CN103530565A - Method and device for scanning website program bugs based on web - Google Patents
Method and device for scanning website program bugs based on web Download PDFInfo
- Publication number
- CN103530565A CN103530565A CN201310495686.1A CN201310495686A CN103530565A CN 103530565 A CN103530565 A CN 103530565A CN 201310495686 A CN201310495686 A CN 201310495686A CN 103530565 A CN103530565 A CN 103530565A
- Authority
- CN
- China
- Prior art keywords
- leak
- database
- bug
- website
- scanning
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Abstract
The invention relates to a method and system for scanning website program bugs based on a web. In the system which is composed of a system management module, a bug library management module, a bug scanning module, an external link module and a result display module, the method for scanning the website program bugs comprises the steps of (1) storing configured parameter information into an appointed database; (2) establishing a root user account and a general user account used for login, setting a target website link required to be scanned, and storing the target website link into the appointed database; (3) searching and organizing all bug types, after the login through the root user account, and establishing a bug library according to the bug types, wherein the bug library comprises bug scripts and bug mark numbers; (4) using the bug scripts in the bug library for inspecting the bugs in the target website links, calling the corresponding bug mark numbers, and scanning the website program bugs. According to the method for scanning the website program bugs, running again is not required after one-time configuration, and safety scanning can be remotely carried out on website programs at any time and place.
Description
Technical field
The present invention relates to a kind of bug scan method and device based on WEB website, belong to information security field.
Background technology
Along with various WEB applications (Web bank, ecommerce, personal space, cloud storage etc.) constantly enter people's life, if these WEB applications exist hidden danger, personal information or even WEB station system all can face security risk so.According to statistics, current 80% attack is all undertaken by WEB.
For common WEB keeper, management based on safety takies the time of a large amount of work, because the security of WEB application is carried out manual test and audited is a complexity and work consuming time, not only need patience greatly also to need professional technical experience.The Vulnerability-scanning technology of robotization can significantly be simplified the testing for potential safety hazard, contributes to WEB keeper to alleviate work load.
Known procedure site vulnerability scanner is all by C++, and dephi exploitation is worked on client computer.As Chinese patent, WEB vulnerability scanner, the patented claim of ZL201120011885.7, a kind of WEB vulnerability scanner is provided, comprise input equipment, scanning main frame and output device, scanning main frame comprises storer, arithmetical unit and the FPGA accelerator card being connected with CUP, and FPGA accelerator card is connected with CPU by pci interface.This WEB vulnerability scanner speed is fast, performance is high, compatibility is good, volume is little.But when needs scan procedure site, need to control at client's hands-operation that scanner is installed, therefore, Information Security Engineer's scans web sites needs long wait, and repeatedly operation, also needs to select client machine system environment, and configuration surroundings carrys out scans web sites.
And existing WEB safety automation scanning technique, mainly by 2 large nucleus modules, is respectively extraction module and the Hole Detection module of URL (Uniform/Universal Resource Locator, URL(uniform resource locator)).Method is mainly for some websites to be detected, first by URL extraction module, get the linking URL of whole website, then use Hole Detection module each effective URL to be carried out to detection and the confirmation of leak, in Hole Detection with in confirming, need to all detect each leak type: finally all web site urls and type all detect and confirm completely, and system can be exported the examining report of a WEB security sweep.The detection of leak and be confirmed to be part complicated and the most consuming time in WEB scanning technique, and the indiscriminate detection of carrying out the scan type traversal of every kind of leak of each effective URL of website of the prior art causes scan efficiency low, consuming time long.In to large website mass data scanning, problem is more outstanding especially.
Such as Chinese patent is a kind of, WEB is carried out safely to the system and method for robotization detection, application number: 201010124176.x, disclosed a kind of detection method comprises: URL extraction and analysis; Website hangs horse and detects; WEB application bug detects; System vulnerability detects, generates examining report.Mainly from website extension horse detection, the detection of WEB application bug, system vulnerability, detect three aspects and comprehensively and systematically WEB is detected safely.
