CN110059007B - System vulnerability scanning method and device, computer equipment and storage medium - Google Patents
System vulnerability scanning method and device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN110059007B CN110059007B CN201910268029.0A CN201910268029A CN110059007B CN 110059007 B CN110059007 B CN 110059007B CN 201910268029 A CN201910268029 A CN 201910268029A CN 110059007 B CN110059007 B CN 110059007B
- Authority
- CN
- China
- Prior art keywords
- scanning
- vulnerability
- information
- rule
- bug
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 41
- 238000012360 testing method Methods 0.000 claims abstract description 25
- 238000012795 verification Methods 0.000 claims abstract description 16
- 230000006870 function Effects 0.000 claims description 16
- 238000004590 computer program Methods 0.000 claims description 8
- 238000012544 monitoring process Methods 0.000 claims description 4
- 230000004044 response Effects 0.000 claims description 3
- 238000001514 detection method Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000002347 injection Methods 0.000 description 2
- 239000007924 injection Substances 0.000 description 2
- 238000007689 inspection Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 238000005065 mining Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000011084 recovery Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004883 computer application Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000007935 neutral effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 239000000523 sample Substances 0.000 description 1
- 239000000243 solution Substances 0.000 description 1
- 230000007474 system interaction Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3688—Test management for test execution, e.g. scheduling of test suites
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3692—Test management for test results analysis
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention provides a system vulnerability scanning method, a device, computer equipment and a computer storage medium, wherein the method comprises the following steps: responding to a system bug issuing instruction, acquiring a newly added bug associated with a tested system in the system bug issuing instruction, and generating a temporary scanning rule according to the description information of the newly added bug; the temporary scanning rule is used for scanning the newly added bugs; collecting operating parameters in the tested system, and forming a routine scanning rule according to the operating parameters; wherein the routine scanning rules are used to scan for routine vulnerabilities associated with the system under test; scanning the newly added bugs according to the temporary scanning rule, and scanning the conventional bugs according to the routine scanning rule; and verifying all scanned vulnerabilities and outputting a verification report.
Description
Technical Field
The present invention relates to the field of security detection technologies, and in particular, to a method and an apparatus for scanning system vulnerabilities, a computer device, and a storage medium.
Background
The vulnerability scanner is a hardware device for vulnerability scanning of enterprise networks. The existing network vulnerability scanners all adopt a rule-based matching technology, namely, a set of standard system vulnerability database is formed according to the analysis of security experts on network system security vulnerabilities and hacker attack cases and the actual experience of system administrators on network system security configuration, then corresponding matching rules are formed on the basis, and the analysis work of system vulnerability scanning is automatically carried out by a program. The scanning result of the vulnerability scanner depends heavily on the richness degree of the system vulnerability database, and vulnerabilities which are not stored in the system vulnerability database can not be detected theoretically.
The vulnerability publishing mechanism is generated together with the security vulnerability, and a plurality of organizations and organizations at home and abroad are specially engaged in the vulnerability publishing aspect and are responsible for publishing newly discovered vulnerability information at first time. In practical application, there is often a time delay from the release of the latest vulnerability information to the addition of the scanning rule of the latest vulnerability into the vulnerability scanner. How to ensure that the newly discovered vulnerability can be scanned within the delay time becomes a technical problem to be urgently solved by the technical personnel in the field.
Disclosure of Invention
The invention aims to provide a timely and complete system vulnerability scanning method, a device, computer equipment and a storage medium, which solve the problems in the prior art.
In order to achieve the above object, the present invention provides a system vulnerability scanning method, which includes the following steps:
responding to a system bug issuing instruction, acquiring a newly added bug associated with a tested system in the system bug issuing instruction, and generating a temporary scanning rule according to the description information of the newly added bug; the temporary scanning rule is used for scanning the newly added bugs;
collecting operating parameters in the tested system, and forming a routine scanning rule according to the operating parameters; wherein the routine scanning rules are used to scan for routine vulnerabilities associated with the system under test;
scanning the newly added bugs according to the temporary scanning rule, and scanning the conventional bugs according to the routine scanning rule;
and verifying all scanned vulnerabilities and outputting a verification report.
