various potential high-risk vulnerabilities and security threats in advance.

Penetration testers should not only test the application layer or network layer, but also issue a complete penetration test report. The general report will mainly include the following contents: a detailed text description of the loopholes, reasons and solutions found in the penetration test process.