Chinese patent application, a kind of WEB website vulnerability scanning method and apparatus, application number: 201210586173.7 disclosed methods comprise: obtain the target detection object in the tested object set of website to be detected, described target detection object comprises the page that target URL and described target URL point to; Extract the leak feature of leak to be measured in described target detection object, and generate leak proper vector to be measured according to described leak feature; Similarity between the leak standard vector to be measured of calculated threshold and described leak proper vector to be measured; When described similarity is less than preset threshold value.Can described target detection object do not detect the operation of rustling sound leak to be detected.
To sum up, the method of Hole Detection is based on URL and Hole Detection in the prior art, procedure site vulnerability scanners is all by C++, and dephi exploitation is worked on client computer, and when carrying out WEB Hole Detection, need to Hole Detection device be installed in client computer to be detected, scans web sites needs long wait, repeatedly operation, also need to select client machine system environment, configuration surroundings carrys out scans web sites.
Summary of the invention
The present invention has supplied a kind of procedure site vulnerability scanning method and scanister based on WEB in order to solve above-mentioned technical matters, the crawler technology that uses the cross-platform language java that increases income to write, to after the link deduplication of targeted website, be kept at database, then use the script of vulnerability database to check whether web site url exists leak, if there is leak, calling the leak of the numbering of corresponding public information vulnerability database describes and settling mode, arrangement becomes document, offers Information Security Engineer and checks.
Technical scheme of the present invention is as follows: a kind of bug scan method based on WEB website, the steps include:
1) configuration parameter information, and the parameter information configuring is kept in specified database;
2) set up root user and general user's account for login, and setting needs the targeted website link of scanning to be saved in described specified database;
3) collect and arrange the website that springs a leak, according to described leak website set up vulnerability database after signing in to database by root user account, described vulnerability database comprises leak script and leak label;
4) use the leak script in described vulnerability database to check whether the link of described targeted website exists leak, if there is leak, calls corresponding leak label, scans procedure site leak.
Further, described specified database is MYSQL database or SQL Server database.
Further, described root user account carries out user account number interpolation, deletion, modification in database.
Further, the link of described targeted website is by preserving after MD5/MD4 computing duplicate removal.
Further, described gathering method comprises one or more following methods: 1) by the leak that fail-safe software field business regularly publishes both at home and abroad; 2) by collecting mainstream operation system product man, prop up with large evaluation and test the leak that structure provides; 3) hand digging also requires real-time update on request.
Further, described leak label is increased in vulnerability database according to the leak of collecting.
Further, described script comprises: JS script, sh.bat script.
Further, according to described general user's account configuration need scanning targeted website link, need scans web sites bug type and sweep time section.
Further, described procedure site leak type comprises: Loopholes of OS, Web server leak, database server leak
Further, the present invention also proposes a kind of bug scanister based on WEB website, comprising: system management module, vulnerability database administration module, vulnerability scanning module, external linkage module, result display module; Described system management module is connected and sets parameter information with vulnerability database administration module by computing machine, and configuration parameter information is kept in database; Described vulnerability scanning module is connected with external linkage module by network, set to need scanning website, carry out user account number interpolation, delete, revise; To after the link deduplication of targeted website, set up vulnerability database simultaneously; Use the script in vulnerability database to check whether web site url exists leak; Described result display module is as output.
Described system management module, is used java exploitation, can in different operating system platforms, use.For managing the login user of scanister and the setting substantially of system.User can sign in to user management part with root can carry out user account number interpolation, deletes, and revises.Root user can carry out user account number interpolation, deletes, and revises.While using domestic consumer's login, user can only carry out basic setup, only includes Modify password etc.
Described vulnerability database administration module is mainly to manage the vulnerability information of having collected.Existing vulnerability information is increased, delete, revise etc.This module can only be used root user management, i.e. system manager's user management.
Described vulnerability scanning module, user enters after system with domestic consumer, the leak type that configuration needs the website of scanning to scan, and configuration information is kept in database.Configuration information comprises: the web site url of scanning, and sweep time section, leak type comprises: Loopholes of OS, Web server leak, database server leak.
