CN106878251A - One kind is used for distributed procedure site vulnerability scanning system, method and apparatus - Google Patents

One kind is used for distributed procedure site vulnerability scanning system, method and apparatus Download PDF

Info

Publication number
CN106878251A
CN106878251A CN201610704751.0A CN201610704751A CN106878251A CN 106878251 A CN106878251 A CN 106878251A CN 201610704751 A CN201610704751 A CN 201610704751A CN 106878251 A CN106878251 A CN 106878251A
Authority
CN
China
Prior art keywords
scan
scan task
client
scanning
task
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610704751.0A
Other languages
Chinese (zh)
Other versions
CN106878251B (en
Inventor
刘鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Advanced New Technologies Co Ltd
Advantageous New Technologies Co Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201610704751.0A priority Critical patent/CN106878251B/en
Publication of CN106878251A publication Critical patent/CN106878251A/en
Application granted granted Critical
Publication of CN106878251B publication Critical patent/CN106878251B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application proposes a kind of for distributed procedure site vulnerability scanning system, method and apparatus, it is related to technical field of network security, including service end and client, the client, for controlling speed of giving out a contract for a project, when the speed satisfaction first of giving out a contract for a project is pre-conditioned, sends scan task to the service end and ask, and when the scan task that the service end is issued is received, perform the scan task;The service end, for receiving the scan task request that the client sends, and control is scanned into number of passes, when it is described be scanned into number of passes meet second it is pre-conditioned when, issue the scan task to the client.Network can be limited to give out a contract for a project speed, prevent from causing scanned target server the disabled situation of service occur because sweep speed is too fast.

