{"id":7940,"date":"2021-03-26T15:23:36","date_gmt":"2021-03-26T12:23:36","guid":{"rendered":"https:\/\/www.inforte.com\/?p=7940"},"modified":"2021-03-26T15:26:33","modified_gmt":"2021-03-26T12:26:33","slug":"formula-1-analojisi-ile-bir-sizma-testinden-en-iyi-sekilde-yararlanmak","status":"publish","type":"post","link":"https:\/\/www.inforte.com\/en\/formula-1-analojisi-ile-bir-sizma-testinden-en-iyi-sekilde-yararlanmak\/","title":{"rendered":"Formula-1 analojisi ile bir s\u0131zma testinden en iyi \u015fekilde yararlanmak"},"content":{"rendered":"

\u00c7ok fazla g\u00fcvenlik \u00e7\u0131kt\u0131s\u0131 konu\u015ftu\u011fumuz bu g\u00fcnlerde blog yazm\u0131z\u0131 iyi bir s\u0131zma testi planlamas\u0131 ve g\u00fcvenlik haz\u0131rl\u0131\u011f\u0131 noktas\u0131na \u00e7ekmek istiyoruz. En iyi haz\u0131rl\u0131k nas\u0131l yap\u0131lmal\u0131d\u0131r? parametreleri nelerdir? Bir\u00e7ok g\u00fcvenlik sorunu ve beraberindeki teknolojik y\u00fck\u00fc ve riskleri konu\u015ftu\u011fumuz noktada \u00e7ok say\u0131da belirsizliklerle ya\u015fayarak kurumsal a\u011flar\u0131 ayakta tutmaya \u00e7al\u0131\u015f\u0131yoruz.<\/p>\n


<\/p>\n

Bu yaz\u0131da Formula-1 analojisine \u00fczerinden konuya de\u011fin<\/span>mek istiyoruz, bildi\u011finiz gibi Formula-1 teknolojik rekabet, tak\u0131m oyunu ve performans\u0131n en u\u00e7 noktalarda ya\u015fand\u0131\u011f\u0131, her a\u015famas\u0131nda zorluklar\u0131 olan d\u00fcnya \u00fczerindeki en zor yar\u0131\u015fmalardan birisi oldu\u011fu a\u00e7\u0131k. Her alanda oldu\u011fu gibi Formula 1’de en haz\u0131rl\u0131kl\u0131 tak\u0131mlar\u0131n ba\u015far\u0131 \u015fans\u0131 en y\u00fcksek olan\u0131d\u0131r. Buna ra\u011fmen rekabatte \u00f6nemli \u015fans fakt\u00f6rleri de olmuyor de\u011fil, yine de standart bir haz\u0131rl\u0131k tek ba\u015f\u0131na bir zaferi garantilemek i\u00e7in yeterli olmayabiliyor. Yar\u0131\u015fmadaki bir\u00e7ok fakt\u00f6r \u00f6ncelikle biti\u015f \u00e7izgisini ge\u00e7meye teorik olarak katk\u0131da bulunur, bunun d\u0131\u015f\u0131nda yar\u0131\u015fman\u0131n analizi, ara\u00e7 takip ko\u015fullar\u0131, hava durumu, ara\u00e7 kurulumu, strateji de\u011fi\u015fiklikleri ve \u00e7e\u015fitli g\u00fcncellemelerin yan\u0131 s\u0131ra bir\u00e7ok de\u011fi\u015fken ile yar\u0131\u015fman\u0131n sonucu belirlenir. Bu ba\u011flamda \u00f6ng\u00f6r\u00fclebilir risklerden emin olmal\u0131, tahmine ya da \u00f6ng\u00f6r\u00fcye dayal\u0131 \u00e7\u0131kt\u0131lar yerine, t\u00fcm bu de\u011fi\u015fkenleri verilerle ifade edip bu ba\u011flamda de\u011ferlendirme yaparak t\u00fcm planlama ve staratejiyi bu detaylar \u00fczerinde yap\u0131land\u0131rmak gerekmektedir.<\/p>\n


<\/p>\n

\u201c\u00c7\u0131kt\u0131lar\u0131 do\u011frulanabilir ger\u00e7ek bir s\u0131zma testi de bundan farkl\u0131 de\u011fildir.\u201d<\/h2>\n
\n

Bir Formula 1 \u015fampiyonu olabilmeniz i\u00e7in t\u00fcm riskler kar\u015f\u0131s\u0131nda t\u00fcm rakiplerinizden daha iyi haz\u0131rlan\u0131p gelebilecek risklere kar\u015f\u0131 egzersiz yapabilme kabiliyeti \u00e7ok \u00f6nemlidir, ancak kritik nokta test boyunca sorunsuz bir s\u00fcre\u00e7 planlamas\u0131 ve yetkinlikleriniz olmadan ba\u015far\u0131l\u0131 olaman\u0131z pek olas\u0131 de\u011fildir. Inforte olarak distributorl\u00fc\u011f\u00fcn\u00fc yapt\u0131\u011f\u0131m\u0131z\u00a0Synack\u00a0<\/a>penetrasyon testlerinde de durum bu \u015fekildedir. T\u0131pk\u0131 Formula-1 analojisinde oldu\u011fu gibi, konusunda uzman \u00e7ok say\u0131da g\u00fcvenlik ara\u015ft\u0131rmac\u0131s\u0131 ve etik hacker g\u00fcvenli\u011finizi en u\u00e7 noktalarda tamamen sald\u0131r\u0131 perspektifi ile do\u011frulamak i\u00e7in geleneksel s\u0131zma testlerine g\u00f6re 2\u20135 ki\u015fi yerine 40\u201360 ki\u015fi bunu en detayl\u0131 \u015fekilde yap\u0131land\u0131rmak i\u00e7in s\u0131zma testini ger\u00e7ekle\u015ftirir, crowdsourced pentest\u2019in alt\u0131ndaki en \u00f6nemli fakt\u00f6rlerden birisi budur. Bir di\u011feri ise en iyilerin en iyisi ile \u00e7al\u0131\u015fmakt\u0131r. Synack bu noktada d\u00fcnya \u00fczerindeki en iyi ve g\u00fcvenilir (top %10) ile \u00e7al\u0131\u015farak\u00a0Synack SRT<\/a>\u00a0ekibini olu\u015fturmu\u015ftur.<\/p>\n


