ai人工智能面相测试
The need for penetration testing services arose a century back when the attacks on the systems became frequent. Lots of companies started losing their sensitive data and it affected their customers in the worst way possible.
渗透测试服务的需求源于一个世纪前的系统攻击频繁发生。 许多公司开始丢失其敏感数据,从而以最坏的方式影响了客户。
敏感数据的丢失正是世界看到另一个技术行业兴起的时间(以及原因)。 (The loss of sensitive data is exactly when (and why) the world saw another technical industry rising.)
You can see one pen testing company giving way to a whole new industry of penetration testing. The company collected the best tech brains and asked them to come up with solutions to stop cybercriminals from harming organizations and individuals.
您会看到一家笔测试公司让位给渗透测试的整个新行业。 该公司收集了最优秀的技术人才,并要求他们提出解决方案,以阻止网络犯罪分子伤害组织和个人。
However, the field of cybercriminals and testers changes faster than any other technical field.
但是,网络犯罪和测试人员领域的变化比其他任何技术领域都快。
Cyber Criminals keep coming up with new sorts of viruses and cyber-attacks. To save people from falling into these traps, testing companies needed to evolve enough to plan for these viruses and stay one step ahead of the criminals.
网络罪犯不断提出新的病毒和网络攻击 。 为了避免人们落入这些陷阱,测试公司需要进行足够的发展以计划这些病毒,并领先于犯罪分子。
Let’s dive into the history of penetration testing to see how it has evolved over time.
让我们深入了解渗透测试的历史,以了解其随着时间的发展。
一开始的渗透测试 (Penetration Testing in the Beginning)
Businesses always had a reason to opt for penetration testing to stay at a great distance from malware and other viruses.
企业始终有理由选择渗透测试,以使其远离恶意软件和其他病毒。
First of all, penetration testing was only designed for systems — making them secure from every angle. Soon it was discovered that a business can be targeted through phishing and social presence as well.
首先,渗透测试仅针对系统而设计-使它们从各个角度都是安全的。 很快,人们发现企业也可以通过网络钓鱼和社交活动成为目标。
The multi-angled attacks forced penetration testing companies to come up with solutions for every possible cyber threat.
多角度攻击迫使渗透测试公司针对每种可能的网络威胁提出解决方案。
Most of the time, testing was done manually where a team of testers would sit together, understand the software, list down all the requirements, and build test cases.
大多数情况下,测试是手动完成的,一组测试人员会坐在一起,了解软件,列出所有要求,并建立测试用例。
These test cases were then run one by one and the status of every test case was recorded. In the end, a report was prepared for the developers to understand the possible loopholes present, ways to recreate them, and ideas to cover them.
然后逐个运行这些测试用例,并记录每个测试用例的状态。 最后,为开发人员准备了一份报告,以了解存在的漏洞,重新创建漏洞的方法以及涵盖这些漏洞的想法。
Different techniques were introduced in the market to suit different requirements of the people.
市场上引入了不同的技术来适应人们的不同需求。
However, the steps were almost always the same since it involved a team of human testers to carry out all the activities. Then came the era of more advanced technologies; ones powered by artificial intelligence and machine learning.
但是,步骤几乎总是相同的,因为它需要一组测试人员来执行所有活动。 然后是更先进技术的时代。 由人工智能和机器学习提供支持的软件。
The Machine Learning tech was smart but was unguarded and open for the cybercriminals to attack and get hang of it.
机器学习技术很聪明,但是却不受保护,并向网络罪犯开放,可以攻击并掌握它。
Although every pen testing company felt it was a good idea to use manual testing for this new category of tech, IoT, they failed most of the time. The failure clearly called for new ways to be devised and used for the betterment of the organizations and individuals using AI and ML technology gadgets.
尽管每个笔测试公司都认为对这种新的物联网技术使用手动测试是一个好主意,但大多数情况下它们都失败了 。 这次失败显然要求设计出新方法,并将其用于使用AI和ML技术小工具改善组织和个人的方法。
人工智能与机器学习时代 (The Era of Artificial Intelligence and Machine Learning)
Although testers were trying their best to fight new cyber threats with the help of manual testing, they lost the battle many times.