Description

One kind is used for distributed procedure site vulnerability scanning system, method and apparatus
Technical field
The present invention relates to technical field of network security, and in particular to one kind is used for distributed procedure site vulnerability scanning system System, method and apparatus.
Background technology
As various Web (webpage) are applied, such as Web bank, ecommerce, personal space, cloud storage etc. are no The disconnected life for entering people, if these Web applications have hidden danger, then personal information, even Web site system Security risk will be faced.According to statistics, current 75% attack is all carried out by Web.
Ensure that Web service can run with security and stability, be IT (Internet in numerous companies and office Technology, Internet technology) department a vital task.Under normal circumstances, due to lacking effective Web security evaluations Instrument and checking mechanism, safety problem are usually difficult to be found, and often such problem just meeting when major accident occurs It is found.
Conventional web sites bug (Web leaks) scan mode, is generally based on one-of-a-kind system, by scanner correlation module Install concentratedly on same computer.Therefore each computer security diagnostic result mutually isolates, the assessment of network overall risk Poor with preventive effect, sweep speed is slow, and single node can make the danger of whole system collapse in the presence of failure.Scanned in Web and be In system, in certain hour, the ability of unit treatment is limited, and current web vulnerability scannings are all to do unit speed limit, it is impossible to accomplished The speed limit of distributed deployment.
The content of the invention
The present invention provides a kind of for distributed procedure site vulnerability scanning system, method and apparatus, solves web leakages Speed limit problem after the scanning system distributed deployment of hole.
In order to realize foregoing invention purpose, the technical scheme that the present invention takes is as follows:
A kind of distributed procedure site vulnerability scanning system, including service end and client,
The client, for controlling speed of giving out a contract for a project, when the speed satisfaction first of giving out a contract for a project is pre-conditioned, to the clothes Business end sends scan task request, and when the scan task that the service end is issued is received, performs the scan task;
The service end, for receiving the scan task request that the client sends, and control is scanned into number of passes, When it is described be scanned into number of passes meet second it is pre-conditioned when, issue the scan task to the client.
Alternatively, the service end, be additionally operable to when it is described be scanned into number of passes be unsatisfactory for second it is pre-conditioned when, limitation is described Scan the scan task of client.
Alternatively, the scan task for limiting the scanning client includes:
Pause issue scan task or transfer issue scan task or wait next time scan procedure parameter not less than Preset limit, issues scan task.
Alternatively, receive after the scan task request that the client sends, the service end is additionally operable to:
Determine it is described scanning client scan task whether in scan queue, when not in the scan queue, The scan task of the scanning client is added in the scan queue.
Alternatively, described first it is pre-conditioned including:The speed of giving out a contract for a project is less than or equal to predetermined speed threshold value;It is described Second it is pre-conditioned including:The scan procedure quantity is less than or equal to preset course number threshold value.
The embodiment of the present invention also provides a kind of distributed procedure site vulnerability scanning method, is applied to client, including:
Client determines speed of giving out a contract for a project;
It is pre-conditioned whether speed of giving out a contract for a project described in judging meets first;
When speed satisfaction first of giving out a contract for a project is pre-conditioned, sends scan task to service end and ask;
The scan task that the service end is issued is received, and performs the scan task.
Alternatively, described first it is pre-conditioned including:The speed of giving out a contract for a project is less than or equal to predetermined speed threshold value.
The embodiment of the present invention also provides a kind of distributed procedure site vulnerability scanning method, is applied to service end, including:
Receive the scan task request that client sends;
Judgement is scanned into whether number of passes meets second pre-conditioned, is scanned into number of passes to meet second pre-conditioned when described When, the scan task is issued to the client.
Alternatively, it is described when it is described be scanned into number of passes be unsatisfactory for second it is pre-conditioned when, limit the scanning client Scan task.
Alternatively, the scan task for limiting the scanning client includes:
Pause issue scan task or transfer issue scan task or wait next time scan procedure parameter not less than Preset limit, issues scan task.
Alternatively, receive after the scan task request that client sends, also include:
Determine it is described scanning client scan task whether in scan queue, when not in the scan queue, The scan task of the scanning client is added in the scan queue.
The embodiment of the present invention also provides a kind of distributed procedure site vulnerability scanner, is arranged at client, including:
Request module, is set to, when speed satisfaction first of giving out a contract for a project is pre-conditioned, scan task be sent to the service end Request;
Performing module, is set to, when the scan task that the service end is issued is received, perform the scan task.
The embodiment of the present invention also provides a kind of distributed procedure site vulnerability scanner, is arranged at service end, including:
Communication module, is set to receive the request scan task that scanning client sends;
Issue module, control is scanned into number of passes, when it is described be scanned into number of passes meet second it is pre-conditioned when, issue described sweeping Task is retouched to the client.
Alternatively, described device also includes:Speed limit module, be set to when it is described be scanned into number of passes and be unsatisfactory for second preset During condition, the scan task of the scanning client is limited.
Alternatively, the module that issues is also configured to:
Determine it is described scanning client scan task whether in scan queue, when not in the scan queue, The scan task of the scanning client is added in the scan queue.
Alternatively, the scan task of the speed limit module limitation scanning client refers to:
Pause issue scan task or transfer issue scan task or wait next time scan procedure parameter not less than Preset limit, issues scan task.
The embodiment of the present invention also provides a kind of for distributed procedure site vulnerability scanner, including:First storage Device and first processor;