<\/p>\n

Etkili bir s\u0131zma testinde beklenmesi gereken baz\u0131 fakt\u00f6rleri a\u015fa\u011f\u0131daki gibi tan\u0131mlanabilir:<\/p>\n


<\/p>\n

Pentest\u2019de en \u00f6nemli fakt\u00f6r: y\u00fcksek kaliteli ve g\u00fcvenilir \u2018G\u00fcvenlik Ara\u015ft\u0131rma\u2019 ekibinin varl\u0131\u011f\u0131<\/strong><\/p>\n


<\/p>\n

Ara\u015ft\u0131rmac\u0131lar\u0131n becerileri ve g\u00fcvenlik ara\u015ft\u0131rmas\u0131 ge\u00e7mi\u015fi, herhangi bir pentestin ba\u015far\u0131s\u0131 i\u00e7in kritik \u00f6neme sahiptir. G\u00fcvenlik a\u00e7\u0131\u011f\u0131\/zafiyetleri kavram\u0131 \u00e7ok geni\u015f ve \u00e7e\u015fitli oldu\u011fundan, tek bir ara\u015ft\u0131rmac\u0131 ya da az say\u0131da ara\u015ft\u0131rmac\u0131 \u2014 t\u00fcm g\u00fcvenlik a\u00e7\u0131\u011f\u0131 kategorilerinde s\u0131zma testi kapsam\u0131 i\u00e7erisindeki b\u00fct\u00fcn kapsam\u0131 tam olarak test edecek uzmanl\u0131\u011fa sahip olamayacak, olsa bile derinli\u011fi olmayacakt\u0131r. Benzer durum geleneksel s\u0131zma testi \u00e7al\u0131\u015fmalar\u0131 d\u0131\u015f\u0131nda, offensive g\u00fcvenlik \u00fczerine \u00e7al\u0131\u015fan t\u00fcm k\u0131rm\u0131z\u0131 tak\u0131m(redteaming) \u00e7al\u0131\u015fmalar\u0131, di\u011fer pentest otomasyon yaz\u0131l\u0131mlar\u0131 ve atak simulasyonu ger\u00e7ekle\u015ftiren BAS (Breach and Attack Simulation) kapsam\u0131 i\u00e7in de ge\u00e7erlidir. As\u0131l ba\u011flam buradaki g\u00fcvenik teknolojileri i\u00e7in olu\u015fturulan g\u00fcncel atak veri seti, g\u00fcvenlik ara\u015ft\u0131rmac\u0131lar\u0131 i\u00e7in yetkinlik ve deneyimler i\u00e7in de ge\u00e7erlidir.<\/p>\n


<\/p>\n

Synack crowdsourced pentest (s\u0131zma testi) farkl\u0131l\u0131\u011f\u0131 burada ortaya \u00e7\u0131kmaktad\u0131r. \u00c7\u00fcnk\u00fc \u00e7ok \u00e7e\u015fitli yetkinliklere ve ge\u00e7mi\u015fe sahip konusundaki en iyi ara\u015ft\u0131rmac\u0131lar s\u00fcrece dahil edilmektedir. Klasik bir s\u0131zma testinde ortalama harcanan zaman ortalama 150\u2013200 saat aras\u0131nda iken\u00a0Synack SRT<\/a>\u2019de bu say\u0131 ortalama 350\u2013450 saat aras\u0131ndad\u0131r. Bu durum \u00e7ok say\u0131da ara\u015ft\u0131rmac\u0131n\u0131n yetkinliklerini detayl\u0131 olarak \u00e7al\u0131\u015ft\u0131rarak kapsam dahilindeki t\u00fcm varl\u0131klar\u0131n olabilecek en kapsaml\u0131 \u015fekilde testini m\u00fcmk\u00fcn k\u0131lmaktad\u0131r.<\/p>\n


<\/p>\n

T\u00fcm sonu\u00e7lar\u0131n g\u00fcvenilir, iyi m\u00fc\u015fteri deneyimi sunan bir platform \u00fczerinde toplanmas\u0131<\/strong><\/p>\n


<\/p>\n

Geleneksel s\u0131zma testleri bazen olduk\u00e7a kaotik ve sonu\u00e7lar\u0131n de\u011ferlendirilmesi noktas\u0131nda \u00e7\u0131kt\u0131lar\u0131 a\u00e7\u0131s\u0131ndan s\u0131k\u0131nt\u0131l\u0131 olabilmektedir. Synack olduk\u00e7a kapsaml\u0131 bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 y\u00f6netimi platformu sunarak, t\u00fcm s\u0131zma testi s\u00fcrecinin temelini olu\u015fturarak ve m\u00fc\u015fterilerin ilk raporlardan, detayl\u0131 analiz \u00e7\u0131kt\u0131lar\u0131na ve ard\u0131ndan g\u00fcvenlik iyile\u015ftirme \u00f6nerilerine kadar t\u00fcm g\u00fcvenlik a\u00e7\u0131\u011f\u0131 ya\u015fam d\u00f6ng\u00fcs\u00fcn\u00fc y\u00f6netmesine olanak sa\u011flamaktad\u0131r. Synack\u2019te m\u00fc\u015fteri portal\u0131, ke\u015fifedilen g\u00fcvenlik a\u00e7\u0131klar\u0131ndan ve yama do\u011frulamaya kadar t\u00fcm s\u00fcrecin i\u00e7erisine tamamen do\u011frulanabilir ve denetlenebilir \u015fekilde kullan\u0131m\u0131 ve kolay i\u015f ak\u0131\u015f\u0131 y\u00f6netim arabirimi ile g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 m\u00fc\u015fterinin ilk andan itibaren analiz edebilmesine olanak tan\u0131r. Bunun i\u00e7in son raporlamay\u0131 g\u00f6remeniz gerekmez.<\/p>\n


<\/p>\n

Bu s\u00fcre\u00e7lere ek olarak; Synack Triage ile, s\u0131zma testi kapsam\u0131nda payla\u015f\u0131lan g\u00fcvenlik a\u00e7\u0131\u011f\u0131 bulgular\u0131n\u0131n ge\u00e7erli, yeniden tekrarlanabilir, kaliteli ve aksiyon al\u0131nabilir \u00e7\u0131kt\u0131lardan olu\u015fmas\u0131n\u0131 sa\u011flamaktad\u0131r. Bu durum, kurumlar\u0131n s\u0131zma testi \u00e7\u0131kt\u0131lar\u0131ndan maksimum seviyede yararlanmalar\u0131n\u0131 ve uygun g\u00fcvenlik \u00f6nlemleri almaya odaklanmas\u0131na olanak tan\u0131yarak \u00f6nemli \u00f6l\u00e7\u00fcde zaman ve verimlilik tasarrufu sa\u011flamaktad\u0131r.<\/p>\n