The method for scanning the system bug comprises the following steps of responding to a system bug issuing instruction, obtaining newly added bug information associated with a tested system in the system bug issuing instruction, and generating a temporary scanning rule according to the newly added bug information:
acquiring a newly added vulnerability list contained in the system vulnerability issuing instruction;
acquiring a target newly added bug corresponding to the tested system from the newly added bug list;
and generating a temporary scanning rule for scanning the target newly-added vulnerability.
The method for scanning the system vulnerability, provided by the invention, comprises the following steps of collecting the operating parameters in the tested system and forming a routine scanning rule according to the operating parameters:
scanning the tested system through a network scanning tool, and collecting one or more of system information, application information, service information, supplier information and personnel information associated with the tested system;
determining a target conventional vulnerability to be scanned according to one or more of the system information, the application information, the service information, the supplier information and the personnel information;
generating a routine scanning rule for scanning the target routine vulnerability.
According to the system bug scanning method provided by the invention, the newly increased bugs are scanned according to the temporary scanning rule, and the conventional bugs are scanned according to the routine scanning rule; then, the method further comprises the following steps:
and acquiring a key function of the tested system according to the application information of the tested system, and scanning the special vulnerability according to the key function.
According to the system vulnerability scanning method provided by the invention, the step of verifying all scanned vulnerabilities and outputting a verification report comprises the following steps:
verifying whether all scanned bugs exist or not in a repeated test or single-point test mode;
and outputting a verification report of whether all the scanned vulnerabilities really exist.
In order to achieve the above object, the present invention further provides a system vulnerability scanning apparatus, which includes:
the temporary rule generating module is used for responding to a system bug issuing instruction, acquiring a newly added bug related to a tested system in the system bug issuing instruction, and generating a temporary scanning rule according to the description information of the newly added bug; the temporary scanning rule is used for scanning the newly added bugs;
the routine rule generating module is suitable for collecting the operating parameters in the tested system and forming a routine scanning rule according to the operating parameters; wherein the routine scanning rules are used to scan for routine vulnerabilities associated with the system under test;
the scanning module is used for scanning the newly increased bugs according to the temporary scanning rule and scanning the conventional bugs according to the routine scanning rule;
and the verification module is suitable for verifying all scanned bugs and outputting a verification report.
According to the system vulnerability scanning device provided by the invention, the temporary rule generating module comprises:
the list acquisition submodule is suitable for acquiring a newly-added vulnerability list contained in the system vulnerability issuing instruction;
the target new bug adding submodule is suitable for obtaining a target new bug corresponding to the tested system from the new bug list;
and the temporary rule generation submodule is suitable for generating a temporary scanning rule for scanning the target newly-added vulnerability.
The system vulnerability scanning device provided by the invention comprises a routine rule generating module and a vulnerability generating module, wherein the routine rule generating module comprises:
the information acquisition submodule is suitable for scanning the tested system through a network scanning tool and collecting one or more of system information, application information, service information, supplier information and personnel information associated with the tested system;
the target conventional vulnerability sub-module is suitable for determining a target conventional vulnerability to be scanned according to one or more of the system information, the application information, the service information, the supplier information and the personnel information;
and the routine rule generation sub-module is suitable for generating a routine scanning rule for scanning the target conventional vulnerability.
To achieve the above object, the present invention further provides a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the above method when executing the computer program.
To achieve the above object, the present invention also provides a computer-readable storage medium having stored thereon a computer program which, when being executed by a processor, carries out the steps of the above method.
The invention provides a technical scheme for timely and comprehensively scanning system vulnerabilities, and provides a method, a device, computer equipment and a computer storage medium for scanning system vulnerabilities. By closely monitoring the latest release information of all large vulnerability release platforms at home and abroad, once a newly added vulnerability is released, the invention makes a temporary scanning rule for detecting whether the newly added vulnerability exists in a tested system according to the newly added vulnerability information at the first time, thereby ensuring the timely response to the newly added vulnerability. Furthermore, a routine scanning rule for periodically detecting the conventional loophole is specified through various kinds of operation parameter information of the tested system of the mobile phone, so that comprehensive scanning of the tested system is realized. In addition, on the basis of executing routine scanning, the invention further executes special scanning according to the collected operation parameter information or scanning results, for example, executing special scanning associated with specific references according to the application type of the system under test, or mining according to the attributes of the scanned conventional vulnerabilities, thereby detecting other vulnerabilities associated with the scanned conventional vulnerabilities. Through the three types of scanning, the system vulnerability can be discovered more timely and completely, and the safe operation of the system is guaranteed.
