CN106033512A - Security vulnerability reinforcing method and system - Google Patents
Security vulnerability reinforcing method and system Download PDFInfo
- Publication number
- CN106033512A CN106033512A CN201510125925.3A CN201510125925A CN106033512A CN 106033512 A CN106033512 A CN 106033512A CN 201510125925 A CN201510125925 A CN 201510125925A CN 106033512 A CN106033512 A CN 106033512A
- Authority
- CN
- China
- Prior art keywords
- security breaches
- server
- testing result
- reinforcing
- detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a security vulnerability reinforcing method and system. The method comprises the steps of scanning security vulnerabilities of a server, and generating a detection result; analyzing the detection result, and generating a reinforcing file corresponding to the detection result; and performing security vulnerability reinforcement upon the server according to the reinforcing file. Through implementation of the invention, the system automatically detects security vulnerabilities of the server to obtain the detection result of the security vulnerabilities, analyzes the detection result and generates a corresponding reinforcing file, and performs security vulnerability reinforcement upon the server according to the reinforcing file. Manual analysis or manual reinforcement of the security vulnerabilities of the server is not needed, interference caused by manual analysis and manual reinforcement of the security vulnerabilities is prevented, and processing effect of the security vulnerabilities is better.
Description
Technical field
The present invention relates to the security breaches management domain of server, particularly relate to a kind of security breaches reinforcement means
And system.
Background technology
Linux system is as the operating system increased income, due to its low cost, and maintainable advantages of higher, deeply it is subject to
The favor of each big product producer, but owing to the Some features that linux is intrinsic makes it there is also certain fraud
End, as improper in configuration, it is easily subject to the attack of hacker, is based especially on the server etc. of linux system.
In order to ensure the safe operation of server, need the security breaches to server to carry out detection and reinforce, when
Front for server based on linux system, its security flaw detection method is: manually take to linux
Business device does security sweep, and generating report descendant is to analyze, and manually completes reinforcing;This processing mode is done not only
Consolidation effect varies with each individual, and greatly consumes manpower and materials.
Therefore, how to provide a kind of security breaches reinforcement cost solving existing artificial reinforced server higher
The security breaches reinforcement means of the server security leak of problem, is those skilled in the art's skills urgently to be resolved hurrily
Art problem.
Summary of the invention
The invention provides a kind of security breaches reinforcement means and system, to solve existing manual analysis reinforcing clothes
The problem that business device security breaches are relatively costly.
The invention provides a kind of security breaches reinforcement means, in one embodiment, the method includes: sweep
Retouch the security breaches of server, generate testing result;Analyze testing result, generate the reinforcing literary composition of testing result
Part;According to reinforcing the file security breaches consolidation process to server.
Further, the security breaches of the scanning server in above-described embodiment, generate testing result and include:
Uploading detection script, to server, utilizes the security breaches of detection script detection server, generates testing result.
Further, the analysis testing result in above-described embodiment, the reinforcing file generating testing result includes:
According to examination criteria, testing result is analyzed, generates and reinforce file.
Further, the examination criteria in above-described embodiment includes: the mark of security breaches, detailed description,
Solution and reinforcing script position.
Further, above-described embodiment, before the security breaches consolidation process to server, also includes: carry
Awake user chooses whether to reinforce, if detection user selects to reinforce, then reinforces server.
Present invention provides a kind of security breaches hardened system, comprising: scanning means, be used for scanning clothes
The security breaches of business device, generate testing result;Analytical equipment, is used for analyzing testing result, generates detection knot
The reinforcing file of fruit;Bracing means, for according to reinforcing the file security breaches consolidation process to server.
Further, the scanning means in above-described embodiment is specifically for uploading detection script to server, profit
By the security breaches of detection script detection server, generate testing result.
Further, the analytical equipment in above-described embodiment is specifically for entering testing result according to examination criteria
Row is analyzed, and generates and reinforces file.
Further, the security breaches hardened system in above-described embodiment also includes storing device, is used for storing
Examination criteria, examination criteria includes: the mark of security breaches, detailed description, solution and stiffleg
This position.
Further, the security breaches hardened system in above-described embodiment also includes alarm set, for right
Before the security breaches consolidation process of server, user is reminded to choose whether to reinforce, if detection user selects to add
Gu, then trigger bracing means and reinforce server.
