CN111447224A - Web vulnerability scanning method and vulnerability scanner - Google Patents
Web vulnerability scanning method and vulnerability scanner Download PDFInfo
- Publication number
- CN111447224A CN111447224A CN202010224260.2A CN202010224260A CN111447224A CN 111447224 A CN111447224 A CN 111447224A CN 202010224260 A CN202010224260 A CN 202010224260A CN 111447224 A CN111447224 A CN 111447224A
- Authority
- CN
- China
- Prior art keywords
- scanning
- vulnerability
- web
- detection
- asset information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to a web vulnerability scanning method and a vulnerability scanner, which comprise deploying a plurality of scanning nodes, scanning asset information of a target software system and asset information of a target server, carrying out intelligent crawling on a web page after completing preliminary information collection, exploring different detection points in a request after completing crawling, analyzing UR L to be detected, resolving all possible detection points, cleaning all detection point data, completing preliminary screening, analyzing and counting the access amount and the access sequence of different UR L targets, judging whether scanning is needed or not through content change of UR L pages, counting and classifying results if scanning is needed, adding a label, or abandoning scanning if scanning is not needed, judging whether a vulnerability exists according to a statistical result, verifying the accuracy of the vulnerability if the vulnerability exists, or abandoning operation.
Description
Technical Field
The invention relates to the technical field of computer networks, in particular to a web vulnerability scanning method and a vulnerability scanner.
Background
The method comprises the steps that a first-stage scanning engine uses an intelligent page crawling technology, and is mainly characterized in that a site tree of the whole site is quickly and completely acquired, the process is divided into two steps of network access and link extraction, the network access can be provided with an agent when the scanning configuration is added and can support various authentication modes, client certificates and the like, after the response is acquired, the encoding mode of the response is automatically identified, the links can be extracted from static contents such as HTM L and HTM L comments, static and dynamic links can be extracted from DOM trees, JS and the like, after the first stage is completed, the scanner calls the scanning engine or plug-in units to search for detection contents aiming at the request, the main detection contents comprise UR L paths, GET method UR L parameters, POST method body parameters, request head fields and the like, and finally calls various known vulnerabilities in a vulnerability database according to the acquired detection contents, sends vulnerability detection data packets returned by the response to judge whether vulnerability data packets contain vulnerability characteristics or not to exist.
In the use process, the following problems are found: because the scanning is directly carried out after the first stage is finished and the judgment is carried out after the scanning is finished, the judgment of the page survivability is inaccurate, and a large amount of scanning time is increased; in addition, false alarm is easy to generate in the process of judging whether the loophole exists, and the loophole repetition rate is high.
Disclosure of Invention
Therefore, the technical problem to be solved by the invention is to overcome the problems of inaccurate page viability judgment, long scanning time and high vulnerability repetition rate in the prior art, so that the web vulnerability scanning method and the scanner are provided, wherein the web vulnerability scanning method and the scanner are accurate in page viability judgment, short in scanning time and low in vulnerability repetition rate.
In order to solve the technical problems, the web vulnerability scanning method comprises the following steps of deploying a plurality of scanning nodes, scanning asset information of a target software system and asset information of a target server, carrying out intelligent crawling on a web page after completing preliminary information collection, exploring different detection points in a request after the crawling is completed, analyzing UR L to be detected, resolving all possible detection points, cleaning all detection point data, completing preliminary screening, analyzing and counting the access amount and the access sequence of different UR L targets, judging whether scanning is needed or not according to content change of a UR L page, counting and classifying results if scanning is needed, adding a label, otherwise giving up scanning, judging whether a vulnerability exists or not according to the counting result, verifying the accuracy of the vulnerability if the vulnerability exists, and otherwise giving up operation.
In an embodiment of the present invention, a method for deploying a plurality of scan nodes includes: setting a front-end console, and utilizing the front-end console to interactively establish a task with a user to deploy a plurality of scanning nodes.
In one embodiment of the invention, when the intelligent crawling of the web page is carried out, the network access is carried out according to the configuration of the user in the front-end console, after the returned response data packet is received, the code format of the response is uniformly converted into UTF-8, and the crawling of the website link, the dark chain detection, the bad chain detection and the sensitive word detection are carried out.