Drawings
FIG. 1 is a flowchart of a first embodiment of a system vulnerability detection method according to the present invention;
FIG. 2 is a schematic diagram of program modules of a first embodiment of a system bug detection apparatus according to the present invention;
fig. 3 is a schematic diagram of a hardware structure of a first embodiment of the system vulnerability detection apparatus according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention provides a technical scheme for timely and comprehensively scanning system vulnerabilities, and provides a method, a device, computer equipment and a computer storage medium for scanning system vulnerabilities. By closely monitoring the latest release information of all large vulnerability release platforms at home and abroad, once a newly added vulnerability is released, the invention makes a temporary scanning rule for detecting whether the newly added vulnerability exists in a tested system according to the newly added vulnerability information at the first time, thereby ensuring the timely response to the newly added vulnerability. Furthermore, a routine scanning rule for periodically detecting the conventional loophole is specified through various kinds of operation parameter information of the tested system of the mobile phone, so that comprehensive scanning of the tested system is realized. In addition, on the basis of executing routine scanning, the invention further executes special scanning according to the collected operation parameter information or scanning results, for example, executing special scanning associated with specific references according to the application type of the system under test, or mining according to the attributes of the scanned conventional vulnerabilities, thereby detecting other vulnerabilities associated with the scanned conventional vulnerabilities. Through the three types of scanning, the system vulnerability can be discovered more timely and completely, and the safe operation of the system is guaranteed.
Example one
Referring to fig. 1, the present embodiment provides a method for detecting a system bug, which specifically includes the following steps:
s1, responding to a system bug issuing instruction, acquiring a newly added bug related to a tested system in the system bug issuing instruction, and generating a temporary scanning rule according to the description information of the newly added bug; wherein the temporary scanning rule is used for scanning the newly added bug.
With the wider and more powerful computer application range, security vulnerabilities in information technology products have been a major factor in system and network threats. In a pictographic way, a security hole in a computer system is equivalent to a timed bomb, and the danger is hidden at any time. Thus, the importance of a security breach is self-evident, and the timely release of a security breach and its corresponding patch is an important task that is related to the security of an organization or even a country.
The current vulnerability publishing modes comprise software vendor vulnerability publishing, user direct publishing and third party publishing modes. The software vendor vulnerability publishing mode means that when discovering vulnerabilities, a software vendor keeps the vulnerabilities secret first until the software vendor develops a new patch, and then publishes the discovered vulnerabilities together with the patch. The mode of direct release by the user avoids the intentional delay of the software vendor, and the vulnerability discovered can be immediately released to the public when the vulnerability is confirmed. Third party organizations act as moderators and arbiters between software vendors and users to better coordinate the form of the security breach release from a neutral perspective, thereby achieving a reasonable balance of the interests of the parties. In any case, timely acquiring vulnerability information is crucial to information security.
Based on the vulnerability publishing form, the invention firstly monitors the latest vulnerability information of each vulnerability publishing platform through the listener. The listener is suspicious and associated with a plurality of vulnerability publishing platforms, and once any vulnerability publishing platform is monitored to publish the latest vulnerability information, the listener sends a system vulnerability publishing instruction to the controller, wherein the system vulnerability publishing instruction comprises vulnerability description information. The listener can monitor the latest release message of each large vulnerability platform in a keyword filtering mode, if the latest release message contains keywords such as 'vulnerability', 'release' and the like, the latest release message is stored and preprocessed, and then the preprocessed latest release message is sent to the controller in the form of a system vulnerability release instruction.
