Source: Zhihu
Surprise at the end
1. Divide by severity
Definition: It refers to the degree of damage to software quality by bugs , that is, how the existence of bugs will affect the functions and performance of software.
Classification: System crash, critical, general, minor, recommended.
2. By priority
Definition: A measure of the current order in which software defects are addressed and fixed.
Classification: high (high), middle (middle), low (low).
Note: Generally, software defects with high severity have higher priority.
In special cases, this condition does not hold.
(1) The priority of the severity report is not necessarily high
a. If a serious defect occurs only under very extreme conditions, it is not necessary to solve it immediately.
b. If you modify a software defect, you need to re-modify the overall structure of the software, and you need to consider it comprehensively.
(2) The priority of low severity is not necessarily low.
If the company name or software name is misspelled, it must be corrected first.
3. Divide by test type
Functional logic class, performance class, interface class, usability class, compatibility class.
4. Divided by functional modules
5. According to the life cycle of BUG
Categories: New, Confirmed, Resolved, Closed, Reopened.
Surprise at the end of the article
Penetration testing environment and code
Experimental code:
Link: https://pan.baidu.com/s/14XsCng6laiSiT_anuwr5dw?pwd=78dy
Extraction code: 78dy
surroundings
Install tomcat, Apache and MySQL on Windows
Install tomcat, Apache and MySQL on Linux
operate
1. Copy the sec in tomcat to the tomcat directory, such as %TOMCAT-HOME%\webapps\
2. Copy the sec in Apache to the Apache directory, such as \htdocs\
3. Under the sec directory in tomcat
include.jsp
<%StringWindows_IP="127.0.0.1";StringLinux_IP="192.168.0.150";StringJSP_PORT="8080";StringPHP_PORT="8100";%>
-
String Windows_IP: IP address of Windows
-
String Linux_IP: IP address of Linux
-
String JSP_PORT: The port number of the JSP
-
String PHP_PORT: The port number of PHP
3. Include.php in the sec directory in Apache
$windows_ip="http://127.0.0.1";$linux_ip="http://192.168.0.150";$jsp_port="8080";$php_port="8100";?>
-
$windows_ip: IP address of Windows
-
$linux_ip=: IP address of Linux
-
$jsp_port=: The port number of the JSP
-
$php_port: The port number of PHP
Open browse and enter http://192.168.0.106:8080/sec/
192.168.0.106 is the local IP address
Database configuration
Create a sec database under MySQL, root/123456. Import 4 csv files under DB into sec database
Penetration testing operating system virtual machine file vmx file
1) Windows 2000 Professional
Link: https://pan.baidu.com/s/13OSz_7H1mIpMKJMq92nEqg?pwd=upsm
Extraction code: upsm
2) Windows Server 2003 Standard x64 Edition
Link: https://pan.baidu.com/s/1Ro-BoTmp-1kq0W_lB9Oiww?pwd=ngsb
Extraction code: ngsb
Power-on password: 123456
3) Windows 7 x64
Link: https://pan.baidu.com/s/1-vLtP58-GXmkau0OLNoGcg?pwd=zp3o
Extraction code: zp3o
4) Debian 6 (Kali Linux)
Link: https://pan.baidu.com/s/1Uw6SXS8z_IxdkNpLr9y0zQ?pwd=s2i5
Extraction code: s2i5
Power-on password: jerry/123456
Installed Apache, Tomcat, MySQL, vsftpd and supporting Web security testing practice teaching plan.
start Tomcat
#/usr/local/apache-tomcat-8.5.81/bin/startup.sh
start MySQL
#service mysql start
start Apache
#/etc/init.d/apache2 start
Open a browser and enter 127.0.0.1:8080/sec/
5) Metasploitable2-Linux (with vsftpd 2.3.4)
Link: https://pan.baidu.com/s/1a71zOXGi_9aLrXyEnvkHwQ?pwd=17g6
Extraction code: 17g6
Power -on password : see the page prompt
After decompression, it is directly vmx file, which can be used directly