<\/p>\n

Test ortam\u0131 ve de\u011fi\u015fkenleri kontrol alt\u0131nda tutabilmek<\/strong><\/p>\n


<\/p>\n

Baz\u0131 s\u0131zma testleri gereksiz seviyede ofansif ve ger\u00e7ek g\u00fcvenlik riskleri ile adreslenemeyecek seviyede olabilir. Bazen zay\u0131f g\u00fcvenlik \u00e7\u0131kt\u0131s\u0131 g\u00f6stermek i\u00e7in normal \u015fartlarda olu\u015fmas\u0131 m\u00fcmk\u00fcn olamayacak g\u00fcvenlik riskleri masaya yat\u0131r\u0131labilmektedir. Ofansif g\u00fcvenlikte ingilizcesi \u2018In the Wild\u2019 \u2018vah\u015fi hayat\u2019 olan yakla\u015f\u0131m, bulunan bulgular\u0131n tehdit akt\u00f6rleri taraf\u0131ndan yap\u0131labilir, ger\u00e7ek bir atak zincirinin bir par\u00e7as\u0131 olabilecek ve reel olarak kar\u015f\u0131la\u015fabilece\u011finiz bir ba\u011flamda sunulmas\u0131 gerekir. E\u011fer buna dikkat edilmez ise hi\u00e7 bir zaman size ula\u015fmayacak ve mant\u0131ksal olmayan teknik detaylarla u\u011fra\u015fman\u0131z anlam\u0131na gelir ve etkili bir s\u0131zma testi kapsam\u0131ndan sizleri uzakla\u015ft\u0131r\u0131r. \u00d6rnek olarak bir APT atak zincirinin bir b\u00f6l\u00fcm\u00fcn\u00fc alarak buradan zay\u0131fl\u0131k analizi \u00e7\u0131kt\u0131s\u0131 \u00fcretmek ya da buradan bir profillendirme yaparak g\u00fcvenlik a\u00e7\u0131\u011f\u0131 \u00e7\u0131kt\u0131s\u0131 \u00fcretmek gibi, APT atak zincirinin \u00f6nemsiz oldu\u011funu s\u00f6ylemeye \u00e7al\u0131\u015fm\u0131yoruz ancak normal \u015fartlarda bir APT ata\u011f\u0131 t\u00fcm zinciri tamamlayanana kadar genel olarak kendi nihai amac\u0131n\u0131 tamamlayamayacak ve atak zaten normal \u015fartlarda ba\u015far\u0131s\u0131z olacakt\u0131r, bunun bir b\u00f6l\u00fcm\u00fcn\u00fcn teknik baz\u0131nda ifade edilerek t\u00fcm atak zinciri ile ba\u011flam\u0131n\u0131n koptu\u011fu noktada \u00e7ok anlam\u0131 olmayacakt\u0131r.<\/p>\n


<\/p>\n

Buna ek olarak Synack deneyimi, bir s\u0131zma testi s\u00fcrecini olabildi\u011fince etkili, basit ve sorunsuz hale getirmek i\u00e7in tasarlanm\u0131\u015ft\u0131r. Kurumlar\u0131n g\u00fcnl\u00fck i\u015f operasyonlar\u0131 \u00fczerindeki her t\u00fcrl\u00fc etkiyi azaltmak i\u00e7in t\u00fcm s\u0131zma testi s\u00fcrecini kontroll\u00fc bir \u015fekilde y\u00fcr\u00fct\u00fcr. Synack SRT tak\u0131m\u0131, uygun izleme sa\u011flamak i\u00e7in bilinen bir kaynak IP\u2019den \u00e7al\u0131\u015f\u0131r. Kurumlar\u0131n test s\u0131ras\u0131nda t\u00fcm etkinli\u011fi ve trafi\u011fi izlemesi sa\u011flan\u0131r, buna ek olarak Synack AppLauncher platformu t\u00fcm aktiviteleri izlemenizi i\u00e7in detayl\u0131 audit ve DPI(Deep Packet Inspection) mekanizmas\u0131n\u0131 i\u00e7eren yap\u0131dad\u0131r. Geleneksel s\u0131zma testi ve di\u011fer \u00e7\u00f6z\u00fcmlerden ba\u011f\u0131ms\u0131z olarak, olduk\u00e7a kapsaml\u0131, g\u00fcvenli ve do\u011frulanabilir s\u0131zma testi deneyimi ya\u015fat\u0131r. Bu sayede s\u0131zma testi s\u0131ras\u0131nda t\u00fcm kontrol sizin elinizdedir.<\/p>\n


<\/p>\n

Testten \u00f6nce ve sonra g\u00fcvenlik ara\u015ft\u0131rmac\u0131lar\u0131 ileti\u015fim<\/strong><\/p>\n


<\/p>\n

\u0130deal bir s\u0131zma testi salt otomatize sald\u0131r\u0131 i\u00e7eriklerinden olu\u015fmaz, bir sald\u0131r\u0131n\u0131n salt atak de\u011fi\u015fkenlerinden olu\u015fmad\u0131\u011f\u0131 gibi (Pre Attack Phases). Kurumlar s\u0131zma testi s\u0131ras\u0131nda kapsamdaki olabilecek de\u011fi\u015fikliler, g\u00fcvenlik altyap\u0131s\u0131 taraf\u0131ndaki de\u011fi\u015fikler hakk\u0131nda SRT tak\u0131m\u0131 ile s\u00fcrekli ileti\u015fim halindedir. Bu odaklanma g\u00fcvenlik ara\u015ft\u0131rmac\u0131lar\u0131n sadece gerekli olan kapsam alanlar\u0131na y\u00f6nelerek s\u0131zma testinin etkili ama h\u0131zl\u0131 \u015fekilde amac\u0131na ula\u015fmas\u0131n\u0131 sa\u011flayacakt\u0131r.<\/p>\n