The controller responds to a system bug issuing instruction sent by the listener, obtains a new bug related to the tested system in the system bug issuing instruction, and generates a temporary scanning rule according to the description information of the new bug. The newly added bug related to the tested system refers to the newly added bug corresponding to the type of the operating system of the tested system. For example, the description information of a new bug shows that the new bug is suitable for the Windows system, and if the tested system is the Linux system, the new bug is not related to the tested system. And if the tested system is also a Windows system, the newly added bug is associated with the tested system.
The temporary scanning rule comprises the steps of obtaining a POC code of the newly added vulnerability, injecting the POC code into a tested system, and judging whether the running performance of the tested system is influenced by the POC code. If yes, the same loophole as the newly added loophole exists in the tested system, and if not, the same loophole as the tested loophole does not exist in the tested system.
Poc (proof of concept) means concept authentication, and refers to a point of view authentication procedure in the field of security detection. Many security vulnerabilities are accompanied by POC codes at the time of release to prove that the vulnerability is indeed present. The invention utilizes the POC code of the vulnerability to verify whether the corresponding vulnerability exists in the tested system.
S2, collecting the operation parameters in the tested system, and forming routine scanning rules according to the operation parameters; wherein the routine scanning rules are used to scan for routine vulnerabilities associated with the system under test.
The specific condition of the tested system is known through information collection, and a routine scanning rule is formulated according to the collected information so as to find out common universal vulnerabilities existing in history. The common vulnerability refers to common vulnerabilities applicable to any type of system.
The information collection is to acquire all information related to the system in various ways, including system information, application information, service information, provider information, personnel information, etc. related to the system under test, and may be collected through a customized script.
The system information comprises development language, middleware, a system frame, a third-party component, a version number and the like related to the tested system; the application information comprises the application range of the tested system, such as a mall application, a transaction application, an information interaction application and the like; the service information comprises a calling relation in the tested system, such as an open functional interface; the supplier information comprises development architecture, historical loophole, similar systems and the like; the personnel information includes developer information such as code annotation habits, console logs, and the like.
In a specific embodiment, an Nmap tool is used to perform probe scanning on a system under test to discover information conditions such as port service openness and operating system type, for example, it is obtained that the system under test is Windows, the open ports include ports 80, 3306, 3389, 139, and the like, and a scanning rule can be preliminarily formulated according to the function of each port. In this embodiment, determining a rule to be scanned according to the open port includes: windows + Apache + Mysql + PHP.
The invention can adopt automatic vulnerability scanning tools such as AWVS, Appscan, Burpesite and the like to scan the tested system according to the established routine scanning rule. Conventional vulnerabilities described in this disclosure include, but are not limited to, the following:
brute force vulnerability, XSS detection vulnerability, OS command execution vulnerability, SQL injection vulnerability, XML entity injection vulnerability, file upload vulnerability, payment vulnerability, password recovery vulnerability, file inclusion vulnerability, and the like.
And S3, scanning the newly added bugs according to the temporary scanning rule and scanning the conventional bugs according to the routine scanning rule.
The method comprises the steps of scanning newly-added bugs according to established temporary scanning rules and scanning conventional bugs according to established routine scanning rules.
It is noted that the temporary scan rules in the present invention have a validity time limit that expires until the scan rules for the new vulnerability are incorporated into an existing automated scanner. Therefore, the temporary scanning rule in the present invention is executed only a limited number of times, generally once, while the routine scanning rule continues to scan for routine bugs at various stages (design, implementation, operation and maintenance, etc.) in the life cycle of the system under test.
And S4, acquiring the key function of the system to be tested according to the application information of the system to be tested, and scanning the special vulnerability according to the key function.
The application type of the system can be preliminarily determined according to the collected application information in the system to be tested, such as a transaction system or a mall system, and key functions of the system to be tested, such as user profile information, user authentication, password recovery, user interaction, payment function, file uploading, file downloading, XML transmission, API (application programming interface), gift or coupon, third-party system interaction, business logic and the like, are sorted out according to the application type of the system to be tested, and specificity scanning is performed on the key functions, so that specificity vulnerabilities related to the key functions are discovered.
Further, the invention allows the cross-overlapping part of the special vulnerability and the conventional vulnerability to ensure the complete comprehensiveness of vulnerability scanning rules.
