CN102821137B - A kind of website security detection method and system - Google Patents
A kind of website security detection method and system Download PDFInfo
- Publication number
- CN102821137B CN102821137B CN201210236077.XA CN201210236077A CN102821137B CN 102821137 B CN102821137 B CN 102821137B CN 201210236077 A CN201210236077 A CN 201210236077A CN 102821137 B CN102821137 B CN 102821137B
- Authority
- CN
- China
- Prior art keywords
- module
- user
- scan
- result
- safety detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 138
- 238000000034 method Methods 0.000 claims abstract description 26
- 238000012360 testing method Methods 0.000 claims description 19
- 238000012795 verification Methods 0.000 claims description 11
- 230000007246 mechanism Effects 0.000 claims description 7
- 230000005540 biological transmission Effects 0.000 claims description 4
- 239000012141 concentrate Substances 0.000 abstract description 3
- 230000006870 function Effects 0.000 description 12
- 230000008569 process Effects 0.000 description 6
- 241000270322 Lepidosauria Species 0.000 description 3
- 241000700605 Viruses Species 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012856 packing Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Abstract
The invention discloses a kind of website security detection method and system, relate to field of website safety.Described system includes: client and server end, and wherein server end farther includes: memory module, scheduler module and scan module.Described method includes: client obtains site information to be detected by user interface, and this site information to be detected generation safety detection task is stored the memory module to server end;Scan module receives the safety detection task that scheduler module sends, and parses website to be scanned, starts scanning, and progress and the result of scanning are fed back to scheduler module;The scan progress received and result are updated to memory module by scheduler module, in order to user inquires about.The method using the present invention, user can enjoy web portal security detection service freely, easily, and group user can arrange enjoyment by client and concentrate scanning and leak look facility, has effectively ensured web portal security.
Description
Technical field
The present invention relates to field of website safety, particularly relate to a kind of website security detection method and system.
Background technology
The opening of Web is extensively by everybody welcome, but simultaneously, Web system will be faced with the threat of Network Intrusion.We want to set up the Web system of a safety always, but overall safety is practically impossible to realization, but relative safety can reach.Wherein carrying out Web vulnerability scanning is exactly the important leverage setting up Web safety.
The form that tradition web vulnerability scanning product is all single software is issued, it is necessary to user is arranged in the machine, could carry out web vulnerability scanning in the machine after buying, and its shortcoming is: the first, needing to buy, cost is high;The second, user installation and upgrade maintenance are needed, in-convenience in use;3rd, the function provided is limited, it is impossible to well support the scanning demand of high-end user and group user.Therefore, how to enable personal user enjoy the web portal security detection services such as convenient, free virus scan, Hole Detection, enable high-end user and group user enjoy concentrate scanning, the complete web portal security detection services such as analysis become a problem in the urgent need to address to concentrate leak to check.
Summary of the invention
A kind of website security detection method of offer and system are provided, to solve product that prior art exists in-convenience in use, the problem of function singleness, wherein: a kind of website security detection method, including:
Client obtains site information to be detected by user interface, and this site information to be detected generation safety detection task is stored the memory module to server end;
The scheduler module of server end obtains safety detection task from memory module, and the safety detection task of acquisition is sent to the idle scan module that server end is online;
Described idle scan module receives the safety detection task that scheduler module sends, and parses website to be scanned, starts scanning, and progress and the result of scanning are fed back to described scheduler module;
The scan progress received and result are updated to the memory module of server end by described scheduler module.
A kind of website security detection system, including: client and server end, described server end enters one
Step includes: memory module, scheduler module, scan module, wherein,
Memory module, for storing the data including safety detection task, safety detection result;
Client, is connected with server end by cloud, for obtaining site information to be detected by user interface, and this site information to be detected generation safety detection task is stored the memory module to server end;
Scheduler module, is connected with memory module, for being handed down to online idle scan module after obtaining safety detection task from memory module, and scan progress and the result of scan module is updated to memory module;And,
Scan module, is connected with scheduler module, for receiving the safety detection task that scheduler module sends, and starts scanning, and progress and the result of scanning are fed back to scheduler module.