In one embodiment of the present invention, a method for scanning asset information of a target software system and asset information of a target server comprises: and calling an information collection module in the scanner to scan the asset information of the software system of the target and the asset information of the target server.
In one embodiment of the present invention, the method for exploring different probe points in the request is as follows: and (3) a high-network concurrency and self-adaptive dynamic adjustment technology is adopted to assist the detection module to explore different detection points in the request.
In one embodiment of the invention, the preliminary screening method includes that after all the detection point data are cleaned, unnecessary data such as pictures and the like are discarded, and preliminary screening work is completed through UR L normalization and a filter.
In an embodiment of the present invention, the method for determining whether there is a vulnerability according to the statistical result includes: according to the statistical result, the scanner forms a corresponding matching rule based on a set of standard vulnerability database, the program automatically sends a data packet containing a certain vulnerability characteristic detection code, and whether the vulnerability exists is judged according to whether the response characteristic code of the vulnerability exists in the returned data packet.
In one embodiment of the invention, when verifying the accuracy of the vulnerability, the accuracy of the vulnerability is verified by calling an integrated lightweight scanning engine.
In an embodiment of the invention, when the vulnerability is verified by calling an integrated lightweight scanning engine, if no vulnerability exists in the scanning process, the vulnerability is considered to be false alarm, and the false alarm data is collected into a vulnerability management library, otherwise, the data is normally output.
The invention also provides a vulnerability scanner which comprises a node deployment module, an intelligent crawling module, an analysis module, a judgment module, a verification module and a vulnerability verification module, wherein the node deployment module is used for deploying a plurality of scanning nodes, the intelligent crawling module is used for scanning the asset information of a target software system and the asset information of a target server, conducting intelligent crawling on a web page after completing preliminary information collection, searching different detection points in a request after crawling is completed, analyzing UR L to be detected, and decomposing out all possible detection points, the judgment module is used for cleaning all point data detection points, completing preliminary screening, analyzing and counting the access amount and the access sequence of UR L with different targets, judging whether scanning is needed through the content change of UR L pages, if scanning is needed, counting and classifying results, adding tags, otherwise giving up scanning, and the verification module is used for judging whether vulnerabilities exist according to the counting results, verifying the accuracy of the vulnerabilities, otherwise giving up operation.
Compared with the prior art, the technical scheme of the invention has the following advantages:
the web vulnerability scanning method and the vulnerability scanner are characterized in that after web page intelligent crawling is completed, different detection points in a request are explored, UR L to be detected is analyzed, all possible detection points are decomposed, vulnerability detection is facilitated, all detection point data are cleaned, primary screening is completed, more accurate detection data are obtained, access amount and access sequence of different UR L targets are analyzed and counted, whether scanning is needed or not is judged through content change of UR L pages, if scanning is needed, results are counted and classified, tags are added, otherwise scanning is abandoned, due to de-duplication, integration and filtering of the detection data, detection result survivability can be judged, page types can be screened, workload of subsequent vulnerability detection is facilitated to be reduced, whether vulnerability exists or not is judged according to a statistic result, accuracy of vulnerability is verified if vulnerability exists, otherwise, operation is abandoned, and due to the fact that a secondary detection method is adopted to verify whether vulnerability exists or not, the rate is reduced, and subsequent work is also facilitated.
Drawings
In order that the present disclosure may be more readily and clearly understood, reference is now made to the following detailed description of the embodiments of the present disclosure taken in conjunction with the accompanying drawings, in which
FIG. 1 is a flow chart of a web vulnerability scanning method of the present invention.
Detailed Description
As shown in FIG. 1, the embodiment provides a web vulnerability scanning method, which comprises the following steps of S1, deploying a plurality of scanning nodes, S2, scanning asset information of a target software system and asset information of a target server, conducting intelligent crawling of a web page after completing preliminary information collection, S3, searching different detection points in a request after crawling is completed, analyzing UR L to be detected, resolving all possible detection points, S4, cleaning all detection point data, completing preliminary screening, analyzing and counting the access amount and the access sequence of UR L of different targets, judging whether scanning is needed or not through content change of UR L pages, if scanning is needed, counting and classifying results, adding tags, otherwise, giving up scanning, S5, judging whether vulnerabilities exist or not according to the counting results, if yes, verifying the accuracy of the vulnerabilities, and otherwise, giving up operation.