And S5, verifying all scanned vulnerabilities and outputting a verification report.
The verification of all scanned bugs refers to verifying whether all scanned bugs really exist or not in a repeated test or single-point test mode, grading the bugs confirmed to really exist, and outputting a verification report.
For example, vulnerabilities are classified as high-risk vulnerabilities, medium-risk vulnerabilities, and low-risk vulnerabilities according to their degree of harm.
And further, according to the detected loophole, an expanded security detection suggestion is provided based on the principle of single-point breakthrough or combined loophole utilization. The expanded safety inspection suggestion is obtained according to historical experience, and the content of the expanded safety inspection suggestion is different for different tested systems.
Referring to fig. 2, a data synchronization apparatus for a large data platform is shown, in the embodiment, the system bug scanning apparatus 10 may include or be divided into one or more program modules, and the one or more program modules are stored in a storage medium and executed by one or more processors to implement the present invention and implement the above automatic updating method. The program module referred to in the present invention refers to a series of computer program instruction segments capable of performing specific functions, and is more suitable for describing the execution process of the system bug scanning device 10 in the storage medium than the program itself. The following description will specifically describe the functions of the program modules of the present embodiment:
the temporary rule generating module 11 is adapted to respond to a system bug issuing instruction, acquire a new bug associated with a system to be tested in the system bug issuing instruction, and generate a temporary scanning rule according to description information of the new bug; the temporary scanning rule is used for scanning the newly added bugs;
a routine rule generating module 12, adapted to collect the operating parameters in the system under test, and form a routine scanning rule according to the operating parameters; wherein the routine scanning rules are used to scan for routine vulnerabilities associated with the system under test;
the scanning module 13 is adapted to scan the newly added bug according to the temporary scanning rule and scan the conventional bug according to the routine scanning rule;
and the verification module 14 is adapted to verify all scanned vulnerabilities and output a verification report.
According to the system vulnerability scanning device provided by the present invention, the temporary rule generating module 11 includes:
the list obtaining submodule 111 is adapted to obtain a new vulnerability list included in the system vulnerability issuing instruction;
a target newly added bug sub-module 112, adapted to obtain a target newly added bug corresponding to the system under test from the newly added bug list;
and the temporary rule generating submodule 113 is adapted to generate a temporary scanning rule for scanning the target newly-added vulnerability.
According to the system vulnerability scanning apparatus provided by the present invention, the routine rule generating module 12 includes:
the information acquisition submodule 121 is adapted to scan the system under test through a network scanning tool, and collect one or more of basic information, system information, application information, version information, service information, personnel information, and protection information associated with the system under test;
the target conventional vulnerability sub-module 122 is adapted to determine a target conventional vulnerability to be scanned according to one or more of the basic information, the system information, the application information, the version information, the service information, the personnel information and the protection information;
and a routine rule generating sub-module 123 adapted to generate a routine scanning rule for scanning the target routine vulnerability.
The embodiment also provides a computer device, such as a smart phone, a tablet computer, a notebook computer, a desktop computer, a rack server, a blade server, a tower server or a rack server (including an independent server or a server cluster composed of a plurality of servers) capable of executing programs, and the like. The computer device 20 of the present embodiment includes at least, but is not limited to: a memory 21, a processor 22, which may be communicatively coupled to each other via a system bus, as shown in FIG. 3. It is noted that fig. 3 only shows the computer device 20 with components 21-22, but it is to be understood that not all shown components are required to be implemented, and that more or fewer components may be implemented instead.
In the present embodiment, the memory 21 (i.e., a readable storage medium) includes a flash memory, a hard disk, a multimedia card, a card-type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a programmable read-only memory (PROM), a magnetic memory, a magnetic disk, an optical disk, and the like. In some embodiments, the storage 21 may be an internal storage unit of the computer device 20, such as a hard disk or a memory of the computer device 20. In other embodiments, the memory 21 may also be an external storage device of the computer device 20, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), or the like, provided on the computer device 20. Of course, the memory 21 may also include both internal and external storage devices of the computer device 20. In this embodiment, the memory 21 is generally used to store an operating system and various application software installed on the computer device 20, such as a program code of the system bug scanning apparatus 10 in the first embodiment. Further, the memory 21 may also be used to temporarily store various types of data that have been output or are to be output.