Preferably, client is provide the web portal security detection Website page of function or executable application programs, and has webmaster and manage the function of multiple child user.Compared with prior art, according to technical scheme, by arranging the memory module of client and server end, scheduler module and scan module, make user pass through client and submit web portal security Detection task to, by scan module, the website submitted to is scanned, personal user can be made to enjoy web portal security detection service freely, easily, high-end user and group user is made not only to use web portal security detection service easily, more rich web portal security detection service can also be enjoyed, effectively ensured net safety.
Accompanying drawing explanation
In order to be illustrated more clearly that the technical scheme of the embodiment of the present invention, below the accompanying drawing used required during embodiment is described is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the premise not paying creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the structural representation of the website security detection system embodiment according to the present invention;
Fig. 2 is the structural representation of another embodiment of website security detection system according to the present invention;
Fig. 3 is the structural representation of the website security detection system another embodiment according to the present invention;
Fig. 4 is the flow chart of the embodiment of the website security detection method according to the present invention;
Fig. 5 is the flow chart of another embodiment of website security detection method according to the present invention;
Fig. 6 is the flow chart of the website security detection method another embodiment according to the present invention.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is only a part of embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, the every other embodiment that those of ordinary skill in the art obtain under not making creative work premise, broadly fall into the scope of protection of the invention.
The present invention main idea is that, it is provided that a kind of website security detection method, and client obtains site information to be detected by user interface, and this site information to be detected generation safety detection task is stored the memory module to server end;The scheduler module of server end obtains safety detection task from the memory module of server end, and the safety detection task of acquisition is sent to the idle scan module that server end is online;The scan module of described free time receives the safety detection task that scheduler module sends, and parses website to be scanned, starts scanning, and progress and the result of scanning are fed back to scheduler module;The scan progress received and result are updated to the memory module of server end by described scheduler module, in order to user's inquiry and download.
For the method realizing the present invention, the embodiment of the present invention one provides a kind of website security detection system, as it is shown in figure 1, this system includes: client 11 and server end 10, wherein, server end 10 farther includes: memory module 12, scheduler module 13, scan module 14.Memory module 12 in the present invention, scheduler module 13, scan module 14 can be integrated on a physical equipment, as having on the computer of storage medium at one, arrange dispatch command code and scan instruction code;Can also being made up of one or more physical equipment respectively, such as memory module, by a computer with storage medium or network hard disc forms, scheduler module 13 is by dispatcher or is provided with the computer that other computers form, scan module is provided with scan instruction code by one or more of dispatch command code and forms.The present embodiment is consisted of example by one or more physical equipment be respectively described in detail with memory module 12, scheduler module 13, scan module 14.
Wherein, client 11 is connected 10 connections by cloud with server end, for being obtained the site information to be detected of user's input by user interface, and this site information to be detected generated safety detection task store the memory module to server end according to triggering of user, register including: user, log in, user's checking, manager's checking, child user management, transmission safety detection task and Browsing Safety while Using testing result etc..The user using web portal security detection service first has to by client registers, and the content of registration includes: user identity and website to be scanned, and wherein, user identity includes again the information such as user name, mailbox and password.User can also register child user.After user's registration, the relevant information of user in the memory module being saved in server end, will log in standby user next time.After registration, need to log in before using web portal security detection service, carry out subscriber authentication and administrator right checking.Described client is additionally operable to obtain the site information to be detected of this user input by the user of authentication multiple child users registered in advance or/and according to passing through the web portal security testing result triggering this user of inquiry multiple child users registered in advance of user verified.The user interface of client can be the form of Website page, it is also possible to be the form of Application Program Interface.When being embodied as, it is possible to the user interface in client arranges scanning and triggers device and querying triggering device, as button or scan task link, when user's button click or respective links, start scanning or inquiry.When client with the form of web page in current, there is good platform compatible, and user need not install any extra software in the machine.When client with the form of application software in current, user needs to install this client software in the machine, but the resource that this client software takies is little, and can freely install and use, compared with vulnerability scanning software being installed with prior art, save the memory space of the machine, and need not pay.Application software can run on any platform, including windows, ios platform and Android platform, has good platform equally compatible.