In the web vulnerability scanning method, in the step S1, a plurality of scanning nodes are deployed, so that the scanning speed is improved, in the step S2, the asset information of a target software system and the asset information of a target server are scanned, after the preliminary information collection is completed, the web page intelligent crawling is performed, so that the exploration of detection points is facilitated, in the step S3, after the crawling is completed, the detection points are explored aiming at different detection points in a request, UR L to be detected is analyzed, all possible detection points are decomposed, so that vulnerability detection is facilitated, in the step S4, all detection point data are cleaned, the preliminary screening is completed, more accurate detection data are obtained, the access quantity and the access sequence of different UR L targets are analyzed and counted, whether scanning is needed or not is judged through the content change of the UR L page, if scanning is needed, the results are counted and classified, if scanning is needed, otherwise, scanning is abandoned, and the detection data are subjected to deduplication, integration and filtering, so that the survival and screening of the types and screening of the pages can be judged, so that the vulnerability detection results are reduced, if the vulnerability detection is successful, the subsequent vulnerability detection verification operation is not carried out, the vulnerability verification is carried out, and if the vulnerability verification is carried out, the vulnerability verification is carried out according to the secondary verification operation is carried out, the vulnerability detection is carried out, so that the vulnerability detection rate.
The method for deploying the plurality of scanning nodes comprises the following steps: setting a front-end console, and utilizing the front-end console to interactively establish a task with a user to deploy a plurality of scanning nodes. The main functions of the front-end console include: the method comprises the steps of displaying the progress of a scanning task, displaying detected target web information, guiding a user to create, modify, delete, start, pause and stop the scanning task, and prompting the user to select, add or modify related configuration information through a popup window in the scanning process to carry out the next scanning task.
When intelligent crawling is carried out on the web page, network access is carried out according to the configuration of a user in the front-end console, after a returned response data packet is received, the code format of the response is uniformly converted into UTF-8, and website link crawling, dark chain detection, bad chain detection and sensitive word detection are carried out.
The method for scanning the asset information of the target software system and the asset information of the target server comprises the following steps: and calling an information collection module in the scanner to scan the asset information of the software system of the target and the asset information of the target server. The asset information includes website title, banner, port open, sub domain name, CMS fingerprint, operating system version, development language, WAF, CDN, middleware.
The method for exploring different detection points in the request comprises the following steps: and the detection module is assisted to explore different detection points in the request by adopting technologies such as high network concurrency, self-adaptive dynamic adjustment and the like.
The preliminary screening method comprises the steps of cleaning all detection point data, discarding unnecessary data such as pictures and the like, completing preliminary screening work through UR L standardization and a filter, and judging the survivability of detection results and screening page types due to the fact that duplicate removal, integration and filtering are carried out on the detection data, so that the workload of subsequent vulnerability detection is reduced.
The method for judging whether the vulnerability exists according to the statistical result comprises the following steps: according to the statistical result, the scanner forms a corresponding matching rule based on a set of standard vulnerability database, the program automatically sends a data packet containing a certain vulnerability characteristic detection code, and whether the vulnerability exists is judged according to whether the response characteristic code of the vulnerability exists in the returned data packet. The statistical result can be compared with a preset standard leak library, so that the leak detection method is favorable for rapidly judging whether the leak exists or not and completing one-time detection.
When the accuracy of the loophole is verified, the accuracy of the loophole is verified by calling an integrated lightweight scanning engine, and the false alarm rate is reduced and the smooth development of subsequent work is guaranteed due to the fact that secondary detection is carried out after primary detection.
And when the vulnerability is verified by calling an integrated lightweight scanning engine, if the vulnerability does not exist by scanning, the vulnerability is considered to be false alarm, the data of the false alarm is collected into a vulnerability management library, and otherwise, the data is normally output. Because the false alarm data can be automatically collected into the vulnerability management library, the false alarm rate can be effectively reduced after machine learning.
Example two
Based on the same inventive concept, the embodiment provides a vulnerability scanner, the problem solving principle of which is similar to the web vulnerability scanning method, and repeated parts are not described again.