Beneficial effects of the present invention:
The security breaches reinforcement means of present invention offer and system, leaked the safety of server automatically by system
Hole carries out detection and obtains the testing result of security breaches, analyzes testing result and generates corresponding reinforcing file, root
According to reinforcing file, security breaches are carried out consolidation process, it is no longer necessary to manual analysis and the safety of reinforcing server
Leak, it is to avoid manually analysis and the interference of reinforcing to security breaches, the treatment effect of security breaches is more preferable.
Accompanying drawing explanation
The schematic diagram of the security breaches hardened system that Fig. 1 provides for first embodiment of the invention;
The flow chart of the security breaches reinforcement means that Fig. 2 provides for second embodiment of the invention;
The flow chart of the security breaches reinforcement means that Fig. 3 provides for third embodiment of the invention;
The flow chart of the security breaches reinforcement means that Fig. 4 provides for fourth embodiment of the invention.
Detailed description of the invention
Now by the way of detailed description of the invention combines accompanying drawing, the present invention is made and further annotate explanation.
First embodiment:
The schematic diagram of the security breaches hardened system that Fig. 1 provides for first embodiment of the invention, as shown in Figure 1,
In the present embodiment, the security breaches hardened system 1 that the present invention provides includes:
Scanning means 11, is connected with server 2, for the security breaches of scanning server, generates detection knot
Really;Server involved by the application includes various server based on linux system, such as data base, NTP
Server, dns server etc., it is also possible to be various server based on systems such as Windows, Unix, under
Literary composition illustrates as a example by server based on linux system;
Analytical equipment 12, is used for analyzing testing result, generates the reinforcing file corresponding with testing result;
Bracing means 13, is connected with server 2, for according to reinforcing the file security breaches to server 2
Consolidation process.
In actual applications, scanning means 11 and bracing means 13 can be realized by iTool instrument, it is possible to
To be realized by special server.
In certain embodiments, the scanning means 11 in above-described embodiment is specifically for uploading detection script extremely clothes
Business device, utilizes the security breaches of detection script detection server, generates testing result.
In certain embodiments, the analytical equipment 12 in above-described embodiment specifically for according to examination criteria to inspection
Survey result is analyzed, and generates and reinforces file.
In certain embodiments, the security breaches hardened system 1 in above-described embodiment also includes storing device 14,
It is connected with analytical equipment 12, for storage and provides examination criteria, examination criteria to include to analytical equipment 12:
The mark of security breaches, detailed description, solution and reinforcing script position.
In certain embodiments, the security breaches hardened system 1 in above-described embodiment also includes alarm set 15,
It is connected with bracing means 13, for before the security breaches consolidation process to server, reminds user to select
Whether reinforce, if detection user selects to reinforce, then trigger bracing means 13 and reinforce the security breaches of server.
Second embodiment:
The flow chart of the security breaches reinforcement means that Fig. 2 provides for second embodiment of the invention, as shown in Figure 2,
In the present embodiment, the security breaches reinforcement means that the present invention provides comprises the following steps:
The security breaches of S201: scanning server, generate testing result;
S202: analyze testing result, generate the reinforcing file corresponding to testing result;
S203: according to reinforcing the file security breaches consolidation process to server.
In certain embodiments, the security breaches of the scanning server in above-described embodiment, generate testing result
Including: uploading detection script to server, utilize the security breaches of detection script detection server, generate inspection
Survey result.
In certain embodiments, the analysis testing result in above-described embodiment, generate the reinforcing literary composition of testing result
Part includes: be analyzed testing result according to examination criteria, generates and reinforces file.
In certain embodiments, the examination criteria in above-described embodiment includes: the mark of security breaches, in detail
Illustrate, solution and reinforce script position.
In certain embodiments, above-described embodiment, before the security breaches consolidation process to server, also wraps
Include: remind user to choose whether to reinforce, if detection user selects to reinforce, then reinforce server.
Now by concrete application example the present invention done and further annotate explanation, in the examples below,
Detection device involved in the present invention and bracing means are realized by iTool instrument, and server is Linux
Server, analytical equipment is realized by DAM (data analysis module, data analysis module) server,
Storage device is realized by DB storage server.