Processor 22 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor, or other data Processing chip in some embodiments. The processor 22 is typically used to control the overall operation of the computer device 20. In this embodiment, the processor 22 is configured to execute the program code stored in the memory 21 or process data, for example, execute the system bug scanning apparatus 10, so as to implement the system bug scanning method according to the first embodiment.
The present embodiment also provides a computer-readable storage medium, such as a flash memory, a hard disk, a multimedia card, a card-type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a programmable read-only memory (PROM), a magnetic memory, a magnetic disk, an optical disk, a server, an App application mall, etc., on which a computer program is stored, which when executed by a processor implements corresponding functions. The computer-readable storage medium of this embodiment is used for the storage system vulnerability scanning apparatus 10, and when executed by the processor, the computer-readable storage medium implements the system vulnerability scanning method of the first embodiment.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the embodiments of the present invention.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable medium, and when executed, the program includes one or a combination of the steps of the method embodiments.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example" or "some examples" or the like are intended to mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. A system vulnerability scanning method is characterized by comprising the following steps:
responding to a system bug issuing instruction, acquiring a new bug associated with a tested system in the system bug issuing instruction, and generating a temporary scanning rule according to description information of the new bug, wherein the temporary scanning rule specifically comprises the following steps: monitoring latest vulnerability release information of a vulnerability release platform through a listener, and sending the latest vulnerability information to a controller in a system vulnerability release instruction form; the method comprises the steps that a controller responds to a system bug issuing instruction sent by a listener, new bugs associated with a tested system are obtained, and a temporary scanning rule is generated according to description information of the new bugs; the temporary scanning rule is used for scanning the newly added bugs; the temporary scanning rule comprises: acquiring a POC code of the newly added vulnerability, injecting the POC code into a tested system, and judging whether the running performance of the tested system is influenced by the POC code;
collecting operating parameters in the tested system, and forming a routine scanning rule according to the operating parameters; wherein the routine scanning rules are used to scan for routine vulnerabilities associated with the system under test;
scanning the newly added bugs according to the temporary scanning rule, and scanning the conventional bugs according to the routine scanning rule;
and verifying all scanned vulnerabilities and outputting a verification report.
2. The method for scanning the system bug according to claim 1, wherein the step of obtaining newly added bug information associated with the system under test in the system bug issuing instruction in response to the system bug issuing instruction, and generating the temporary scanning rule according to the newly added bug information comprises:
acquiring a newly added vulnerability list contained in the system vulnerability issuing instruction;
acquiring a target newly added bug corresponding to the tested system from the newly added bug list;
and generating a temporary scanning rule for scanning the target newly-added vulnerability.
3. The method for scanning system vulnerabilities according to claim 1, wherein the step of collecting operating parameters in the system under test and forming a routine scanning rule according to the operating parameters comprises:
scanning the tested system through a network scanning tool, and collecting one or more of system information, application information, service information, supplier information and personnel information associated with the tested system;
determining a target conventional vulnerability to be scanned according to one or more of the system information, the application information, the service information, the supplier information and the personnel information;
generating a routine scanning rule for scanning the target routine vulnerability.
4. The method for scanning for system vulnerabilities according to claim 3, wherein after the step of scanning for the newly added vulnerability according to the temporary scanning rule and the step of scanning for the conventional vulnerability according to the routine scanning rule, the method further comprises:
and acquiring a key function of the tested system according to the application information of the tested system, and scanning the special vulnerability according to the key function.
5. The method for scanning the system vulnerabilities according to claim 1, wherein the step of verifying all scanned vulnerabilities and outputting a verification report comprises:
verifying whether all scanned bugs exist or not in a repeated test or single-point test mode;
and outputting a verification report of whether all the scanned vulnerabilities really exist.