This embodiment vulnerability scanner include:
the node deployment module is used for deploying a plurality of scanning nodes;
the intelligent crawling module is used for scanning the asset information of the target software system and the asset information of the target server, and performing intelligent crawling on the web page after primary information collection is completed;
the analysis module is used for exploring different detection points in the request after the crawling is finished, analyzing the UR L to be detected and decomposing out all possible detection points;
the judging module is used for cleaning all the detection point data, completing preliminary screening, analyzing and counting the access amount and the access sequence of UR L with different targets, judging whether scanning is needed or not according to the content change of the UR L page, counting and classifying the results if scanning is needed, adding labels, otherwise abandoning scanning;
and the verification module is used for judging whether the loopholes exist according to the statistical result, verifying the accuracy of the loopholes if the loopholes exist, and giving up the operation if the loopholes do not exist.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It should be understood that the above examples are only for clarity of illustration and are not intended to limit the embodiments. Other variations and modifications will be apparent to persons skilled in the art in light of the above description. And are neither required nor exhaustive of all embodiments. And obvious variations or modifications therefrom are within the scope of the invention.
Claims (10)
1. A web vulnerability scanning method is characterized by comprising the following steps:
step S1: deploying a plurality of scanning nodes;
step S2: scanning asset information of a target software system and asset information of a target server, and carrying out intelligent crawling on a web page after finishing primary information collection;
step S3, after crawling is completed, exploring different detection points in the request, analyzing UR L to be detected, and decomposing all possible detection points;
step S4, cleaning all the detection point data, completing preliminary screening, analyzing and counting the visit quantity and visit sequence of UR L with different targets, judging whether scanning is needed or not through the content change of UR L page, counting and classifying the results if scanning is needed, adding labels, otherwise abandoning scanning;
step S5: and judging whether a bug exists according to the statistical result, if so, verifying the accuracy of the bug, and otherwise, giving up the operation.
2. The web vulnerability scanning method of claim 1, characterized in that: the method for deploying the plurality of scanning nodes comprises the following steps: setting a front-end console, and utilizing the front-end console to interactively establish a task with a user to deploy a plurality of scanning nodes.
3. The web vulnerability scanning method of claim 2, characterized in that: when intelligent crawling is carried out on the web page, network access is carried out according to the configuration of a user in the front-end console, after a returned response data packet is received, the code format of the response is uniformly converted into UTF-8, and website link crawling, dark chain detection, bad chain detection and sensitive word detection are carried out.
4. The web vulnerability scanning method of claim 1, characterized in that: the method for scanning the asset information of the target software system and the asset information of the target server comprises the following steps: and calling an information collection module in the scanner to scan the asset information of the software system of the target and the asset information of the target server.
5. The web vulnerability scanning method of claim 1, characterized in that: the method for exploring different detection points in the request comprises the following steps: and (3) a high-network concurrency and self-adaptive dynamic adjustment technology is adopted to assist the detection module to explore different detection points in the request.
6. The method for scanning the web vulnerabilities according to claim 1, wherein the preliminary screening method comprises the steps of washing all detection point data, discarding unnecessary data such as pictures and the like, and completing the preliminary screening work through UR L normalization and a filter.
7. The web vulnerability scanning method of claim 1, characterized in that: the method for judging whether the vulnerability exists according to the statistical result comprises the following steps: according to the statistical result, the scanner forms a corresponding matching rule based on a set of standard vulnerability database, the program automatically sends a data packet containing a certain vulnerability characteristic detection code, and whether the vulnerability exists is judged according to whether the response characteristic code of the vulnerability exists in the returned data packet.
8. The web vulnerability scanning method of claim 1, characterized in that: and when the accuracy of the vulnerability is verified, verifying the accuracy of the vulnerability by calling an integrated lightweight scanning engine.
9. The web vulnerability scanning method of claim 8, wherein: and when the vulnerability is verified by calling an integrated lightweight scanning engine, if the vulnerability does not exist by scanning, the vulnerability is considered to be false alarm, the data of the false alarm is collected into a vulnerability management library, and otherwise, the data is normally output.