<\/p>\n

Kapsam de\u011fi\u015fiklikleri, kritik \u00f6nemdeki bir ileti\u015fim alan\u0131d\u0131r. \u00d6rnek olarak pentest s\u00fcresince ayn\u0131 temel g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan kaynaklanan bulgular, e\u011fer \u00e7\u0131kt\u0131 yeterli ise, kapsamadan ge\u00e7ici olarak \u00e7\u0131kart\u0131labilir bu sayede ara\u015ft\u0131rmac\u0131lar\u0131n oda\u011f\u0131n\u0131 di\u011fer kritik alanlara kayd\u0131rarak daha iyi ve etkili kapsama alan\u0131 \u00e7\u0131kartmaktad\u0131r.<\/p>\n


<\/p>\n

Ak\u0131ll\u0131 otomasyonlarla manuel testing etkinli\u011fini artt\u0131r\u0131lmas\u0131<\/strong><\/p>\n


<\/p>\n

Bir s\u0131zma testi, iyi bir de\u011fer yaratmak i\u00e7in insan yarat\u0131c\u0131l\u0131\u011f\u0131ndan maksimum oranda yararlan\u0131r. Ancak otomatik ara\u00e7larda insan eforunun efektif kullanmaya yard\u0131mc\u0131 olmak i\u00e7in \u00f6nemli bir \u00f6neme sahiptir. Makine \u00d6\u011frenme tabanl\u0131 g\u00fcvenlik taramalar\u0131 ya da g\u00fcncel bir imza setine sahip g\u00fcvenlik taramalar\u0131 bir seviyeye kadar s\u0131zma testlerinde g\u00fcvenlik ara\u015ft\u0131rmac\u0131lar\u0131na yard\u0131mc\u0131 olmak i\u00e7in s\u0131kl\u0131kla kullan\u0131lmaktad\u0131r. Bununla birlikte, g\u00fcvenlik tak\u0131mlar\u0131 a\u011flarda b\u00fcy\u00fck sald\u0131r\u0131 y\u00fczeyini h\u0131zl\u0131 \u015fekilde analiz etmek i\u00e7in \u00e7e\u015fitli teknolojileri bir arada kullanmaktad\u0131r. Bir s\u0131zma testini etkili k\u0131lan \u015fey her g\u00fcvenlik a\u00e7\u0131\u011f\u0131 \u00fczerine g\u00fcvenlik ara\u015ft\u0131rmas\u0131 yapmak yerine, \u2018exploitable\u2019 dedi\u011fimiz tehdit akt\u00f6rleri taraf\u0131ndan zararl\u0131 kod geli\u015ftirilen ve yeni geli\u015fen tehditler kapsam\u0131nda olan (Emerging Threats) tehditleri \u00f6nceliklendirmesi ve bulunan zay\u0131fl\u0131klar\u0131n g\u00fcvenlik iyile\u015ftirme s\u00fcre\u00e7lerini h\u0131zland\u0131rarak g\u00fcvenlik tak\u0131mlar\u0131n\u0131 h\u0131zland\u0131rmas\u0131 \u00f6nemlidir. Di\u011fer bulunan a\u00e7\u0131kl\u0131klar da kritik olabilir, ancak bu noktada iyi bir \u00f6nceliklendirme \u00f6nemli olmaktad\u0131r.<\/p>\n


<\/p>\n

Synack Smart Scan mimarisi ile bir\u00e7ok g\u00fcvenlik tarama \u00fcr\u00fcnlerinden ayr\u0131larak makina \u00f6\u011frenme tabanl\u0131 olarak testlerin olduk\u00e7a basit ve etkili \u015fekilde ger\u00e7ekle\u015ftirerek kurumlar\u0131n kaliteli Triage ve Synack SRT g\u00fcvenlik ara\u015ft\u0131rma ekibini y\u00fcksek seviyede \u00e7\u0131kt\u0131 sa\u011flayarak s\u0131zma testlerinin en optimum \u015fekilde yap\u0131land\u0131r\u0131lmas\u0131n\u0131 sa\u011flamaktad\u0131r.<\/p>\n


<\/p>\n

\u0130stenmeyen sonu\u00e7lar\u0131n olas\u0131l\u0131\u011f\u0131n\u0131 kabul etmek<\/strong><\/p>\n


<\/p>\n

Her s\u0131zma testinde g\u00fcvenlik ara\u015ft\u0131rmac\u0131lar\u0131 istenmeyen etkilerden her zaman ka\u00e7\u0131nmaya \u00e7al\u0131\u015f\u0131r ya da \u00e7al\u0131\u015fmal\u0131d\u0131r, \u00e7\u00fcnk\u00fc \u00f6nemli olan s\u0131zma testinin belirlenen kapsam i\u00e7erisindeki etkinli\u011fidir. Bir\u00e7ok sorundan do\u011fru ve net bir kapsam tan\u0131mlanarak bir\u00e7ok risk elimine edilebilir. Bu nedenle do\u011fru kapsam ve deneyimli-kaliteli g\u00fcvenlik ara\u015ft\u0131rma ekibi ile \u00e7al\u0131\u015fman\u0131z olduk\u00e7a kritik olmaktad\u0131r.<\/p>\n


<\/p>\n

Her zaman kazan\u0131mlar\u0131n\u0131z\u0131 \u00f6d\u00fcllendirin ve hatalardan ders \u00e7\u0131kar\u0131n<\/strong><\/p>\n


<\/p>\n

S\u0131zma testi \u00e7al\u0131\u015fmalar\u0131nda kurumlar\u0131n do\u011frulanm\u0131\u015f bulgulara g\u00f6re hareket etmek ve bunlar\u0131 \u00f6nceliklendirebilmek \u00e7ok \u00f6nemlidir. Hi\u00e7bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 ayn\u0131 oranda kritik olmad\u0131\u011f\u0131 gibi etkileri de farkl\u0131 olabilmektedir. Bununla beraber bir ata\u011f\u0131n zorluk seviyesi ve bunun kar\u015f\u0131s\u0131ndaki savunma post\u00fcr\u00fcn\u00fcz durumu ve bunu \u00f6l\u00e7ebilmek g\u00fcvenlik yat\u0131r\u0131mlar\u0131n\u0131z ve efektifli\u011fi konusunda olduk\u00e7a detayl\u0131 fikirler verecektir. Synack bu noktada s\u0131zma testlerinde\u00a0ARS<\/a>\u00a0(Attack Resistance Score-Sald\u0131r\u0131 Direnc Puan\u0131) sa\u011flayarak siber dayan\u0131kl\u0131l\u0131k durumunuzu \u00f6l\u00e7menize ve de\u011ferlendirmenize yard\u0131mc\u0131 olmaktad\u0131r.<\/p>\n