尽管测试人员在手动测试的帮助下尽了最大的努力来对抗新的网络威胁 ,但他们却多次失败了。
In the hands of criminals, Artificial intelligence started becoming more of a threat rather than being a blessing.
在犯罪分子的手中,人工智能开始越来越成为一种威胁而不是福气。
When AI became a threat to criminals is when the world of pen testing introduced a new turn in history.
当AI成为对罪犯的威胁时,笔测试的世界引入了新的历史转折。
Artificial intelligence and machine learning were made a part of penetration testing. Different AI and ML techniques and tools were developed to help catch malware and viruses present in the system.
人工智能和机器学习已成为渗透测试的一部分。 开发了不同的AI和ML技术和工具来帮助捕获系统中存在的恶意软件和病毒。
Now, you must be wondering if artificial intelligence is so strong in the hands of criminals, should it not offer more benefits when used for pen testing?
现在,您一定想知道,如果在犯罪分子手中人工智能如此强大,它在用于笔测试时是否应该提供更多好处?
Obviously, it should offer more benefits with pen testing — so here is how penetration testing companies are evolving with AI and ML embedded in their technologies and techniques:
显然,它应该在笔测试中提供更多的好处—因此,这是渗透测试公司如何通过嵌入其技术的AI和ML来发展的:
更好的信息收集 (Better Information Gathering)
One of the most important stages of the whole pen-testing activity is gathering information. It is also known as the reconnaissance stage.
整个笔测试活动中最重要的阶段之一就是收集信息 。 它也被称为侦察阶段。
According to experts, if the testers manage to gather more data, in the beginning, the chances of their success gets even more than double.
根据专家的说法,如果测试人员设法收集更多的数据,那么一开始他们获得成功的机会甚至会增加一倍以上。
However, it is easy to say that and a lot difficult to do. In a pen testing activity, the team has only a limited amount of time to spend on gathering data. It is hard to ensure that the quality of the gathered data is the best.
但是,这很容易说,而且很难做。 在笔测试活动中,团队只有有限的时间花在收集数据上。 很难确保所收集数据的质量是最好的。
With AI as constant support, a great amount of quality data can be gathered in a limited amount of time. One can even make use of Computer Vision, Natural Language Processing, and Machine Learning to ensure a good profile of data is built with lots of details.
借助AI的持续支持,可以在有限的时间内收集大量的质量数据。 甚至可以利用计算机视觉,自然语言处理和机器学习来确保构建具有许多细节的良好数据概况。
扫描系统 (Scanning Systems)
Testing a lot of systems manually takes a lot of time. Also, since humans are bound to make mistakes, a lot of times loopholes go unnoticed in the system causing trouble later.
手动测试许多系统需要花费大量时间。 而且,由于人必定会犯错误,因此很多时候系统中的漏洞没有引起注意,后来又引起麻烦。
When it comes to scanning hundreds of systems, you can imagine the havoc manual testing can bring.
当扫描数百个系统时 ,您可以想象手动测试可能带来的破坏。
AI-empowered scanning ensures comprehensive coverage and good interpreted results. It can also be used to make a few amendments in the code where needed.
人工智能支持的扫描可确保全面的覆盖范围和良好的解释结果。 也可以在需要的地方使用它对代码进行一些修改。
Overall, it saves a lot of time and effort. Moreover, AI offers good test management and automatic creation of test cases. Hence, it makes your systems secure and sound in less time.
总体而言,它节省了大量时间和精力。 而且,AI提供了良好的测试管理和自动创建测试用例。 因此,它使您的系统更安全,声音更少。
维护和进入阶段 (Maintenance and Access Stage)
Once the testers are past scanning, they are ready to gain access to multiple network devices and extract the targeted data and start testing.
一旦测试人员过去扫描,他们就准备好访问多个网络设备并提取目标数据并开始测试。
The main purpose of this step is to ensure there are no loopholes left for the criminals to exploit later and take advantage of. The testing also includes checking for credentials for every employee and strong articles too.
此步骤的主要目的是确保不存在任何漏洞,供罪犯稍后利用并加以利用。 该测试还包括检查每位员工的凭据以及强项。
AI-based solutions are powered to try different password combinations to check how strong the passwords are to break-in. Different algorithms are designed to observe user data, on-going trends, present patterns, and train themselves to do better testing.