Memory module 12, is used for storing the data such as subscriber identity information, safety detection task and safety detection result.Wherein subscriber identity information includes user name, password, mailbox, list of websites etc.;Safety detection task comprises the summary information of each scan request of user, such as list of websites;Safety detection result comprises scanning success or failure information and the detailed website vulnerability list etc. scanned.When scanning unsuccessfully, scanning result can also include failure cause etc..Memory module 12 can be computer or the network hard disc etc. with storage function, and this is not construed as limiting by the present invention.
Scheduler module 13, it is connected with memory module 12 and scan module 14, for being handed down to the online idle scan module 14 having built up connection after obtaining safety detection task from memory module 12, and the scanning result of the scan module 14 of described free time is updated to memory module 12.Scheduler module 13 can be one or more computer.
Scan module 14, presets scan procedure and configuration file and vulnerability database, for receiving the safety detection task that scheduler module 13 sends, and starts scan procedure and is scanned, and scanning result feeds back to scheduler module 13.Scan module 14 needs to register in scheduler module 13 in advance, and constantly sends connection packet to scheduler module 13, to maintain its presence in scheduler module 13.Scan module 14 also needs in real time the scanning mode of current task and scanning result be fed back to scheduler module 13.Described scanning result includes at least one of: hang horse testing result, false fraud detection result, shield detection result, sidenote testing result, tampering detection result and Hole Detection result.
As shown in Figure 2, the server end of a kind of another embodiment of website security detection system disclosed by the invention can also include FTP (FileTransferProtocol FTP) module 15, described scan module 14 is additionally operable to be sent in FTP module 15 scanning result and scanning form, it is simple to user accesses download.Wherein, scanning form includes the detailed leak list scanned, and scanning result includes at least one of: hang horse testing result, false fraud detection result, shield detection result, sidenote testing result, tampering detection result and Hole Detection result.
As shown in Figure 3, the server end of the another embodiment of a kind of website security detection system disclosed by the invention can also include SMTP (SimpleMailTransferProtocol Simple Mail Transfer protocol) module 16, described SMTP module 16 is connected with memory module 12 and FTP module 15 respectively, for by mailbox registered in advance for scanning result transmission to user.SMTP module 16 obtains the scanning result of completed safety detection task to be sent and the mailbox that this safety detection task requests user is registered in advance from memory module 12, and sends the scanning result summary info of safety detection task to the mailbox obtained.SMTP module 16 can only send, according to the request of configuration or user, the Email Accounts that the scanning result summary info of safety detection task is specified to user, it is also possible to the form of Email attachment, the safety detection form obtained on FTP module 15 is sent to client.
For making the object, technical solutions and advantages of the present invention clearly, below in conjunction with accompanying drawing and a kind of website security detection system, one website security detection method of the present invention is described in further detail.
As shown in Figure 4, an embodiment of a kind of website security detection method of the present invention, comprise the steps.
Step 31, client obtain site information to be detected by user interface, and this site information to be detected generation safety detection task is stored the memory module to server end.
Client has user interface, and the user interface form of client can be a Website page, it is also possible to being Application Program Interface, user is interacted by the memory module of client and server.The function that the user interface of client provides includes user's registration, before using web portal security detection service, user requires over user interface and registers, the content of registration includes: user identity and website to be scanned, wherein, user identity includes again the information such as user name, mailbox and password.After user's registration, the relevant information of user in the memory module being saved in server end, will log in standby user next time.
The function that the user interface of client provides also includes user authority management, including subscriber authentication, manager's authentication, registration of website certification etc..Use mailbox and password login website security detection system user after, first adding website to be scanned, then checking webmaster's authority, after good authentication webmaster's authority, can be scanned or check scanning result.Use this system verification webmaster's authority can adopt code (or picture, word) checking, file verification, customer service checking in any one, this is not construed as limiting by the present invention.Described code verification is particularly as follows: add appointment codes (or picture, word) in any position of website homepage;Described file verification is particularly as follows: download checking file and send it to the root of site file to be scanned;Described customer service checking is particularly as follows: contact contact staff carries out on line or certification under line.