<\/p>\n

Di\u011fer yandan g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 sadece ke\u015ffetmek, bir kurumun risk durumunu iyile\u015ftirmez. G\u00fcvenlik a\u00e7\u0131klar\u0131 en k\u0131sa s\u00fcrede iyile\u015ftirilmeli ve d\u00fczeltilmelidir. Bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n ba\u011fl\u0131 risklerini di\u011fer bir anlamda bir atak zinciri i\u00e7erisinde nas\u0131l kullan\u0131ld\u0131\u011f\u0131n\u0131 anlamak ve di\u011fer risklerle ili\u015fkilendirebilmek de bir o kadar k\u0131ymeli olacakt\u0131r. Terminolojide \u2018InterConnected Risks\u2019 olarak adland\u0131r\u0131lan \u00e7\u0131kt\u0131n\u0131n analizi kritik \u00f6nemdedir.<\/p>\n


<\/p>\n

Synack\u2019in portal \u00fczerinden ARS-Sald\u0131r\u0131 Diren\u00e7 Puan\u0131 gibi bir risk \u00f6l\u00e7\u00fct\u00fc kullanarak s\u0131zma testi performans\u0131n\u0131z\u0131 ger\u00e7ek metriklerle ifade edebiliyor olaman\u0131z g\u00fcvenlik \u00f6l\u00e7\u00fcm ve de\u011ferlendirmeleri i\u00e7in \u00f6nemlidir. Di\u011fer taraftan geleneksel \u00e7\u00f6z\u00fcmlerden farkl\u0131 olarak uzun vadeli s\u0131zma test \u00e7al\u0131\u015fmalar\u0131nda kurumlar test tamamlanana kadar beklemek zorunda kalmamal\u0131d\u0131r, bazen \u00e7ok kritik bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n aksiyonunu dakikalar\/saatler i\u00e7erisinde almak sizi b\u00fcy\u00fck bir g\u00fcvenlik vakas\u0131ndan kurtarabilmektedir. Bu nedenle s\u0131zma testi s\u00fcresince g\u00fcvenlik ara\u015ft\u0131rmas\u0131c\u0131 onayl\u0131 g\u00fcvenlik a\u00e7\u0131klar\u0131na Synack Portal \u00fczerinden s\u0131zma testi s\u00fcresince eri\u015febilir ve test s\u00fcresince g\u00fcvenlik iyile\u015ftirmelerinizi anl\u0131k ger\u00e7ekle\u015ftirebilirsiniz.<\/p>\n


<\/p>\n

Bir s\u0131zma testinin regulasyonlara ve kurum i\u00e7in g\u00fcvenlik prosed\u00fcrlerine uygun olarak yap\u0131lmas\u0131 \u00f6nemlidir. Bu kriterlere uygun olarak \u00e7al\u0131\u015fmalar\u0131n yap\u0131lmas\u0131 s\u0131zma testinin \u00f6nemli ba\u015far\u0131mlar\u0131ndan birisi olmal\u0131d\u0131r. Synack, kurumlar\u0131n OWASP, PCI DSS 11.3 ve NIST SP 800\u201353 kitapc\u0131klar\u0131 dahil olmak \u00fczere uyumlulu\u011fu kontrol etmeyi i\u00e7eren s\u0131zma testlerini ger\u00e7ekle\u015ftirebilmektedir.<\/p>\n


<\/p>\n

S\u00fcreklilik<\/strong><\/p>\n


<\/p>\n

Formula 1 analojisinde oldu\u011fu gibi bir yar\u0131\u015f bitti\u011finde i\u015f bitmi\u015f say\u0131lmaz. Siber g\u00fcvenlik s\u00fcre\u00e7leri de i\u015f s\u00fcre\u00e7leri gibi sonsuz ve de\u011fi\u015fken d\u00f6ng\u00fcye sahiptir. Her zaman ko\u015facak daha fazla yar\u0131\u015f ve bir ad\u0131m \u00f6nde olmak i\u00e7in yap\u0131lacak daha fazla i\u015f ve iyile\u015ftirme vard\u0131r. Bu durum s\u0131zma testleri i\u00e7in de ge\u00e7erlidir.<\/p>\n


<\/p>\n

Geleneksel s\u0131zma testi 100% insan eforuna dayand\u0131\u011f\u0131 i\u00e7in tekrarlanabilirli\u011fi zay\u0131f ve s\u00fcreklili\u011fi azd\u0131r. Bu nedenle etkisi belirli bir zaman aral\u0131\u011f\u0131nda de\u011fer ta\u015f\u0131r. Siber g\u00fcvenlik d\u00fcnyas\u0131nda ise devaml\u0131 her g\u00fcn, her saat diliminde yani tehditleri ve varyasyonlar\u0131n\u0131 h\u0131zl\u0131ca de\u011ferlendirmemiz gereken bir yap\u0131n\u0131n i\u00e7erisinde ya\u015f\u0131yoruz.<\/p>\n


<\/p>\n

Siber g\u00fcvenliklerinde bir ad\u0131m \u00f6nde olmak her zamankinden daha k\u0131ymetlidir, bu nedenle s\u00fcrekli s\u0131zma testi uygulamas\u0131 bunun en kritik bile\u015fenini olu\u015fturmaktad\u0131r. Bir kurum a\u011f\u0131 ancak en zay\u0131f halkas\u0131 kadar g\u00fc\u00e7l\u00fcd\u00fcr, ortalama bir enterprise \u00f6l\u00e7ekte bir kurum 40\u201360 aras\u0131nda g\u00fcvenlik teknolojisi bir arada kullanmakta bununla baraber bir \u00e7ok \u00f6n g\u00f6r\u00fclemeyen karma\u015f\u0131kl\u0131\u011f\u0131 g\u00fcvenlik operasyonlar\u0131 i\u00e7erisinde beraberinde getirmektedir (Complexity), bu nedenle sald\u0131r\u0131lara zaman\u0131nda cevap verebilmek sald\u0131r\u0131lar kadar h\u0131zl\u0131 olamamaktad\u0131r. Synack 365 ile s\u0131zma testlerinizi 7\/24\/365 olarak s\u00fcreklili\u011fi sa\u011flayabilir, Synack SRT tak\u0131m\u0131n\u0131n s\u00fcrekli olarak \u00e7\u0131kt\u0131 \u00fcretmesini sa\u011flayabilirsiniz.<\/p>\n