Described external linkage module, domestic consumer enters after system, and keeper links needs scans web sites.That backstage acquiescence is carried out herein.
Described result display module, after scanning completes, according to the result in database, carries out formatted message processing to the result, and is the visual form of user by format conversion.The target of format is the information of obtaining obtaining scanner, is generally leak number or a brief explanation, is output as the document of the textual forms such as word, txet, so that Information Security Engineer checks after this type of information is concluded and arranged.
Beneficial effect of the present invention:
Meeting of the present invention to take vulnerability database management as contrast is according to carrying out obtaining of corresponding configuration information to website, and is carried out the optimization processes such as deduplication by the information of obtaining according to configuration information.After vulnerability scanning method once configures, just do not need again to move, Information Security Engineer can long-range carry out security sweep to website whenever and wherever possible.Vulnerability scanner is compared and existing device, existing mode must be installed to vulnerability scanners in the client computer that needs scanning, the vulnerability scanner that the present invention proposes can be installed to any machine and realize remote scanning by network, and the restriction of separating system.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet of the bug scan method based on WEB website.
Fig. 2 is the modules schematic diagram of the bug scanister based on WEB website.
Fig. 3 is scanning process schematic diagram in an embodiment of the bug scan method based on WEB website.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, be understandable that, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Embodiment based in the present invention, those skilled in the art, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.
Be the schematic flow sheet of the bug scan method based on WEB website as shown in Figure 1, concrete steps are as follows:
Step 1, sets parameter information, and configuration parameter information is kept in database; Described database is MYSQL database, SQL Server database, and the type of described database is not limited to technical scheme of the present invention, therefore do not limit in embodiments of the present invention.Parameter information comprises: data are preserved number of days, and how the master data parameters such as System Operation Log storage directory understand parameters with those skilled in the art know that.
Step 2, is used root user and/or domestic consumer's login, proceeds as follows: setting needs the website of scanning, carries out user account number interpolation, deletes, and revises; Simultaneously by the link deduplication of targeted website, duplicate removal operation is to carry out after a MD5/MD4 computing with web site url, by comparison MD5/MD4 value, if MD5/MD4 value is identical, is just considered as repetition, then removal.After be kept at database, the database of indication is Mysql database herein.Described duplicate removal computing can be multiple to those skilled in the art, in the embodiment of the present invention, does not limit.
Set up vulnerability database, after the foundation of described vulnerability database is the root user login of passing through, deposited in Mysql or SQL Server database after arranging website leak by collection.
Gathering method includes but not limited to one or more following methods: one, by the leak that fail-safe software manufacturer regularly publishes both at home and abroad; Two, by collecting mainstream operation system product man, prop up with large evaluation and test the leak that structure provides; Three, there is special messenger to be responsible for excavating and finding; Four, require real-time update.
At described leak database, comprise the label of script and leak.Described leak label is increased in vulnerability database according to the leak of collecting; Script comprises: JS, the common script such as sh.bat.
Step 3, is used the script in vulnerability database to check whether web site url exists leak, if there is leak, calls the leak of the numbering of corresponding public information vulnerability database and describes and solution, is organized into document, offers Information Security Engineer and checks.
Be illustrated in figure 2 the modules schematic diagram of the bug scanister based on WEB website, in one embodiment of the invention, also propose a kind of scanister of the procedure site vulnerability scanning based on WEB, comprise following main modular:
System management module is connected and sets parameter information with vulnerability database administration module by computing machine, and configuration parameter information is kept in database;
Vulnerability scanning module is connected with external linkage module by network, set to need scanning website, carry out user account number interpolation, delete, revise; To after the link deduplication of targeted website, set up vulnerability database simultaneously; Use the script in vulnerability database to check whether web site url exists leak;
Result display module is as output.
Below the detailed introduction for modules:
System management module
The present invention uses java exploitation, can in different operating system platforms, use, and the characteristic of java language is in the field of business generally acknowledged, and this module is mainly the management user of scanner and the setting substantially of system.User can sign in to user management part with root can carry out user account number interpolation, deletes, and revises.Root user can carry out user account number interpolation, deletes, and revises.While using domestic consumer's login, user can only carry out basic setup, only includes Modify password etc.