The function that the user interface of client provides also includes submitting safety detection request and inquiry scan result to.After user is by domain name and administrator right checking, user can pass through client and submit safety detection task to, at least includes website to be scanned and ID in safety detection task.Described website to be scanned can come from the website having verified that administrator right of this user in the memory module of server end.User interface provides edit websites function, as added website, deleting invalid website.Website after editor preserves in a storage module.When being embodied as, scanning can be set at user interface and trigger device, as button or scan task link, when user's button click or respective links, triggering according to user, client retrieves this user-dependent domain-name information in a storage module, and generates safety detection task, it is submitted to the memory module of server end, memory module this safety detection task is saved in scan task list.User is after verifying by domain name and administrator right, it is also possible to start inquiry scan result function or the scanning result directly asked at the output window inquiry scan being arranged on user interface by being arranged on the querying triggering device of user interface.
The function that the user interface of client provides also includes group user management.By client carry out group user management arrange after, as user registers multiple child user, and open child user management function, Family administration person user adds the scan interface of child user, make administrator after Authority Verification passes through, safety detection request and the request of inquiry scan result of the multiple child users being managed can be submitted simultaneously to, facilitate group user to carry out web portal security detection.
Step 32, server end scheduler module obtain safety detection task from memory module, and the safety detection task of acquisition is sent to online idle scan module.
Scheduler module timer access memory module, obtains safety detection task from memory module.After getting safety detection task, judging in online scan module whether available free scan module, if there is no the scan module of free time, then remaining waiting for, until detecting that online scan module is idle, and safety detection task is issued the scan module of this free time;If scheduler module judges available free scan module, then according to the scheduling mechanism set, safety detection task is sent to the scan module of a certain free time.The scheduling mechanism of scheduler module can be following any one, including: by maximum number of tasks, by CPU and memory usage, by the mechanism such as closest with target machine, so that the operational efficiency of scan module is the highest.After safety detection task is sent to scan module by scheduler module, the response of scan module to be received, if task sends successfully, then terminate this scheduling;If task sends unsuccessfully, it is necessary to reselect the scan module of a free time, and be sent to safety detection task, until safety detection task sends successfully.
The scanning that scheduler module is scheduling does not need to register in scheduler module in advance.
Step 33, scan module receive the safety detection task that scheduler module sends, and parse website to be scanned, start scanning, and progress and the result of scanning are fed back to scheduler module.
Scan module needed to connect and be registered in scheduler module before the scheduling accepting scheduler module, and needed timing to transmit packets to scheduler module.Described connection packet includes: connection packet and state data packets.Described connection packet comprises essential information (such as server name, numbering, IP address) and the bind command word of scan module, in order to scheduler module can obtain the connection of scan module in time;Described status data comprises the essential information of scan module and the state of Current Scan task, such as scan progress, scanning result etc., in order to scheduler module can be known the existing state of single scan task in time and update scan progress and scanning result to memory module.
The safety detection task that scan module receives comprises website to be scanned.After scan module receives the safety detection task that scheduler module sends, parse website to be scanned, and start independent scan process, load the configuration informations such as the local configuration file of scan module and vulnerability database simultaneously, then access and resolve the website obtained, if this website can access, then carry out next step scanning;If this website cannot access, then report the scanning result packet that this website can not access to scheduler module, and terminate this scan procedure.
The described scanning carrying out next step is specially startup reptile engine and automatically extracts Website page, starts Hole Detection engine simultaneously and carries out the safety detection of Website page, as leak is tested.The operational factor of reptile engine and Hole Detection engine can obtain from configuration file;The vulnerability database of Hole Detection engine is individually deposited, and constantly updates.In scanning process, scan module in real time by the running status of reptile engine and Hole Detection engine (as stopped, properly functioning), safety detection progress, scanning discovery website vulnerability etc. report scheduler module.After the end of scan, scan module reports end of scan packet to scheduler module, and terminates scan procedure.
The scan progress received and result are updated to memory module by step 34, scheduler module.