3rd embodiment:
The flow chart of the security breaches reinforcement means that Fig. 3 provides for third embodiment of the invention, from the figure 3, it may be seen that
In the present embodiment, the security breaches reinforcement means that the present invention provides comprises the following steps:
S301-S302:iTool instrument timing/periodically/artificial triggering server security vulnerability scanning task,
Issue detection script to Linux server;The security breaches of detection script detection server Linux server,
Generate and feed back testing result;
S303:iTool instrument uploading detection result is to DAM server;
S304-S305:DAM server obtains, from DB storage server, parameters such as reinforcing file, generates and reinforces literary composition
Part, reinforcing file can be xml document etc.;
S306:DAM server sends reinforces file to iTool instrument;
S307-S308:iTool instrument issues reinforcing request to server, after user selects to reinforce, adds Guan County
Full leak;Server, after reinforcing completes, returns to iTool instrument and reinforces success response.
4th embodiment:
The flow chart of the security breaches reinforcement means that Fig. 4 provides for fourth embodiment of the invention, as shown in Figure 4,
In the present embodiment, the security breaches reinforcement means that the present invention provides comprises the following steps:
S401: scanning means performs security scan by iTool instrument to Linux server, generates inspection
Survey result.
Scanning means in security breaches hardened system by iTool instrument to Linux server (as based on
The data base of linux system, ntp server, dns server etc.) uploading detection script, and utilize detection
Script performs vulnerability scanning, generates testing result.
S402: scanning means uploading detection result is to analytical equipment.
Detection is tied with specific host-host protocol by the scanning means in security breaches hardened system by protocol interface
Fruit is uploaded to analytical equipment (DAM server etc.).
The judgement of S403: scanning means is uploaded the most successful, if success, then performs step S404, if whether,
Then return and perform step S402.
Scanning means discriminatory analysis device in security breaches hardened system whether be successfully received testing result with
Judge whether testing result is uploaded successfully, as by judging whether to receive the response message of analytical equipment feedback
Etc. mode, if receiving response message, then uploading successfully, otherwise uploading failure.
Testing result analyzed by S404: analytical equipment, and generates reinforcing file.
Analytical equipment in security breaches hardened system is according to the examination criteria analysis detection knot of storage device storage
Really, and generate correspondence reinforcing file, such as the formatted files such as xml, ini, txt, its leak safe to carry
The information such as the corresponding storage address reinforcing file.
S405: alarm set reminds whether user reinforces, if reinforcing, then performs step S405, if not reinforcing,
Then flow process terminates.
Alarm set in security breaches hardened system reminds whether user reinforces, if user selects to reinforce, then
Performing step S405, if not reinforcing, then flow process terminates.
S406: analytical equipment issues reinforcing file and reinforces server to bracing means, bracing means.
In security breaches hardened system, reinforcing file being issued to bracing means, bracing means passes through itool
The reinforcing file that security breaches are corresponding downloaded by instrument, and the security breaches of server are carried out structure.
In summary, by the enforcement of the present invention, at least there is following beneficial effect:
The present invention by system automatically security breaches to server carry out detection and obtain the detection knot of security breaches
Really, analyze testing result and generate corresponding reinforcing file, according to reinforcing file, security breaches are carried out at reinforcing
Reason, it is no longer necessary to manual analysis and reinforce the security breaches of server, it is to avoid manually security breaches are divided
Analysis and the interference reinforced, the treatment effect of security breaches is more preferable.
Below it is only the detailed description of the invention of the present invention, not the present invention is done any pro forma restriction,
Any simple modification that embodiment of above is done by every technical spirit according to the present invention, equivalent variations,
In conjunction with or modify, all still fall within the protection domain of technical solution of the present invention.
Claims (10)
1. a security breaches reinforcement means, it is characterised in that including:
The security breaches of scanning server, generate testing result;
Analyze described testing result, generate the reinforcing file corresponding with described testing result;
According to the described reinforcing file security breaches consolidation process to described server.
2. security breaches reinforcement means as claimed in claim 1, it is characterised in that scanning server
Security breaches, generate testing result and include: uploading detection script to described server, utilize described detection foot
The security breaches of the described server of this detection, generate described testing result.
3. security breaches reinforcement means as claimed in claim 1, it is characterised in that analyze described detection
As a result, generate the reinforcing file corresponding with described testing result to include: according to examination criteria to described detection knot
Fruit is analyzed, and generates described reinforcing file.