<\/p>\n

Peki Defense in Depth-Defans Derinli\u011fi?<\/strong><\/p>\n


<\/p>\n

Siber g\u00fcvenlikte eski y\u0131llardaki katmanl\u0131 g\u00fcvenlik yakla\u015f\u0131m\u0131n\u0131n (Defense in Depth) art\u0131k san\u0131ld\u0131\u011f\u0131 kadar \u00e7ok efektif olmad\u0131\u011f\u0131n\u0131 g\u00f6rmekteyiz. \u00d6nemli olan minimum kaynak kullan\u0131m\u0131 ile maksimum verimlili\u011fi yakalamak olmal\u0131 ki, g\u00fcvenlik efektifli\u011fi konusundaki istatistikler \u00e7ok i\u00e7 a\u00e7\u0131c\u0131 de\u011fildir. Bu nedenle anlaml\u0131 bir risk optimizasyonu yapmak, yat\u0131r\u0131mlar\u0131 \u00f6l\u00e7ebilmek ve bundan daha de\u011ferlisi t\u00fcm sald\u0131r\u0131 y\u00fczeylerine kar\u015f\u0131 ayakta kalabilmek s\u00fcrekli bir s\u0131zma testi yap\u0131s\u0131n\u0131 beraberinde getirmekte ve mevcut yat\u0131r\u0131mlar\u0131n daha ak\u0131ll\u0131ca yap\u0131l\u0131p verimlili\u011finin en \u00fcst seviyede kullan\u0131lmas\u0131 m\u00fcmk\u00fcn olabilmektedir.<\/p>\n


<\/p>\n

G\u00fcvenlik ba\u015far\u0131s\u0131, g\u00fcvenlik a\u00e7\u0131\u011f\u0131 riskinde genel bir azalma gibi genelde g\u00f6z\u00fcksede, asl\u0131nda \u00e7ok basit g\u00fcvenlik a\u00e7\u0131klar\u0131 ile t\u00fcm yat\u0131r\u0131mlar\u0131n\u0131z\u0131 i\u015flevsiz k\u0131lmak bir o kadar m\u00fcmk\u00fcn. T\u00fcm g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 ortadan kald\u0131rmak imkans\u0131z olsa da, s\u00fcreklilik ve bu konudaki iyile\u015ftirme g\u00fcvenlik operasyonlar\u0131n\u0131z\u0131 daha \u00f6l\u00e7\u00fclebilir ve diren\u00e7li yapacak, potansiyel bir sald\u0131r\u0131 durumunda g\u00fcvenlik duru\u015funuzu ve sald\u0131r\u0131lara cevap verme performans\u0131n\u0131z\u0131 \u00f6nemli \u00f6l\u00e7\u00fcde artt\u0131racakt\u0131r.<\/p>\n


<\/p>\n

Di\u011fer \u00e7\u00f6z\u00fcmlerle kar\u015f\u0131la\u015ft\u0131rma<\/strong><\/p>\n


<\/p>\n

(Crowdsourced) tabanl\u0131 s\u00fcrekli s\u0131zma testi altyap\u0131s\u0131 insan eforu ile teknoloji birle\u015fiminden olu\u015fan Synack\u2019in liderlik etti\u011fi yeni bir olu\u015fum olup, geleneksel s\u0131zma testi, bug-bounty ve g\u00fcvenlik ara\u015ft\u0131rmas\u0131 \u00e7al\u0131\u015fmalar\u0131n\u0131n en iyi formunu olu\u015fturmaktad\u0131r. Otomatize atak simulasyon\/emulasyon altyap\u0131s\u0131 sunmaya \u00e7al\u0131\u015fan BAS(Breach and Attack Simulation) ya da otomatik s\u0131zma testi ara\u00e7lar\u0131 ile kar\u0131\u015f\u0131t\u0131r\u0131lmamal\u0131d\u0131r. Bu alanlar bir s\u0131zma testinden daha \u00e7ok emerging ataklar\u0131n bir \u00f6rnek payload\u2019u olu\u015fturan, daha s\u0131n\u0131rl\u0131, atak karakterisli\u011fi a\u00e7\u0131s\u0131ndan \u00f6rneklemeye dayal\u0131, tekil vekt\u00f6r bazl\u0131 olarak yap\u0131land\u0131r\u0131lan \u00f6rneklemelerden olu\u015fmakta ve \u00e7\u0131kt\u0131s\u0131 s\u0131n\u0131rl\u0131 olmaktad\u0131r.<\/p>\n


<\/p>\n

Di\u011fer bir unsur ise bu \u00e7e\u015fit simulasyon ve pentest otomasyon ara\u00e7lar\u0131n\u0131n \u00e7\u0131kt\u0131lar\u0131 genellikle veri tabanlar\u0131nda b\u00fcy\u00fck k\u0131sm\u0131 hali hali haz\u0131rda \u00fcretilmi\u015f CVE tabanl\u0131 senaryolarla yap\u0131land\u0131r\u0131lan tekil(Atomik) ya da Malware-Zararl\u0131 Kod senaryolar\u0131ndan olu\u015fmaktad\u0131r. Bu nedenle ger\u00e7ek bir g\u00fcvenlik ara\u015ft\u0131rmas\u0131 \u00e7\u0131kt\u0131s\u0131ndan herzaman yoksun olacakt\u0131r. Bunun yan\u0131nda, Synack\u2019de durum \u00e7ok ger\u00e7ektir; SRT tak\u0131m\u0131 ile bulgular\u0131n %40\u2019lik dilimi non-CVE g\u00fcvenlik bulgular\u0131ndan olu\u015farak bug-bounty tad\u0131nda kurumlara \u00f6zel g\u00fcvenlik \u00e7\u0131kt\u0131s\u0131 \u00fcretebilmektedir ve bu nedenle geleneksel s\u0131zma testi ve otomatize ara\u00e7lardan pozitif olarak ayr\u0131lmaktad\u0131r.<\/p>\n


<\/p>\n

Bir ba\u015fka yaz\u0131da yeniden g\u00f6r\u00fc\u015febilmek dile\u011fi ile\u2026<\/p>","protected":false},"excerpt":{"rendered":"