10. A vulnerability scanner, comprising:
the node deployment module is used for deploying a plurality of scanning nodes;
the intelligent crawling module is used for scanning the asset information of the target software system and the asset information of the target server, and performing intelligent crawling on the web page after primary information collection is completed;
the analysis module is used for exploring different detection points in the request after the crawling is finished, analyzing the UR L to be detected and decomposing out all possible detection points;
the judging module is used for cleaning all the detection point data, completing preliminary screening, analyzing and counting the access amount and the access sequence of UR L with different targets, judging whether scanning is needed or not according to the content change of the UR L page, counting and classifying the results if scanning is needed, adding labels, otherwise abandoning scanning;
and the verification module is used for judging whether the loopholes exist according to the statistical result, verifying the accuracy of the loopholes if the loopholes exist, and giving up the operation if the loopholes do not exist.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010224260.2A CN111447224A (en) | 2020-03-26 | 2020-03-26 | Web vulnerability scanning method and vulnerability scanner |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010224260.2A CN111447224A (en) | 2020-03-26 | 2020-03-26 | Web vulnerability scanning method and vulnerability scanner |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111447224A true CN111447224A (en) | 2020-07-24 |
Family
ID=71652533
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010224260.2A Pending CN111447224A (en) | 2020-03-26 | 2020-03-26 | Web vulnerability scanning method and vulnerability scanner |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111447224A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112118259A (en) * | 2020-09-17 | 2020-12-22 | 四川长虹电器股份有限公司 | Unauthorized vulnerability detection method based on classification model of lifting tree |
| CN112839047A (en) * | 2021-01-15 | 2021-05-25 | 杭州安恒信息技术股份有限公司 | Asset vulnerability scanning method, device, equipment and medium on cloud platform |
| CN113422759A (en) * | 2021-06-10 | 2021-09-21 | 杭州安恒信息技术股份有限公司 | Vulnerability scanning method, electronic device and storage medium |
| CN113596114A (en) * | 2021-07-12 | 2021-11-02 | 杭州电子科技大学 | Extensible automatic Web vulnerability scanning system and method |
| CN114595457A (en) * | 2020-12-04 | 2022-06-07 | 腾讯科技(深圳)有限公司 | Task processing method and device, computer equipment and storage medium |
| CN115622744A (en) * | 2022-09-21 | 2023-01-17 | 天津大学 | Web vulnerability scanning attack detection system under encrypted flow |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120324582A1 (en) * | 2010-02-19 | 2012-12-20 | Park Hee Jung | Service system that diagnoses the vulnerability of a web service in real time mode and provides the result information thereof |
| CN103065095A (en) * | 2013-01-29 | 2013-04-24 | 四川大学 | WEB vulnerability scanning method and vulnerability scanner based on fingerprint recognition technology |
| CN103942497A (en) * | 2013-09-11 | 2014-07-23 | 杭州安恒信息技术有限公司 | Forensics type website vulnerability scanning method and system |
| CN104301304A (en) * | 2014-09-16 | 2015-01-21 | 赛尔网络有限公司 | Vulnerability detection system based on large ISP interconnection port and method thereof |
| CN104363236A (en) * | 2014-11-21 | 2015-02-18 | 西安邮电大学 | Automatic vulnerability validation method |
| CN107392031A (en) * | 2017-08-04 | 2017-11-24 | 杭州安恒信息技术有限公司 | The scan method and device of leak |
| CN108769064A (en) * | 2018-06-26 | 2018-11-06 | 广东电网有限责任公司信息中心 | Realize the distributed asset identification and change cognitive method and system that loophole is administered |
| CN109600371A (en) * | 2018-12-08 | 2019-04-09 | 公安部第三研究所 | A kind of network layer leakage location and method |
| CN110392024A (en) * | 2018-04-20 | 2019-10-29 | 李娜 | A kind of page detection method is set with scanning engine |
-
2020
- 2020-03-26 CN CN202010224260.2A patent/CN111447224A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120324582A1 (en) * | 2010-02-19 | 2012-12-20 | Park Hee Jung | Service system that diagnoses the vulnerability of a web service in real time mode and provides the result information thereof |
| CN103065095A (en) * | 2013-01-29 | 2013-04-24 | 四川大学 | WEB vulnerability scanning method and vulnerability scanner based on fingerprint recognition technology |