Vulnerability database administration module
This module is mainly to manage the vulnerability information of having collected.Existing vulnerability information is increased, delete, revise etc.This module can only be used root user management, i.e. system manager's user management.
Vulnerability scanning module
User enters after system with domestic consumer, configuration need scanning website, need the leak type of scanning etc., after user clicks and determines, configuration information will be kept in database.The only web site url of needs configuration scanning, and sweep time section, bug type comprises: Loopholes of OS, Web server leak, database server leak, above leak type clearly states in the industry.
Concrete configuration is as follows:
If the domain name of the scanning that web site url refers to, as
www.163.com.
Sweep time, section referred to when section scans appointed website; If 20130620~20130630 expression sections sweep time are for specifying in 10 days and scan at this.
Loopholes of OS: Loopholes of OS refers to the existing problem of computer operating system (as Windows XP) itself or technological deficiency, operating system product supplier can regularly provide to known bugs issue patch the service of reparation conventionally.
WEB server leak: the main leak that Web server exists comprises physical pathway leakage, CGI source code is revealed, directory traversal, carry out order arbitrarily, buffer overflow, denial of service, SQL injects, condition competition and cross site scripting are carried out leak, the place a bit similar with CGI leak, and place but more is still essentially different.No matter be but what leak, all embodying safety is a whole truth, considers the security of Web server, must consider operating system with matching.
Database leak: caused by inferior database, from originating, roughly can be divided into four classes: the bug of the leak on default installation leak, artificial use, database design defect, database product.Website leak generally may be by operating system, and database leak causes.
The present invention will be according to configuration information to take vulnerability database management as contrast is according to carrying out obtaining of corresponding configuration information to website, and by the optimization processes such as information deduplication of obtaining.
External linkage module
Domestic consumer enters after system, and keeper specifies needs scans web sites link.That backstage acquiescence is carried out herein.
Result display module
After having scanned, according to the result in database, the result is carried out to formatted message processing, and be the visual form of user by format conversion.The target of format is the information of obtaining obtaining scanner, is generally leak number or a brief explanation, is output as the document of the textual forms such as word, txet, so that Information Security Engineer checks after this type of information is concluded and arranged.
Fig. 3 is scanning process schematic diagram in an embodiment of the bug scan method based on WEB website, and step comprises:
1) user signs in to system, and configuration parameter information is also kept in specified database, starts to scan;
2) use the leak script in described vulnerability database to check the leak in the link of described targeted website, call corresponding leak label, scan procedure site leak;
3) after having scanned, according to the result in database, the result is carried out to formatted message processing, and be the visual form of user by format conversion;
4) if the result that obtains of scanning is leak website, real-time update database.
Claims (10)
1. the bug scan method based on WEB website, the steps include:
1) configuration parameter information being kept in specified database;
2) set up root user and general user's account for login, set and need the targeted website of scanning to link and be saved in described specified database;
3) collect and arrange out leaky type, by setting up vulnerability database according to described leak type after the login of root user account, described vulnerability database comprises leak script and leak label;
4) when general user's account is logined, use the leak script in described vulnerability database to check the leak in the link of described targeted website, call corresponding leak label, scan bug.
2. the bug scan method based on WEB website as claimed in claim 1, is characterized in that, specified database is MYSQL database or SQL Server database.
3. the bug scan method based on WEB website as claimed in claim 1, is characterized in that, described root user account carries out the interpolation of general user's account number, deletion, modification in database.
4. the bug scan method based on WEB website as claimed in claim 1, is characterized in that, the link of described targeted website is by preserving after MD5/MD4 computing duplicate removal.
5. the bug scan method based on WEB website as claimed in claim 1, is characterized in that, described gathering method comprises one or more following methods: 1) by the leak that fail-safe software manufacturer regularly publishes both at home and abroad; 2) by collecting mainstream operation system product man, prop up with large evaluation and test the leak that structure provides; 3) hand digging also requires real-time update on request.