\u00c7ok fazla g\u00fcvenlik \u00e7\u0131kt\u0131s\u0131 konu\u015ftu\u011fumuz bu g\u00fcnlerde blog yazm\u0131z\u0131 iyi bir s\u0131zma testi planlamas\u0131 ve g\u00fcvenlik haz\u0131rl\u0131\u011f\u0131 noktas\u0131na \u00e7ekmek istiyoruz. En iyi haz\u0131rl\u0131k nas\u0131l yap\u0131lmal\u0131d\u0131r? parametreleri nelerdir? Bir\u00e7ok g\u00fcvenlik sorunu ve beraberindeki teknolojik y\u00fck\u00fc ve riskleri konu\u015ftu\u011fumuz noktada \u00e7ok say\u0131da belirsizliklerle ya\u015fayarak kurumsal a\u011flar\u0131 ayakta…<\/p>","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[257],"tags":[],"class_list":["post-7940","post","type-post","status-publish","format-standard","hentry","category-blog"],"acf":[],"yoast_head":"\nFormula-1 analojisi ile bir s\u0131zma testinden en iyi \u015fekilde yararlanmak - Inforte Bili\u015fim A.\u015e.<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inforte.com\/en\/formula-1-analojisi-ile-bir-sizma-testinden-en-iyi-sekilde-yararlanmak\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Formula-1 analojisi ile bir s\u0131zma testinden en iyi \u015fekilde yararlanmak - Inforte Bili\u015fim A.\u015e.\" \/>\n<meta property=\"og:description\" content=\"\u00c7ok fazla g\u00fcvenlik \u00e7\u0131kt\u0131s\u0131 konu\u015ftu\u011fumuz bu g\u00fcnlerde blog yazm\u0131z\u0131 iyi bir s\u0131zma testi planlamas\u0131 ve g\u00fcvenlik haz\u0131rl\u0131\u011f\u0131 noktas\u0131na \u00e7ekmek istiyoruz. En iyi haz\u0131rl\u0131k nas\u0131l yap\u0131lmal\u0131d\u0131r? parametreleri nelerdir? Bir\u00e7ok g\u00fcvenlik sorunu ve beraberindeki teknolojik y\u00fck\u00fc ve riskleri konu\u015ftu\u011fumuz noktada \u00e7ok say\u0131da belirsizliklerle ya\u015fayarak kurumsal a\u011flar\u0131 ayakta...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inforte.com\/en\/formula-1-analojisi-ile-bir-sizma-testinden-en-iyi-sekilde-yararlanmak\/\" \/>\n<meta property=\"og:site_name\" content=\"Inforte Bili\u015fim A.\u015e.\" \/>\n<meta property=\"article:published_time\" content=\"2021-03-26T12:23:36+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-03-26T12:26:33+00:00\" \/>\n<meta name=\"author\" content=\"Inforte\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Inforte\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"15 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.inforte.com\/formula-1-analojisi-ile-bir-sizma-testinden-en-iyi-sekilde-yararlanmak\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.inforte.com\/formula-1-analojisi-ile-bir-sizma-testinden-en-iyi-sekilde-yararlanmak\/\"},\"author\":{\"name\":\"Inforte\",\"@id\":\"https:\/\/www.inforte.com\/#\/schema\/person\/b0b38e387df23b9b7aa2d8448cebbeb6\"},\"headline\":\"Formula-1 analojisi ile bir s\u0131zma testinden en iyi \u015fekilde yararlanmak\",\"datePublished\":\"2021-03-26T12:23:36+00:00\",\"dateModified\":\"2021-03-26T12:26:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.inforte.com\/formula-1-analojisi-ile-bir-sizma-testinden-en-iyi-sekilde-yararlanmak\/\"},\"wordCount\":3054,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.inforte.com\/#organization\"},\"articleSection\":[\"Inforte Blog\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.inforte.com\/formula-1-analojisi-ile-bir-sizma-testinden-en-iyi-sekilde-yararlanmak\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.inforte.com\/formula-1-analojisi-ile-bir-sizma-testinden-en-iyi-sekilde-yararlanmak\/\",\"url\":\"https:\/\/www.inforte.com\/formula-1-analojisi-ile-bir-sizma-testinden-en-iyi-sekilde-yararlanmak\/\",\"name\":\"Formula-1 analojisi ile bir s\u0131zma testinden en iyi \u015fekilde yararlanmak - Inforte Bili\u015fim A.\u015e.\",\"isPartOf\":{\"@id\":\"https:\/\/www.inforte.com\/#website\"},\"datePublished\":\"2021-03-26T12:23:36+00:00\",\"dateModified\":\"2021-03-26T12:26:33+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.inforte.com\/formula-1-analojisi-ile-bir-sizma-testinden-en-iyi-sekilde-yararlanmak\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.inforte.com\/formula-1-analojisi-ile-bir-sizma-testinden-en-iyi-sekilde-yararlanmak\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.inforte.com\/formula-1-analojisi-ile-bir-sizma-testinden-en-iyi-sekilde-yararlanmak\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Ana sayfa\",\"item\":\"https:\/\/www.inforte.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Formula-1 analojisi ile bir s\u0131zma testinden en iyi \u015fekilde yararlanmak\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.inforte.com\/#website\",\"url\":\"https:\/\/www.inforte.com\/\",\"name\":\"Inforte Bili\u015fim A.\u015e.\",\"description\":\"arbor, DDOS, spectrum, visibility, availability, forescout, nac, orchestration, network control, iot security, netscout, performans monitor, packet broker, tap, services assurance, centrify, privilage, access management, password vault, idendity access management, session recording\",\"publisher\":{\"@id\":\"https:\/\/www.inforte.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.inforte.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.inforte.com\/#organization\",\"name\":\"Inforte Bili\u015fim A.\u015e.\",\"url\":\"https:\/\/www.inforte.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.inforte.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.inforte.com\/wp-content\/uploads\/2018\/06\/logo.png\",\"contentUrl\":\"https:\/\/www.inforte.com\/wp-content\/uploads\/2018\/06\/logo.png\",\"width\":286,\"height\":180,\"caption\":\"Inforte Bili\u015fim A.\u015e.\"},\"image\":{\"@id\":\"https:\/\/www.inforte.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.inforte.com\/#\/schema\/person\/b0b38e387df23b9b7aa2d8448cebbeb6\",\"name\":\"Inforte\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.inforte.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/28531e22b7b30f1c736d4741e45027bf?