| CN103942497A (en) * | 2013-09-11 | 2014-07-23 | 杭州安恒信息技术有限公司 | Forensics type website vulnerability scanning method and system |
| CN104301304A (en) * | 2014-09-16 | 2015-01-21 | 赛尔网络有限公司 | Vulnerability detection system based on large ISP interconnection port and method thereof |
| CN104363236A (en) * | 2014-11-21 | 2015-02-18 | 西安邮电大学 | Automatic vulnerability validation method |
| CN107392031A (en) * | 2017-08-04 | 2017-11-24 | 杭州安恒信息技术有限公司 | The scan method and device of leak |
| CN110392024A (en) * | 2018-04-20 | 2019-10-29 | 李娜 | A kind of page detection method is set with scanning engine |
| CN108769064A (en) * | 2018-06-26 | 2018-11-06 | 广东电网有限责任公司信息中心 | Realize the distributed asset identification and change cognitive method and system that loophole is administered |
| CN109600371A (en) * | 2018-12-08 | 2019-04-09 | 公安部第三研究所 | A kind of network layer leakage location and method |
Non-Patent Citations (1)
| Title |
|---|
| 企鹅号-对我笑一个: "WEB漏洞扫描原理", 《腾讯云+社区》 * |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112118259A (en) * | 2020-09-17 | 2020-12-22 | 四川长虹电器股份有限公司 | Unauthorized vulnerability detection method based on classification model of lifting tree |
| CN114595457A (en) * | 2020-12-04 | 2022-06-07 | 腾讯科技(深圳)有限公司 | Task processing method and device, computer equipment and storage medium |
| CN112839047A (en) * | 2021-01-15 | 2021-05-25 | 杭州安恒信息技术股份有限公司 | Asset vulnerability scanning method, device, equipment and medium on cloud platform |
| CN113422759A (en) * | 2021-06-10 | 2021-09-21 | 杭州安恒信息技术股份有限公司 | Vulnerability scanning method, electronic device and storage medium |
| CN113596114A (en) * | 2021-07-12 | 2021-11-02 | 杭州电子科技大学 | Extensible automatic Web vulnerability scanning system and method |
| CN115622744A (en) * | 2022-09-21 | 2023-01-17 | 天津大学 | Web vulnerability scanning attack detection system under encrypted flow |
| CN115622744B (en) * | 2022-09-21 | 2024-04-09 | 天津大学 | Web vulnerability scanning attack detection system under encrypted traffic |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111447224A (en) | Web vulnerability scanning method and vulnerability scanner | |
| US20170026390A1 (en) | Identifying Malware Communications with DGA Generated Domains by Discriminative Learning | |
| CN105956180B (en) | A kind of filtering sensitive words method | |
| CN111368289B (en) | Malicious software detection method and device | |
| CN107547490B (en) | Scanner identification method, device and system | |
| CN109918296B (en) | Software automation test method and device | |
| CN109104421B (en) | Website content tampering detection method, device, equipment and readable storage medium | |
| CN111858242A (en) | System log anomaly detection method and device, electronic equipment and storage medium | |
| CN111104579A (en) | Identification method and device for public network assets and storage medium | |
| KR20170035892A (en) | Recognition of behavioural changes of online services | |
| EP3016350A1 (en) | Systems, devices, and methods for separating malware and background events | |
| CN111338692A (en) | Vulnerability classification method and device based on vulnerability codes and electronic equipment | |
| CN114528457A (en) | Web fingerprint detection method and related equipment | |
| CN112311803A (en) | Rule base updating method and device, electronic equipment and readable storage medium | |
| CN110020161B (en) | Data processing method, log processing method and terminal | |
| Wurzenberger et al. | Aecid-pg: A tree-based log parser generator to enable log analysis | |
| Kozik et al. | Pattern extraction algorithm for NetFlow‐based botnet activities detection | |
| Zuo | Defense of Computer Network Viruses Based on Data Mining Technology. | |
| CN114385668A (en) | Cold data cleaning method, device, equipment and storage medium | |
| CN113468524A (en) | RASP-based machine learning model security detection method | |
| CN113282920A (en) | Log abnormity detection method and device, computer equipment and storage medium | |
| CN109389972B (en) | Quality testing method and device for semantic cloud function, storage medium and equipment | |
| EP3361405B1 (en) | Enhancement of intrusion detection systems | |
| CN105677827B (en) | A kind of acquisition methods and device of list | |
| CN112929458B (en) | Method and device for determining address of server of APP (application) and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200724 |
|
| RJ01 | Rejection of invention patent application after publication |