The progress of the scanning that scheduler module real-time reception scan module sends and result, and in time progress and the result of scanning are updated to memory module, it is simple to user's real-time query.The result of described scanning includes at least one of: hang horse testing result, false fraud detection result, shield detection result, sidenote testing result, tampering detection result and Hole Detection result.After scheduler module receives end of scan packet, the website vulnerability of the scanning discovery reported by this scan module and website logo packing store to memory module, in order to user's query web safety detection result.
Preferably, as shown in Figure 5, after the end of scan, this method also includes step 35, scan module is by scanning result and scans report upload to FTP (FileTransferProtocol FTP) module, not only act as the effect of data backup, be more convenient for user's inquiry, download.Current Scan scanning result includes at least one of: hang horse testing result, false fraud detection result, shield detection result, sidenote testing result, tampering detection result and Hole Detection result.
As shown in Figure 6, another embodiment of website security detection method of the present invention, after the end of scan, also includes step 36:SMTP module by mailbox registered in advance for scanning result transmission to user.From memory module, read the mailbox of the scanning result to be sent user registration corresponding with this scanning result, and send scan result to described mailbox, it is possible to use web portal security testing result is understood at family in time.After scan procedure terminates, SMTP module timing can read the mailbox that the up-to-date scanning result safety detection task requests user corresponding with this scanning result is registered in advance from memory module, and the summary info of scanning result is sent to the mailbox asking user registered in advance of safety detection task corresponding to this scanning result.SMTP module can also according to setting in advance or user need download scanning form with the form of adnexa individually or to user registered in advance mailbox sent along with scanning result summary info from FTP module.
By the website security detection method of the present invention, make general Websites user need not spend buy, need not install huge software just can enjoy easily web portal security detection service, effectively ensured web portal security.Traditional scanning product can only single web site scan and single leak form browse, cannot unify to check the leak of all websites, the method using the present invention, the scan interface that high-end user adds child user by Family administration person user uses this system, can be concentrated by administrator and check the website vulnerability of all child users under this manager, it is simple to carry out concentrating leak to check.
Website described herein can be website domain name, it is also possible to being IP address, this is not construed as limiting by the present invention.
Each embodiment in this specification is generally adopted the mode gone forward one by one and describes, and what each embodiment stressed is the difference with other embodiments, between each embodiment identical similar part mutually referring to.
The application can described in the general context of computer executable instructions, for instance program module or unit.Usually, program module or unit can include performing particular task or realizing the routine of particular abstract data type, program, object, assembly, data structure etc..In general, program module or unit can by software, hardware or both be implemented in combination in.The application can also be put into practice in a distributed computing environment, in these distributed computing environment, the remote processing devices connected by communication network perform task.In a distributed computing environment, program module or unit may be located in the local and remote computer-readable storage medium including storage device.
Finally, it can further be stated that, in this article, the relational terms of such as first and second or the like is used merely to separate an entity or operation with another entity or operating space, and not necessarily requires or imply the relation that there is any this reality between these entities or operation or sequentially.And, term " includes ", " comprising " or its any other variant are intended to comprising of nonexcludability, so that include the process of a series of key element, method, commodity or equipment not only include those key elements, but also include other key elements being not expressly set out, or also include the key element intrinsic for this process, method, commodity or equipment.When there is no more restriction, statement " including ... " key element limited, it is not excluded that there is also other identical element in including the process of described key element, method, commodity or equipment.
Principle and the embodiment of the application are set forth by specific case used herein, and the explanation of above example is only intended to help and understands the present processes and main thought thereof;Simultaneously for one of ordinary skill in the art, according to the thought of the application, all will change in specific embodiments and applications, in sum, this specification content should not be construed as the restriction to the application.