6. the bug scan method based on WEB website as claimed in claim 1, is characterized in that, described leak label is increased in vulnerability database according to the leak of collecting.
7. the bug scan method based on WEB website as claimed in claim 1, is characterized in that, described script comprises: JS script, sh.bat script.
8. the bug scan method based on WEB website as claimed in claim 1, is characterized in that, according to described general user's account configuration need scanning targeted website link, need to scan leak type and sweep time section.
9. the bug scan method based on WEB website as claimed in claim 8, is characterized in that, described leak type comprises: Loopholes of OS, Web server leak, database server leak.
10. the bug scanister based on WEB website, is characterized in that, comprising: system management module, vulnerability database administration module, vulnerability scanning module, external linkage module, result display module:
Described system management module is connected and sets parameter information with vulnerability database administration module by computing machine, and configuration parameter information is kept in database, and this module is established setting substantially for what manage the login user of scanister and system simultaneously;
Described vulnerability scanning module is connected with external linkage module by network, the leak type that configuration needs the website of scanning to scan, and configuration information is kept in database; Configuration information comprises: the web site url of scanning, and sweep time section, leak type comprises: Loopholes of OS, Web server leak, database server leak;
Described external linkage module, described targeted website is linked at the execution of system backstage and enters external linkage module, externally in link module, uses the script in vulnerability database to check whether web site url exists leak;
Described result display module, after scanning completes, according to the result in database, carries out formatted message processing to the result, and is the visual form of user by format conversion.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310495686.1A CN103530565A (en) | 2013-10-21 | 2013-10-21 | Method and device for scanning website program bugs based on web |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310495686.1A CN103530565A (en) | 2013-10-21 | 2013-10-21 | Method and device for scanning website program bugs based on web |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103530565A true CN103530565A (en) | 2014-01-22 |
Family
ID=49932567
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310495686.1A Pending CN103530565A (en) | 2013-10-21 | 2013-10-21 | Method and device for scanning website program bugs based on web |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103530565A (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104008038A (en) * | 2014-05-08 | 2014-08-27 | 百度在线网络技术(北京)有限公司 | Method and device for detecting and evaluating software |
| CN105141647A (en) * | 2014-06-04 | 2015-12-09 | 中国银联股份有限公司 | Method and system for detecting Web application |
| CN105447102A (en) * | 2015-11-12 | 2016-03-30 | 中国科学院软件研究所 | Data drive based open-source operating system threat state visualization system and method |
| CN105610776A (en) * | 2015-09-24 | 2016-05-25 | 中科信息安全共性技术国家工程研究中心有限公司 | Cloud calculating IaaS layer high risk safety loophole detection method and system thereof |
| CN108182365A (en) * | 2017-12-18 | 2018-06-19 | 北京天融信网络安全技术有限公司 | Leak detection method, equipment and computer readable storage medium based on CPE |
| WO2019085074A1 (en) * | 2017-10-31 | 2019-05-09 | 平安科技(深圳)有限公司 | Website vulnerability scanning method and apparatus, computer device and storage medium |
| CN110378122A (en) * | 2019-06-28 | 2019-10-25 | 公安部第三研究所 | The system and method for reducing and failing to report and report by mistake situation are realized for WEB scanner loophole |
| CN110705603A (en) * | 2019-09-10 | 2020-01-17 | 深圳开源互联网安全技术有限公司 | Method and system for dynamically judging similarity of user request data |