6. A system vulnerability scanning apparatus, comprising:
the temporary rule generating module is adapted to respond to a system bug issuing instruction, acquire a newly added bug associated with a tested system in the system bug issuing instruction, and generate a temporary scanning rule according to description information of the newly added bug, and specifically includes: monitoring latest vulnerability release information of a vulnerability release platform through a listener, and sending the latest vulnerability information to a controller in a system vulnerability release instruction form; the method comprises the steps that a controller responds to a system bug issuing instruction sent by a listener, new bugs associated with a tested system are obtained, and a temporary scanning rule is generated according to description information of the new bugs; the temporary scanning rule is used for scanning the newly added bugs; the temporary scanning rule comprises: acquiring a POC code of the newly added vulnerability, injecting the POC code into a tested system, and judging whether the running performance of the tested system is influenced by the POC code;
the routine rule generating module is suitable for collecting the operating parameters in the tested system and forming a routine scanning rule according to the operating parameters; wherein the routine scanning rules are used to scan for routine vulnerabilities associated with the system under test;
the scanning module is used for scanning the newly increased bugs according to the temporary scanning rule and scanning the conventional bugs according to the routine scanning rule;
and the verification module is suitable for verifying all scanned bugs and outputting a verification report.
7. The apparatus according to claim 6, wherein the temporary rule generating module comprises:
the list acquisition submodule is suitable for acquiring a newly-added vulnerability list contained in the system vulnerability issuing instruction;
the target new bug adding submodule is suitable for obtaining a target new bug corresponding to the tested system from the new bug list;
and the temporary rule generation submodule is suitable for generating a temporary scanning rule for scanning the target newly-added vulnerability.
8. The system vulnerability scanning apparatus of claim 6, wherein the routine rule generation module comprises:
the information acquisition submodule is suitable for scanning the tested system through a network scanning tool and collecting one or more of system information, application information, service information, supplier information and personnel information associated with the tested system;
the target conventional vulnerability sub-module is suitable for determining a target conventional vulnerability to be scanned according to one or more of the system information, the application information, the service information, the supplier information and the personnel information;
and the routine rule generation sub-module is suitable for generating a routine scanning rule for scanning the target conventional vulnerability.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the steps of the method of any of claims 1 to 5 are implemented by the processor when executing the computer program.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910268029.0A CN110059007B (en) | 2019-04-03 | 2019-04-03 | System vulnerability scanning method and device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910268029.0A CN110059007B (en) | 2019-04-03 | 2019-04-03 | System vulnerability scanning method and device, computer equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110059007A CN110059007A (en) | 2019-07-26 |
| CN110059007B true CN110059007B (en) | 2020-12-22 |
Family
ID=67318352
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910268029.0A Active CN110059007B (en) | 2019-04-03 | 2019-04-03 | System vulnerability scanning method and device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110059007B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110781078B (en) * | 2019-09-29 | 2022-05-31 | 苏州浪潮智能科技有限公司 | Code vulnerability processing method and device |
| CN111090470A (en) * | 2019-10-15 | 2020-05-01 | 平安科技(深圳)有限公司 | Secure starting method and device of cloud host, computer equipment and storage medium |
| CN111859401A (en) * | 2020-07-30 | 2020-10-30 | 杭州安恒信息技术股份有限公司 | Vulnerability data analysis method, system and related device |
| CN114157439B (en) * | 2020-08-18 | 2024-03-05 | 中国电信股份有限公司 | Vulnerability scanning method, computing device and recording medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9225734B1 (en) * | 2014-09-10 | 2015-12-29 | Fortinet, Inc. | Data leak protection in upper layer protocols |
