skip to main
|
skip to sidebar
謎人誌 kryptoman's blog
所有文字內容皆為版權所有. 任何形式轉貼均須先得到授權. 鏈接不在此限. 歡迎推薦及指教.
Thursday, May 13, 2010
黑與白 - 什麼是白帽黑客?
"白帽黑客" (whitehat hacker) 有時也稱為 "有品黑客" (ethical hacker) 或是 "侵入測試員" (penetration tester). 基本上, 這些人是公司或單位授權/僱用來測試他們的資訊或網絡產品的安全性. 請注意 "授權" 二字. 這就是白帽黑客和一般黑客的區別.
http://en.wikipedia.org/wiki/White_hat
圖取自此處
-- kryptoman
No comments:
Post a Comment
Newer Post
Older Post
Home
Subscribe to:
Post Comments (Atom)
關鍵字
Kryptoman
資訊安全 資安 網路安全 安全軟體 電腦病毒 惡意軟體 黑客 駭客 黑盒子 加密 解密 密碼 破解 越獄 防火牆 間諜軟體 補丁 電腦犯罪 犯罪調查 個資 監控
View my complete profile
Blog Archive
►
2011
(1)
►
February
(1)
▼
2010
(9)
►
October
(1)
►
July
(2)
▼
May
(6)
臉書 (Facebook) 現象與個人隱私的自我公開
駭客任務啟示錄 - KHOBE
是真安全, 還是自我感覺良好
# 的特殊意義
黑與白 - 什麼是白帽黑客?
引言
Security topics
Bruce Schneier
Counter Hack
CVSS calculator
CVSS framework
DEF CON
DHS - Build Security In
FAIR framework
Hakin9 magazine
NIH enterprise security architecture
OWASP risk methodology
OWASP threat modeling
OWASP Top 10
PGP Global Directory
SANS - 20 critical security controls
SANS - Computer Forensics
SANS - Internet Storm Center
SANS - WhatWorks
sla.ckers.org forum
Wikileaks
SecOrgs & Vendors
(ISC)
2
CERT
Fred Cohen & Associates
Honeypot
InGuardians
ISSA
MSDN security developer
Netcraft
NIST - Computer Security
OASIS - security
OpenDNS
OWASP
PCI Security Standards
SABSA security architecture
SecuriTeam
SecurityFocus
Toolkits
Charles - web debugging proxy
ISSA toolsmith
Mutillidae - Vulnerable set of OWASP top 10
Netsparker web app scanner
NIST cryptographic toolkit
Pete Finnigan Oracle security
SecurityDistro - Security distributions
SensePost
SQL injection cheatsheet
WebGoat (insecure J2EE web app)
Source/binary code analysis
Fortify
PMD (Java source code scan)
SWFIntruder (flash/swf runtime)
swfscan (flash/swf)
Veracode (binary)
Web app scanners
Burp Suite
Core Impact
IBM AppScan
w3af
Whitehat
Network/host scanners
Nessus
Qualys
Penetration testing tools
Absinthe (blind SQL injection)
Ajax Shell Commander (execute shell)
BeEF (browser exploitation)
Burp Suite
(web proxy)
dig (DNS query)
DirBuster (dir and file names)
Fierce Domain Scan (recon)
Foundstone SiteDigger (recon)
Foundstone WSDigger (WS testing)
GHDB (recon)
Grendel-Scan
HTTPrint (web server fingerprinting)
nmap (network exploration)
Paros (web proxy)
PHP Shell (execute shell-commands)
ProxMon (web proxy)
ratproxy (passive web proxy)
soapUI (general WS testing)
SQL Inject Me (FF plug-in)
sqlmap (SQL injection)
SwitchProxy (FF plug-in)
Tamper Data (FF plug-in)
WebScarab (web proxy)
Wireshark (network sniffing)
XSS Me (FF plug-in)
Encryption tools
Credant (desktops/portable devices)
PGP (email, files, drives)
SafeNet/Ingrian DataSecure (DBs, Apps)
SSH/SFTP (transport)
SSL/TLS (transport)
TrueCrypt (files, drives)
Firewall/IDS/IPS
Imperva (web app firewall)
snort
Anti-virus/malware/spyware
McAfee
Patch management
BigFix
Forensics/incident response
Encase (forensics)
Maltego (info collection)
Data loss prevention (DLP)
RSA DLP Suite
Security monitoring
Tripwire
Identity and access management
BeyondTrust PowerBroker (admin)
Oracle Access Manager (WSSO)
Passlogix v-GO (ESSO)
RSA SecurID (OTP token)
Sentillion (session management/SSO)
Xyloc (proximity badge)
Security Terms
nonce
No comments:
Post a Comment