4. security breaches reinforcement means as claimed in claim 3, it is characterised in that examination criteria includes:
The mark of security breaches, detailed description, solution and reinforcing script position.
5. the security breaches reinforcement means as described in any one of Claims 1-4, it is characterised in that
Before the security breaches consolidation process of described server, also include: remind user to choose whether to reinforce, if
Detection user selects to reinforce, then reinforce described server.
6. a security breaches hardened system, it is characterised in that including:
Scanning means, for the security breaches of scanning server, generates testing result;
Analytical equipment, is used for analyzing described testing result, generates the reinforcing file corresponding with described testing result;
Bracing means, for according to the described reinforcing file security breaches consolidation process to described server.
7. security breaches hardened system as claimed in claim 6, it is characterised in that described scanning means
Specifically for uploading detection script to described server, described detection script is utilized to detect the peace of described server
Full leak, generates testing result.
8. security breaches hardened system as claimed in claim 6, it is characterised in that described analytical equipment
Specifically for described testing result being analyzed according to examination criteria, generate described reinforcing file.
9. security breaches hardened system as claimed in claim 8, it is characterised in that also include storage dress
Putting, be used for storing described examination criteria, described examination criteria includes: the mark of security breaches, detailed description,
Solution and reinforcing script position.
10. the security breaches hardened system as described in any one of claim 6 to 9, it is characterised in that also
Including alarm set, for before the security breaches consolidation process to described server, user is reminded to select
Whether reinforce, if detection user selects to reinforce, then trigger described bracing means and reinforce described server.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510125925.3A CN106033512A (en) | 2015-03-20 | 2015-03-20 | Security vulnerability reinforcing method and system |
| PCT/CN2016/075969 WO2016150304A1 (en) | 2015-03-20 | 2016-03-09 | Security vulnerability strengthening method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510125925.3A CN106033512A (en) | 2015-03-20 | 2015-03-20 | Security vulnerability reinforcing method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106033512A true CN106033512A (en) | 2016-10-19 |
Family
ID=56977884
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510125925.3A Pending CN106033512A (en) | 2015-03-20 | 2015-03-20 | Security vulnerability reinforcing method and system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN106033512A (en) |
| WO (1) | WO2016150304A1 (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106529287A (en) * | 2016-11-17 | 2017-03-22 | 江苏通付盾科技有限公司 | Method and device for automatically reinforcing application vulnerabilities |
| WO2017167015A1 (en) * | 2016-04-01 | 2017-10-05 | 中兴通讯股份有限公司 | Method and device for server device security management and computer storage medium |
| CN110324311A (en) * | 2019-05-21 | 2019-10-11 | 平安科技(深圳)有限公司 | Method, apparatus, computer equipment and the storage medium of Hole Detection |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108696488B (en) * | 2017-04-11 | 2022-04-15 | 腾讯科技(深圳)有限公司 | Uploading interface identification method, identification server and system |
| CN110334513A (en) * | 2019-06-25 | 2019-10-15 | 广州嘉为科技有限公司 | A kind of restorative procedure based on (SuSE) Linux OS loophole |
| CN117272330B (en) * | 2023-11-22 | 2024-03-08 | 深圳市奥盛通科技有限公司 | Method and system for reinforcing and updating server system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101526984A (en) * | 2009-03-16 | 2009-09-09 | 腾讯科技(北京)有限公司 | Method for patching bugs and device thereof |
| CN101588247A (en) * | 2008-05-22 | 2009-11-25 | 吉市有限公司 | A system and method for detecting server leak |
| CN103049702A (en) * | 2013-01-05 | 2013-04-17 | 浪潮电子信息产业股份有限公司 | Server layer based security reinforcing strategy |
| CN103227992A (en) * | 2013-04-01 | 2013-07-31 | 南京理工大学常熟研究院有限公司 | Android terminal-based vulnerability scanning system |
| CN103927478A (en) * | 2013-01-10 | 2014-07-16 | 腾讯科技(深圳)有限公司 | Method, device, system and main control server for detecting script bugs |