Claims (14)
1. a website security detection method, it is characterised in that including:
User registered in advance and webmaster's authority are verified by client, are inputted the site information to be detected of this user multiple child users registered in advance at active client by the user of checking;
Client obtains site information to be detected by user interface, and this site information to be detected generation safety detection task is stored the memory module to server end, and wherein, safety detection task comprises the summary information of each scan request of user;
The scheduler module of server end obtains safety detection task from memory module, and the safety detection task of acquisition is sent to the idle scan module that server end is online;
Described idle scan module receives the safety detection task that scheduler module sends, and parses website to be scanned, starts scanning, and progress and the result of scanning are fed back to described scheduler module;
The scan progress received and result are updated to the memory module of server end by described scheduler module;
Inquired about scan progress and the result of this user multiple child users registered in advance at active client by the user of checking;
The safety detection task of acquisition is sent to the idle scan module that server end is online, farther includes:
Whether available free scheduler module judge in online scan module scan module, if not having the scan module of free time, then remaining waiting for, until detecting that online scan module is idle, safety detection task being issued the scan module of this free time;If available free scan module, then according to the scheduling mechanism set, safety detection task is sent to the scan module of a certain free time.
2. method according to claim 1, it is characterised in that after the end of scan, the result of scanning is uploaded to FTP module by scan module, it is simple to user's inquiry and download.
3. method according to claim 2, it is characterised in that after the end of scan, the scanning result that obtains from described memory module is sent to user's mailbox registered in advance by the SMTP module being pre-configured with, and reminds user in time with mail he.
4. the method according to any one of claims 1 to 3, it is characterized in that, described method also includes client display web portal security testing result, wherein, described web portal security testing result includes at least one of: hang horse testing result, false fraud detection result, shield detection result, sidenote testing result, tampering detection result and Hole Detection result.
5. method according to claim 4, it is characterized in that, the safety detection task obtained from memory module is sent to the idle scan module that server end is online by maximum number of tasks or by CPU and memory usage or by closest mechanism by the scheduler module of server end.
6. method according to claim 5, it is characterised in that the concrete verification mode that user registered in advance and webmaster's authority are verified by client is: code verification, file verification, customer service checking in any one or multiple;The site information to be detected of described user input includes: website domain name or web IP address.
7. method according to claim 1, it is characterised in that described user interface is webpage or Application Program Interface.
8. a website security detection system, it is characterised in that including client and server end, described server end farther includes: memory module, scheduler module, scan module, wherein,
Memory module, for storing the data including safety detection task, safety detection result;
Client, it is connected with server end by cloud, for user registered in advance and webmaster's authority are verified, obtain the site information to be detected of this user multiple child users registered in advance of the user's input by verifying or/and according to triggering, by the user of certification, the web portal security testing result inquiring about this user multiple child users registered in advance;It is additionally operable to obtain site information to be detected by user interface, and this site information to be detected generation safety detection task is stored the memory module to server end;
Scheduler module, is connected with memory module, for being handed down to online idle scan module after obtaining safety detection task from memory module, and scan progress and the result of scan module is updated to memory module;
Scan module, is connected with scheduler module, for receiving the safety detection task that scheduler module sends, and starts scanning, and progress and the result of scanning are fed back to scheduler module;
It is handed down to online idle scan module after obtaining safety detection task, farther includes:
Whether available free scheduler module judge in online scan module scan module, if not having the scan module of free time, then remaining waiting for, until detecting that online scan module is idle, safety detection task being issued the scan module of this free time;If available free scan module, then according to the scheduling mechanism set, safety detection task is sent to the scan module of a certain free time.
9. system according to claim 8, it is characterised in that described system also includes the FTP module being connected with scan module, for receiving and store result and the form of the scanning that described scan module is uploaded after the end of scan, it is simple to user's inquiry and download.
10. system according to claim 9, it is characterised in that described system also includes the SMTP module being connected respectively with memory module and FTP module, for by mailbox registered in advance for scanning result transmission to user, reminding user in time with mail he.
11. according to Claim 8 to the system described in 10 any one, it is characterized in that, the user interface of described client is provided with scanning result querying triggering device, for the querying triggering according to user, web portal security testing result is obtained from memory module, and it is shown to user interface, wherein, described web portal security detection scanning result includes at least one of: hang horse testing result, false fraud detection result, shield detection result, sidenote testing result, tampering detection result and Hole Detection result.
12. system according to claim 11, it is characterized in that, the safety detection task obtained from memory module is sent to the idle scan module that server end is online by maximum number of tasks or by CPU and memory usage or by closest mechanism by the scheduler module of server end.