| CN105429955A (en) * | 2015-10-30 | 2016-03-23 | 西安四叶草信息技术有限公司 | Remote vulnerability detection method |
| CN108206830A (en) * | 2017-12-30 | 2018-06-26 | 平安科技(深圳)有限公司 | Vulnerability scanning method, apparatus, computer equipment and storage medium |
| CN108334784A (en) * | 2018-02-02 | 2018-07-27 | 杭州迪普科技股份有限公司 | A kind of vulnerability scanning method and apparatus |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8099786B2 (en) * | 2006-12-29 | 2012-01-17 | Intel Corporation | Embedded mechanism for platform vulnerability assessment |
| CN103856467B (en) * | 2012-12-06 | 2018-12-14 | 百度在线网络技术(北京)有限公司 | A kind of method and distributed system for realizing security sweep |
| WO2015000108A1 (en) * | 2013-07-01 | 2015-01-08 | Mediatek Singapore Pte. Ltd. | An improved texture merging candidate in 3dvc |
| CN104065645A (en) * | 2014-05-28 | 2014-09-24 | 北京知道创宇信息技术有限公司 | Web vulnerability protection method and apparatus |
| CN104506522B (en) * | 2014-12-19 | 2017-12-26 | 北京神州绿盟信息安全科技股份有限公司 | vulnerability scanning method and device |
| CN106874768B (en) * | 2016-12-30 | 2020-03-24 | 北京瑞卓喜投科技发展有限公司 | Penetration test method and device |
| CN108512859A (en) * | 2018-04-16 | 2018-09-07 | 贵州大学 | A kind of Web applications safety loophole mining method and device |
-
2019
- 2019-04-03 CN CN201910268029.0A patent/CN110059007B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9225734B1 (en) * | 2014-09-10 | 2015-12-29 | Fortinet, Inc. | Data leak protection in upper layer protocols |
| CN105429955A (en) * | 2015-10-30 | 2016-03-23 | 西安四叶草信息技术有限公司 | Remote vulnerability detection method |
| CN108206830A (en) * | 2017-12-30 | 2018-06-26 | 平安科技(深圳)有限公司 | Vulnerability scanning method, apparatus, computer equipment and storage medium |
| CN108334784A (en) * | 2018-02-02 | 2018-07-27 | 杭州迪普科技股份有限公司 | A kind of vulnerability scanning method and apparatus |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110059007A (en) | 2019-07-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110059007B (en) | System vulnerability scanning method and device, computer equipment and storage medium | |
| US11086983B2 (en) | System and method for authenticating safe software | |
| Costin et al. | A {Large-scale} analysis of the security of embedded firmwares | |
| CN111400722B (en) | Method, apparatus, computer device and storage medium for scanning small program | |
| CN111695156A (en) | Service platform access method, device, equipment and storage medium | |
| US10795991B1 (en) | Enterprise search | |
| US11748487B2 (en) | Detecting a potential security leak by a microservice | |
| CN111783096B (en) | Method and device for detecting security hole | |
| EP2946327A1 (en) | Systems and methods for identifying and reporting application and file vulnerabilities | |
| CN110719300B (en) | Method and system for automatic vulnerability verification | |
| WO2018052979A1 (en) | Systems and methods for agent-based detection of hacking attempts | |
| CN112039900B (en) | Network security risk detection method, system, computer device and storage medium | |
| CN113704767A (en) | Vulnerability scanning engine and vulnerability worksheet management fused vulnerability management system | |
| CN111353151B (en) | Vulnerability detection method and device for network application | |
| CN103390130A (en) | Rogue program searching and killing method and device based on cloud security as well as server | |
| CN112738138B (en) | Cloud security hosting method, device, equipment and storage medium | |
| Casola et al. | A cloud SecDevOps methodology: from design to testing | |
| Permann et al. | Cyber assessment methods for SCADA security | |
| Cruz et al. | Open Source Solutions for Vulnerability Assessment: A Comparative Analysis | |
| CN113922975A (en) | Security control method, server, terminal, system and storage medium | |
| KR101968633B1 (en) | Method for providing real-time recent malware and security handling service | |
| CN113127875A (en) | Vulnerability processing method and related equipment | |
| Xu et al. | Identification of ICS Security Risks toward the Analysis of Packet Interaction Characteristics Using State Sequence Matching Based on SF‐FSM | |
| CN114036505A (en) | Safety operation and maintenance analysis server, safety operation and maintenance analysis method and computer equipment | |
| CN113378180A (en) | Vulnerability detection method and device, computer equipment and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 100088 Building 3 332, 102, 28 Xinjiekouwai Street, Xicheng District, Beijing Applicant after: QAX Technology Group Inc. Address before: 100088 Building 3 332, 102, 28 Xinjiekouwai Street, Xicheng District, Beijing Applicant before: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |