Saturday, March 12, 2016

Vulnerability Assessment Vs Penetration Testing

Berdasarkan peraturan/regulasi dari Peraturan Bank Indonesia (PBI) atau Otoritas Jasa Keuangan (OJK) beberapa perusahaan di Indonesia diharuskan untuk diuji segi keamanan IT-nya (Penetration Testing) minimal 1 tahun sekali.
Tetapi terkadang kita bingung apa perbedaan dari Vulnerability Assessment dengan Penetration Testing.
Industry Standard References:
  • National Vulnerability Database (NVD)
  • Common Vulnerability Scoring System (CVSS)
  • Common Vulnerabilities and Exposure (CVE)
  • Common Weakness Enumeration (CWE)
  • Bugtraq ID (BID)
  • Open Source Vulnerability Database (OSVDB)

Sumber: Dokumen PCI DSS v1.0 March 2015. Penetration Testing Guidance.

No comments:

Post a Comment