13. system according to claim 12, it is characterised in that the concrete verification mode that user registered in advance and webmaster's authority are verified is: code verification, file verification, customer service checking in any one or multiple;The site information to be detected of described user input includes: website domain name or web IP address.
14. system according to claim 8, it is characterised in that described user interface is webpage or Application Program Interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210236077.XA CN102821137B (en) | 2012-07-06 | 2012-07-06 | A kind of website security detection method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210236077.XA CN102821137B (en) | 2012-07-06 | 2012-07-06 | A kind of website security detection method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102821137A CN102821137A (en) | 2012-12-12 |
| CN102821137B true CN102821137B (en) | 2016-07-06 |
Family
ID=47304989
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210236077.XA Active CN102821137B (en) | 2012-07-06 | 2012-07-06 | A kind of website security detection method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102821137B (en) |
Families Citing this family (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103927478B (en) * | 2013-01-10 | 2018-10-09 | 腾讯科技(深圳)有限公司 | A kind of detection method of script loophole, equipment, system and master control server |
| CN103324890B (en) * | 2013-07-03 | 2018-12-21 | 百度在线网络技术(北京)有限公司 | The detection method and device that local file includes loophole are carried out to link |
| CN103581193A (en) * | 2013-11-08 | 2014-02-12 | 星云融创(北京)信息技术有限公司 | Website vulnerability scanning method, device and system |
| CN103618742B (en) * | 2013-12-09 | 2017-10-27 | 北京奇安信科技有限公司 | Webmaster's method for verifying authority |
| CN103685606B (en) * | 2013-12-23 | 2017-04-26 | 北京奇安信科技有限公司 | Associated domain name acquisition method, associated domain name acquisition system and web administrator permission validation method |
| CN104796388B (en) * | 2014-01-21 | 2018-10-12 | 中国移动通信集团公司 | A kind of method that the network equipment is scanned, relevant apparatus and system |
| CN105516053B (en) * | 2014-09-22 | 2020-05-15 | 奇安信科技集团股份有限公司 | Website security detection method and device |
| CN104506541A (en) * | 2014-12-29 | 2015-04-08 | 北京奇虎科技有限公司 | Website loophole alarming method and device |
| CN105610817A (en) * | 2015-12-25 | 2016-05-25 | 张萍 | Communication reliable security vulnerability check system for network security |
| US9906541B2 (en) | 2016-05-10 | 2018-02-27 | Allstate Insurance Company | Digital safety and account discovery |
| US10320821B2 (en) | 2016-05-10 | 2019-06-11 | Allstate Insurance Company | Digital safety and account discovery |
| CN106411578B (en) * | 2016-09-12 | 2019-07-12 | 国网山东省电力公司电力科学研究院 | A kind of web publishing system and method being adapted to power industry |
| CA3202578A1 (en) * | 2016-10-21 | 2018-04-26 | Allstate Insurance Company | Digital safety and account discovery |
| CN107087001B (en) * | 2017-05-15 | 2019-12-17 | 华中科技大学 | distributed internet important address space retrieval system |
| CN109005142B (en) * | 2017-06-06 | 2020-11-03 | 腾讯科技(深圳)有限公司 | Website security detection method, device, system, computer equipment and storage medium |
| CN110320373A (en) * | 2018-03-30 | 2019-10-11 | 深圳迈瑞生物医疗电子股份有限公司 | A kind of reagent principal curve scan method and sample analyser |
| CN109067813B (en) * | 2018-10-24 | 2020-11-20 | 腾讯科技(深圳)有限公司 | Network vulnerability detection method and device, storage medium and computer equipment |
| CN110516434B (en) * | 2019-08-12 | 2021-12-10 | 广州海颐信息安全技术有限公司 | Privileged account scanning system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101562618A (en) * | 2009-04-08 | 2009-10-21 | 深圳市腾讯计算机系统有限公司 | Method and device for detecting web Trojan |
| CN101808093A (en) * | 2010-03-15 | 2010-08-18 | 北京安天电子设备有限公司 | System and method for automatically detecting WEB security |
| CN102063484A (en) * | 2010-12-29 | 2011-05-18 | 北京安天电子设备有限公司 | Discovery method and device of third-party WEB application program |
-
2012
- 2012-07-06 CN CN201210236077.XA patent/CN102821137B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101562618A (en) * | 2009-04-08 | 2009-10-21 | 深圳市腾讯计算机系统有限公司 | Method and device for detecting web Trojan |
| CN101808093A (en) * | 2010-03-15 | 2010-08-18 | 北京安天电子设备有限公司 | System and method for automatically detecting WEB security |
| CN102063484A (en) * | 2010-12-29 | 2011-05-18 | 北京安天电子设备有限公司 | Discovery method and device of third-party WEB application program |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102821137A (en) | 2012-12-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102821137B (en) | A kind of website security detection method and system | |