| CN110837646A (en) * | 2019-10-31 | 2020-02-25 | 国网河北省电力有限公司电力科学研究院 | Risk investigation device of unstructured database |
| CN111291385A (en) * | 2020-05-12 | 2020-06-16 | 深圳开源互联网安全技术有限公司 | JS script file vulnerability detection method and system |
| CN111831527A (en) * | 2020-07-16 | 2020-10-27 | 中国建设银行股份有限公司 | Method, apparatus, electronic device, and medium for scanning database performance problems |
| CN113343246A (en) * | 2021-05-28 | 2021-09-03 | 福建榕基软件股份有限公司 | Method and terminal for detecting database bugs |
| CN114070812A (en) * | 2016-10-21 | 2022-02-18 | 好事达保险公司 | System and method for digital security and account discovery |
| US11895131B2 (en) | 2016-05-10 | 2024-02-06 | Allstate Insurance Company | Digital safety and account discovery |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070186285A1 (en) * | 2000-11-28 | 2007-08-09 | Hurst Dennis W | Webcrawl internet security analysis and process |
| CN101808093A (en) * | 2010-03-15 | 2010-08-18 | 北京安天电子设备有限公司 | System and method for automatically detecting WEB security |
| CN101964025A (en) * | 2009-07-23 | 2011-02-02 | 中联绿盟信息技术(北京)有限公司 | XSS (Cross Site Scripting) detection method and device |
| US8296848B1 (en) * | 2007-06-20 | 2012-10-23 | Symantec Corporation | Control flow redirection and analysis for detecting vulnerability exploitation |
| CN102819710A (en) * | 2012-08-22 | 2012-12-12 | 西北工业大学 | Cross-site script vulnerability detection method based on percolation test |
| CN102970282A (en) * | 2012-10-31 | 2013-03-13 | 北京奇虎科技有限公司 | Website security detection system |
-
2013
- 2013-10-21 CN CN201310495686.1A patent/CN103530565A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070186285A1 (en) * | 2000-11-28 | 2007-08-09 | Hurst Dennis W | Webcrawl internet security analysis and process |
| US8296848B1 (en) * | 2007-06-20 | 2012-10-23 | Symantec Corporation | Control flow redirection and analysis for detecting vulnerability exploitation |
| CN101964025A (en) * | 2009-07-23 | 2011-02-02 | 中联绿盟信息技术(北京)有限公司 | XSS (Cross Site Scripting) detection method and device |
| CN101808093A (en) * | 2010-03-15 | 2010-08-18 | 北京安天电子设备有限公司 | System and method for automatically detecting WEB security |
| CN102819710A (en) * | 2012-08-22 | 2012-12-12 | 西北工业大学 | Cross-site script vulnerability detection method based on percolation test |
| CN102970282A (en) * | 2012-10-31 | 2013-03-13 | 北京奇虎科技有限公司 | Website security detection system |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104008038B (en) * | 2014-05-08 | 2017-06-20 | 百度在线网络技术(北京)有限公司 | The evaluating method and device of software |
| CN104008038A (en) * | 2014-05-08 | 2014-08-27 | 百度在线网络技术(北京)有限公司 | Method and device for detecting and evaluating software |
| CN105141647A (en) * | 2014-06-04 | 2015-12-09 | 中国银联股份有限公司 | Method and system for detecting Web application |
| CN105141647B (en) * | 2014-06-04 | 2018-09-21 | 中国银联股份有限公司 | A kind of method and system of detection Web applications |
| CN105610776A (en) * | 2015-09-24 | 2016-05-25 | 中科信息安全共性技术国家工程研究中心有限公司 | Cloud calculating IaaS layer high risk safety loophole detection method and system thereof |
| CN105447102B (en) * | 2015-11-12 | 2019-06-14 | 中国科学院软件研究所 | Open source operating system threatened status visualization system and method based on data-driven |
| CN105447102A (en) * | 2015-11-12 | 2016-03-30 | 中国科学院软件研究所 | Data drive based open-source operating system threat state visualization system and method |
| US11895131B2 (en) | 2016-05-10 | 2024-02-06 | Allstate Insurance Company | Digital safety and account discovery |
| CN114070812B (en) * | 2016-10-21 | 2023-10-03 | 好事达保险公司 | System and method for digital security and account discovery |
| CN114070812A (en) * | 2016-10-21 | 2022-02-18 | 好事达保险公司 | System and method for digital security and account discovery |
| WO2019085074A1 (en) * | 2017-10-31 | 2019-05-09 | 平安科技(深圳)有限公司 | Website vulnerability scanning method and apparatus, computer device and storage medium |