| CN104200166A (en) * | 2014-08-05 | 2014-12-10 | 杭州安恒信息技术有限公司 | Script-based website vulnerability scanning method and system |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8869270B2 (en) * | 2008-03-26 | 2014-10-21 | Cupp Computing As | System and method for implementing content and network security inside a chip |
| US8850587B2 (en) * | 2007-05-04 | 2014-09-30 | Wipro Limited | Network security scanner for enterprise protection |
| CN101877039A (en) * | 2009-11-23 | 2010-11-03 | 浪潮电子信息产业股份有限公司 | Fault detection technology of server operating system |
| CN104065645A (en) * | 2014-05-28 | 2014-09-24 | 北京知道创宇信息技术有限公司 | Web vulnerability protection method and apparatus |
-
2015
- 2015-03-20 CN CN201510125925.3A patent/CN106033512A/en active Pending
-
2016
- 2016-03-09 WO PCT/CN2016/075969 patent/WO2016150304A1/en active Application Filing
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101588247A (en) * | 2008-05-22 | 2009-11-25 | 吉市有限公司 | A system and method for detecting server leak |
| CN101526984A (en) * | 2009-03-16 | 2009-09-09 | 腾讯科技(北京)有限公司 | Method for patching bugs and device thereof |
| CN103049702A (en) * | 2013-01-05 | 2013-04-17 | 浪潮电子信息产业股份有限公司 | Server layer based security reinforcing strategy |
| CN103927478A (en) * | 2013-01-10 | 2014-07-16 | 腾讯科技(深圳)有限公司 | Method, device, system and main control server for detecting script bugs |
| CN103227992A (en) * | 2013-04-01 | 2013-07-31 | 南京理工大学常熟研究院有限公司 | Android terminal-based vulnerability scanning system |
| CN104200166A (en) * | 2014-08-05 | 2014-12-10 | 杭州安恒信息技术有限公司 | Script-based website vulnerability scanning method and system |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017167015A1 (en) * | 2016-04-01 | 2017-10-05 | 中兴通讯股份有限公司 | Method and device for server device security management and computer storage medium |
| CN106529287A (en) * | 2016-11-17 | 2017-03-22 | 江苏通付盾科技有限公司 | Method and device for automatically reinforcing application vulnerabilities |
| CN110324311A (en) * | 2019-05-21 | 2019-10-11 | 平安科技(深圳)有限公司 | Method, apparatus, computer equipment and the storage medium of Hole Detection |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2016150304A1 (en) | 2016-09-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106033512A (en) | Security vulnerability reinforcing method and system | |
| US9160762B2 (en) | Verifying application security vulnerabilities | |
| Halfond et al. | Improving penetration testing through static and dynamic analysis | |
| CN103699844B (en) | Safety protection system and method | |
| CN101483514B (en) | Evaluation method for WEB application | |
| CN107832617B (en) | Black box detection method and device for PHP code execution vulnerability | |
| CN104765682B (en) | Detection method and system under the line of cross site scripting leak | |
| CN106126417A (en) | Interactive application safety detecting method and system thereof | |
| CN108256322B (en) | Security testing method and device, computer equipment and storage medium | |
| CN109067813A (en) | Network hole detection method, device, storage medium and computer equipment | |
| CN103839002A (en) | Website source code malicious link injection monitoring method and device | |
| CN105141647A (en) | Method and system for detecting Web application | |
| CN110708278B (en) | Method, system, device and readable storage medium for detecting HTTP response header | |
| CN116842531B (en) | Code vaccine-based vulnerability real-time verification method, device, equipment and medium | |
| CN110879889A (en) | Method and system for detecting malicious software of Windows platform | |
| CN108073499B (en) | Application program testing method and device | |
| CN105740135B (en) | A kind of code audit method and apparatus | |
| CN106411906A (en) | SQL (Structured Query Language) injection flaw positioning and detecting method | |
| CN109389697A (en) | Recording method, equipment and the readable storage medium storing program for executing of underground inspection data inputting time | |
| CN115391230A (en) | Test script generation method, test script penetration method, test script generation device, test penetration device, test equipment and test medium | |
| CN106407811A (en) | SQL injection loophole positioning detection system | |
| CN111897789B (en) | Log generation method and device | |
| CN105528546A (en) | Vulnerability mining method and device and electronic equipment | |
| Shahriar et al. | Early detection of SQL injection attacks | |
| CN116992438A (en) | Method, device, equipment and medium for repairing real-time loopholes based on code vaccine |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20161019 |
|
| RJ01 | Rejection of invention patent application after publication |