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/28531e22b7b30f1c736d4741e45027bf?s=96&d=mm&r=g\",\"caption\":\"Inforte\"},\"url\":\"https:\/\/www.inforte.com\/en\/author\/content\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Formula-1 analojisi ile bir s\u0131zma testinden en iyi \u015fekilde yararlanmak - Inforte Bili\u015fim A.\u015e.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inforte.com\/en\/formula-1-analojisi-ile-bir-sizma-testinden-en-iyi-sekilde-yararlanmak\/","og_locale":"en_GB","og_type":"article","og_title":"Formula-1 analojisi ile bir s\u0131zma testinden en iyi \u015fekilde yararlanmak - Inforte Bili\u015fim A.\u015e.","og_description":"\u00c7ok fazla g\u00fcvenlik \u00e7\u0131kt\u0131s\u0131 konu\u015ftu\u011fumuz bu g\u00fcnlerde blog yazm\u0131z\u0131 iyi bir s\u0131zma testi planlamas\u0131 ve g\u00fcvenlik haz\u0131rl\u0131\u011f\u0131 noktas\u0131na \u00e7ekmek istiyoruz. En iyi haz\u0131rl\u0131k nas\u0131l yap\u0131lmal\u0131d\u0131r? parametreleri nelerdir? Bir\u00e7ok g\u00fcvenlik sorunu ve beraberindeki teknolojik y\u00fck\u00fc ve riskleri konu\u015ftu\u011fumuz noktada \u00e7ok say\u0131da belirsizliklerle ya\u015fayarak kurumsal a\u011flar\u0131 ayakta...","og_url":"https:\/\/www.inforte.com\/en\/formula-1-analojisi-ile-bir-sizma-testinden-en-iyi-sekilde-yararlanmak\/","og_site_name":"Inforte Bili\u015fim A.\u015e.","article_published_time":"2021-03-26T12:23:36+00:00","article_modified_time":"2021-03-26T12:26:33+00:00","author":"Inforte","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Inforte","Estimated reading time":"15 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.inforte.com\/formula-1-analojisi-ile-bir-sizma-testinden-en-iyi-sekilde-yararlanmak\/#article","isPartOf":{"@id":"https:\/\/www.inforte.com\/formula-1-analojisi-ile-bir-sizma-testinden-en-iyi-sekilde-yararlanmak\/"},"author":{"name":"Inforte","@id":"https:\/\/www.inforte.com\/#\/schema\/person\/b0b38e387df23b9b7aa2d8448cebbeb6"},"headline":"Formula-1 analojisi ile bir s\u0131zma testinden en iyi \u015fekilde yararlanmak","datePublished":"2021-03-26T12:23:36+00:00","dateModified":"2021-03-26T12:26:33+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inforte.com\/formula-1-analojisi-ile-bir-sizma-testinden-en-iyi-sekilde-yararlanmak\/"},"wordCount":3054,"commentCount":0,"publisher":{"@id":"https:\/\/www.inforte.com\/#organization"},"articleSection":["Inforte Blog"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.inforte.com\/formula-1-analojisi-ile-bir-sizma-testinden-en-iyi-sekilde-yararlanmak\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.inforte.com\/formula-1-analojisi-ile-bir-sizma-testinden-en-iyi-sekilde-yararlanmak\/","url":"https:\/\/www.inforte.com\/formula-1-analojisi-ile-bir-sizma-testinden-en-iyi-sekilde-yararlanmak\/","name":"Formula-1 analojisi ile bir s\u0131zma testinden en iyi \u015fekilde yararlanmak - Inforte Bili\u015fim A.\u015e.","isPartOf":{"@id":"https:\/\/www.inforte.com\/#website"},"datePublished":"2021-03-26T12:23:36+00:00","dateModified":"2021-03-26T12:26:33+00:00","breadcrumb":{"@id":"https:\/\/www.inforte.com\/formula-1-analojisi-ile-bir-sizma-testinden-en-iyi-sekilde-yararlanmak\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inforte.com\/formula-1-analojisi-ile-bir-sizma-testinden-en-iyi-sekilde-yararlanmak\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.inforte.com\/formula-1-analojisi-ile-bir-sizma-testinden-en-iyi-sekilde-yararlanmak\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Ana sayfa","item":"https:\/\/www.inforte.com\/"},{"@type":"ListItem","position":2,"name":"Formula-1 analojisi ile bir s\u0131zma testinden en iyi \u015fekilde yararlanmak"}]},{"@type":"WebSite","@id":"https:\/\/www.inforte.com\/#website","url":"https:\/\/www.inforte.com\/","name":"Inforte Bili\u015fim A.\u015e.","description":"arbor, DDOS, spectrum, visibility, availability, forescout, nac, orchestration, network control, iot security, netscout, performans monitor, packet broker, tap, services assurance, centrify, privilage, access management, password vault, idendity access management, session recording","publisher":{"@id":"https:\/\/www.inforte.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inforte.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/www.inforte.com\/#organization","name":"Inforte Bili\u015fim A.\u015e.","url":"https:\/\/www.inforte.com\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.inforte.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.inforte.com\/wp-content\/uploads\/2018\/06\/logo.png","contentUrl":"https:\/\/www.inforte.com\/wp-content\/uploads\/2018\/06\/logo.png","width":286,"height":180,"caption":"Inforte Bili\u015fim A.\u015e."},"image":{"@id":"https:\/\/www.inforte.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.inforte.com\/#\/schema\/person\/b0b38e387df23b9b7aa2d8448cebbeb6","name":"Inforte","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.inforte.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/28531e22b7b30f1c736d4741e45027bf?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/28531e22b7b30f1c736d4741e45027bf?s=96&d=mm&r=g","caption":"Inforte"},"url":"https:\/\/www.inforte.com\/en\/author\/content\/"}]}},"_links":{"self":[{"href":"https:\/\/www.inforte.com\/en\/wp-json\/wp\/v2\/posts\/7940"}],"collection":[{"href":"https:\/\/www.inforte.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inforte.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inforte.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inforte.com\/en\/wp-json\/wp\/v2\/comments?post=7940"}],"version-history":[{"count":4,"href":"https:\/\/www.inforte.com\/en\/wp-json\/wp\/v2\/posts\/7940\/revisions"}],"predecessor-version":[{"id":7944,"href":"https:\/\/www.inforte.com\/en\/wp-json\/wp\/v2\/posts\/7940\/revisions\/7944"}],"wp:attachment":[{"href":"https:\/\/www.inforte.com\/en\/wp-json\/wp\/v2\/media?parent=7940"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inforte.com\/en\/wp-json\/wp\/v2\/categories?post=7940"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inforte.com\/en\/wp-json\/wp\/v2\/tags?post=7940"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}