| CN108182365A (en) * | 2017-12-18 | 2018-06-19 | 北京天融信网络安全技术有限公司 | Leak detection method, equipment and computer readable storage medium based on CPE |
| CN108182365B (en) * | 2017-12-18 | 2021-11-16 | 北京天融信网络安全技术有限公司 | CPE-based vulnerability detection method, device and computer-readable storage medium |
| CN110378122A (en) * | 2019-06-28 | 2019-10-25 | 公安部第三研究所 | The system and method for reducing and failing to report and report by mistake situation are realized for WEB scanner loophole |
| CN110705603A (en) * | 2019-09-10 | 2020-01-17 | 深圳开源互联网安全技术有限公司 | Method and system for dynamically judging similarity of user request data |
| CN110705603B (en) * | 2019-09-10 | 2020-11-06 | 深圳开源互联网安全技术有限公司 | Method and system for dynamically judging similarity of user request data |
| CN110837646A (en) * | 2019-10-31 | 2020-02-25 | 国网河北省电力有限公司电力科学研究院 | Risk investigation device of unstructured database |
| CN111898131A (en) * | 2020-05-12 | 2020-11-06 | 深圳开源互联网安全技术有限公司 | JS script file vulnerability detection method and system |
| CN111291385B (en) * | 2020-05-12 | 2020-09-01 | 深圳开源互联网安全技术有限公司 | JS script file vulnerability detection method and system |
| CN111898131B (en) * | 2020-05-12 | 2023-04-04 | 深圳开源互联网安全技术有限公司 | JS script file vulnerability detection method and system |
| CN111291385A (en) * | 2020-05-12 | 2020-06-16 | 深圳开源互联网安全技术有限公司 | JS script file vulnerability detection method and system |
| CN111831527A (en) * | 2020-07-16 | 2020-10-27 | 中国建设银行股份有限公司 | Method, apparatus, electronic device, and medium for scanning database performance problems |
| CN113343246A (en) * | 2021-05-28 | 2021-09-03 | 福建榕基软件股份有限公司 | Method and terminal for detecting database bugs |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103530565A (en) | Method and device for scanning website program bugs based on web | |
| US8365290B2 (en) | Web application vulnerability scanner | |
| CN108830084B (en) | Handheld terminal for realizing vulnerability scanning and protection reinforcement and protection method | |
| CN108347430A (en) | Network invasion monitoring based on deep learning and vulnerability scanning method and device | |
| CN106982194A (en) | Vulnerability scanning method and device | |
| CN107273748A (en) | A kind of method that Android system Hole Detection is realized based on leak poc | |
| CN109684847B (en) | Automatic repairing method, device, equipment and storage medium for script loopholes | |
| CN104219316A (en) | Method and device for processing call request in distributed system | |
| CN104200167A (en) | Automatic penetration testing method and system | |
| CN105391729A (en) | Web loophole automatic mining method based on fuzzy test | |
| CN101964025A (en) | XSS (Cross Site Scripting) detection method and device | |
| CN111353151B (en) | Vulnerability detection method and device for network application | |
| CN103647678A (en) | Method and device for online verification of website vulnerabilities | |
| CN104184728A (en) | Safety detection method and device for Web application system | |
| CN104601573A (en) | Verification method and device for Android platform URL (Uniform Resource Locator) access result | |
| CN103678692A (en) | Safety scanning method and device of downloaded file | |
| CN104462983B (en) | A kind of PHP source code processing method and system | |
| CN110059007B (en) | System vulnerability scanning method and device, computer equipment and storage medium | |
| CN105204986A (en) | Automated product testing method, server and mobile equipment | |
| CN1870493A (en) | Scanning method for network station leakage | |
| CN109413046A (en) | A kind of network protection method, system and terminal device | |
| CN106789869B (en) | Traffic proxy vulnerability detection method and system based on Basic authentication | |
| CN110717184A (en) | Distributed safety test system | |
| CN104899505A (en) | Software detection method and software detection device | |
| CN105100065A (en) | Cloud-based webshell attack detection method, cloud-based webshell attack detection device and gateway |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140122 |