| CN103023710B (en) | A kind of safety test system and method | |
| CN105871838B (en) | A kind of log-in control method and customer center platform of third party's account | |
| CN103634301B (en) | The method of the private data of user's storage in client and access server thereof | |
| US9264435B2 (en) | Apparatus and methods for access solutions to wireless and wired networks | |
| CN103475726B (en) | A kind of virtual desktop management, server and client side | |
| US7580996B1 (en) | Method and system for dynamic update of an application monitoring agent using a non-polling mechanism | |
| CN106550033A (en) | Based on the system and method that cloud computing system realizes simulation the whole network ability open platform | |
| CN109981653B (en) | Web vulnerability scanning method | |
| CN103024740B (en) | Method and system for accessing internet by mobile terminal | |
| CN104636678B (en) | The method and system of management and control is carried out under a kind of cloud computing environment to terminal device | |
| CN104168339A (en) | Method and device for preventing domain name from being intercepted | |
| CN111143207B (en) | Method for checking model training notice and training log at mobile terminal | |
| CN103685590A (en) | Method and system for obtaining IP (internet protocol) address | |
| CN107040518A (en) | A kind of private clound server log method and system | |
| CN113742676B (en) | Login management method, login management device, login management server, login management system and storage medium | |
| CN108769063A (en) | A kind of method and device of automatic detection WebLogic known bugs | |
| CN106230857A (en) | A kind of active leakage location towards industrial control system and detection method | |
| CN103179080B (en) | The cloud computer system of a kind of Internet user and the method for connection cloud computer | |
| CN110011875A (en) | Dial testing method, device, equipment and computer readable storage medium | |
| US7636852B1 (en) | Call center dashboard | |
| CN111694743A (en) | Service system detection method and device | |
| CN107274222A (en) | Advertisement placement method and device | |
| CN112118238A (en) | Method, device, system, equipment and storage medium for authentication login | |
| CN115278208A (en) | IPC security monitoring system, method and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20161215 Address after: 100015 Jiuxianqiao Chaoyang District Beijing Road No. 10, building 15, floor 17, layer 1701-26, 3 Patentee after: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. Address before: 100088 Beijing City, Xicheng District Xicheng District Xinjiekou Avenue No. 28 block D room 112 (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20180725 Address after: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Co-patentee after: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc. Patentee after: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. Address before: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Patentee before: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| CP03 | Change of name, title or address |
Address after: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088 Patentee after: Qianxin Technology Group Co.,Ltd. Patentee after: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc. Address before: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Patentee before: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. Patentee before: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc. Address after: 100044 2nd floor, building 1, yard 26, Xizhimenwai South Road, Xicheng District, Beijing Patentee after: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc. Patentee after: Qianxin Technology Group Co.,Ltd. Address before: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088 Patentee before: Qianxin Technology Group Co.,Ltd. Patentee before: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc. |
|
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 2nd Floor, Building 1, Yard 26, Xizhimenwai South Road, Xicheng District, Beijing, 100032 Patentee after: Qianxin Wangshen information technology (Beijing) Co.,Ltd. Patentee after: Qianxin Technology Group Co.,Ltd. Address before: 100044 2nd floor, building 1, yard 26, Xizhimenwai South Road, Xicheng District, Beijing Patentee before: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc. Patentee before: Qianxin Technology Group Co.,Ltd. |
|
| CP03 | Change of name, title or address |