基于AI的解决方案可以尝试不同的密码组合,以检查破解密码的强度。 设计了不同的算法来观察用户数据,持续的趋势,当前的模式并训练自己进行更好的测试。
更好的报告 (Better Reporting)
The last stage of penetration testing followed by every pen testing company (kualitatem dot com) is the reporting stage.
每个笔测试公司(kualitatem dot com)紧随其后的渗透测试的最后阶段是报告阶段。
The reporting stage usually tests the ability of the attackers to cover their tracks and remove all traces of their presence in the system.
报告阶段通常测试攻击者掩盖其踪迹并删除系统中存在的所有踪迹的能力。
These kinds of evidence can be found in existing access channels, user logs, and unexpected error messages raised due to the infiltration process.
这些证据可以在现有的访问通道,用户日志以及由于渗透过程而引发的意外错误消息中找到。
Manual testing has failed to find these issues at a larger scale making it easy for the attackers to perform their tasks without management being aware of their presence.
手动测试未能在更大范围内发现这些问题,从而使攻击者可以轻松地执行其任务,而无需管理层意识到他们的存在。
On the other hand, artificial intelligence tools can easily discover hidden backdoors, traces of the presence of cybercriminals in the system, and multiple access points that were not supposed to be there.
另一方面,人工智能工具可以轻松地发现隐藏的后门 ,系统中网络犯罪分子的踪迹以及原本不应该存在的多个访问点。
Once found, these activities and their details are stored and saved in a report. The detailed report also contains a proper timeline against every attack done.
一旦找到,这些活动及其详细信息将存储并保存在报告中。 详细的报告还包含针对每一次攻击的适当时间表。
人工智能笔测试的总体优势 (Overall Benefits of AI-powered Pen Testing)
Now that we have talked about the benefits AI has to offer and the changes it is introducing in the penetration testing world, we are able to count the benefits on our fingertips.
既然我们已经讨论了AI所能提供的好处以及它在渗透测试领域所带来的变化,我们现在就可以轻而易举地计算出好处。
Here is the whole list of the ways AI-powered pen testing is much better than manual testing.
这是AI笔测试比手动测试好得多的方法的完整列表。
- Since artificial intelligence is involved in AI-based pen testing, the results are returned faster than manual testing. This decreases the expected investment of time and gives more time to developers to fix issues. 由于人工智能参与了基于AI的笔测试,因此返回结果要比手动测试更快。 这减少了预期的时间投入,并为开发人员提供了更多时间来解决问题。
- AI-based penetration testing ensures there are no loopholes left once the testing is done. This makes your system and software more secure as compared to manual testing. 基于AI的渗透测试可确保测试完成后不存在漏洞。 与手动测试相比,这使您的系统和软件更安全。
- The test results are more accurate as compared to manual testing. This leaves less headache for the developers and testers as well. 与手动测试相比,测试结果更加准确。 这也为开发人员和测试人员减轻了头痛。
- When it comes to companies, having AI do repetitive and boring tasks decreases investment. You can invest in an AI tool and forget about hiring and managing a large team of testers. 对于公司而言,让人工智能执行重复性和无聊的任务会减少投资。 您可以投资购买AI工具,而不必雇用和管理庞大的测试人员团队。
- Since organizations are growing at a good speed, it is hard to test for them through manual testing. Hence, AI-based testing ensures a large number of systems are tested with good results in less time. 由于组织的增长速度很快,因此很难通过手动测试来对其进行测试。 因此,基于AI的测试可确保以更少的时间对大量系统进行测试并获得良好的结果。
- These tools are easily available in the market and stay updated with new threats and viruses entering the market. So you do not have to worry about upskilling your employees and investing in them. 这些工具在市场上很容易获得,并且会随着新威胁和病毒的进入而不断更新。 因此,您不必担心提高员工技能并对其进行投资。
AI Changing Pen Testing Game Worldwide was originally published on ReadWrite on July 9, 2020 by Ray Parker.
全球AI笔测试游戏 最初 由 Ray Parker 于2020年7月9日 发布在 ReadWrite 上 。
翻译自: https://medium.com/readwrite/ai-changing-pen-testing-game-worldwide-7694b4006dc7
ai人工智能面相测试