The first memory is used to store the program for distributed web vulnerability scannings;It is described for distributed The program of web vulnerability scannings performs following operation when execution is read by the first processor:
When speed satisfaction first of giving out a contract for a project is pre-conditioned, sends scan task to the service end and ask, and receiving During the scan task that the service end is issued, the scan task is performed.
The embodiment of the present invention also provides a kind of for distributed procedure site vulnerability scanner, including:Second storage Device and second processing device;
The second memory is used to store the program for distributed web vulnerability scannings;It is described for distributed The program of web vulnerability scannings performs following operation when execution is read by the second processing device:
The scan task request that client sends is received, and control is scanned into number of passes, when the number of passes that is scanned into is expired When foot second is pre-conditioned, the scan task is issued to the client.
Compared to the prior art the present invention, has the advantages that:
The present invention can limit network and give out a contract for a project speed during distributed web vulnerability scannings, prevent because scanning speed Spend and cause soon the scanned target server appearance disabled situation of service.
Brief description of the drawings
Fig. 1 is the composition structure chart for distributed website bug scanning system of the embodiment of the present invention;
Fig. 2 is the flow chart for distributed website bug scan method of the embodiment of the present invention;
Fig. 3 is the structural representation of the distributed procedure site vulnerability scanner of the embodiment of the present invention;
Fig. 4 is the structural representation of the distributed procedure site vulnerability scanner of the embodiment of the present invention;
Fig. 5 is the flow chart of the speed limit task of the embodiment of the present invention 2;
Fig. 6 is the flow chart of the speed limit task of the embodiment of the present invention 1;
Fig. 7 is the structural representation of the Distributed Scans system of the embodiment of the present invention.
Specific embodiment
To make goal of the invention of the invention, technical scheme and beneficial effect of greater clarity, below in conjunction with the accompanying drawings to this Inventive embodiment is illustrated, it is necessary to illustrate, in the case where not conflicting, in the embodiment and embodiment in the application Feature can mutually be combined.
As shown in figure 1, the embodiment of the present invention provides a kind of distributed procedure site vulnerability scanning system, including service end 2 and client 1,
The client 1, for controlling speed of giving out a contract for a project, when the speed satisfaction first of giving out a contract for a project is pre-conditioned, to described Service end 2 sends scan task request, and when the scan task that the service end 2 is issued is received, performs the scanning and appoint Business;
The service end 2, for receiving the scan task request of the transmission of the client 1, and controls scan procedure Number, when it is described be scanned into number of passes meet second it is pre-conditioned when, issue the scan task to the client 1.
The service end 2, be additionally operable to when it is described be scanned into number of passes be unsatisfactory for second it is pre-conditioned when, limit it is described scanning visitor The scan task at family end 1.
The embodiment of the present invention can be to taking as temporary beyond the scan task of distribution Web vulnerability scanning system disposal ability The mode stopped, wait or cancel, reaches the mesh of distribution Web vulnerability scanning system speed limit, realizes scanning system distribution portion Speed limit after administration, the embodiment of the present invention can determine to give out a contract for a project speed and/or be scanned into number of passes by the way of real-time or timing Whether preset limit is exceeded.
The speed limit of client 1 is scanned in the embodiment of the present invention to be combined with the limitation of service end 2 scan procedure, reaches distribution For the scanning limit(s) effect of domain name in web vulnerability scanning systems.The embodiment of the present invention can simultaneously limit multiple scanning clients The sweep speed at end 1, as shown in fig. 7, using the mark for scanning client 1, the scan task of each scanning client 1 is safeguarded, Such as scanning client 1IP (Internet Protocol, the agreement interconnected between network) address is used as scanning client 1 Mark.
Wherein, receive after the scan task request that the client 1 sends, the service end 2 is additionally operable to:
Determine it is described scanning client 1 scan task whether in scan queue, when not in the scan queue, The scan task of the scanning client 1 is added in the scan queue.
Described first it is pre-conditioned including:Speed of giving out a contract for a project is less than or equal to predetermined maximum velocity threshold;Described second is pre- If condition includes:Scan procedure quantity is less than or equal to predetermined maximum process threshold value.
Speed of giving out a contract for a project corresponding for server end is for the scan procedure quantity of service end 2 and scanning end are given out a contract for a project the multiplying of speed Product.
The embodiment of the present invention can limit the quantity of scan procedure, the speed of each scan procedure, can also limit per second The number of packet is sent, the number for sending packet per second is limited and is controlled by maximum speed of giving out a contract for a project.
The scanning end of the embodiment of the present invention is packaged using python requests storehouses, wherein, define transmission per second Packet number, realize magic weapon speed whether exceed preset limit judgement.
The scan task of the limitation scanning client 1 includes:
Pause issue scan task or transfer issue scan task or wait next time scan procedure parameter not less than Preset limit, issues scan task.
When the scanning speed limit of client 1 limits scan task with service end 2, new scan task or wait can not be issued For a period of time, for scanning the limitation sweep speed of client 1.
As shown in fig. 7, the embodiment of the present invention includes multiple scanning clients 1, the embodiment of the present invention can be limited simultaneously The sweep speed of multiple scanning clients 1, and combined with the load-balancing technique of correlation technique and carry out speed limit treatment, at one Or multiple scanning client 1 corresponding scan procedure parameter is when exceeding preset limit, the scanning client 1 will be limited Scan task is distributed to other scanning clients 1.
As shown in Fig. 2 the embodiment of the present invention also provides a kind of distributed procedure site vulnerability scanning method, visitor is applied to Family end 1, including:
S101, when give out a contract for a project speed meet first it is pre-conditioned when, to the service end 2 send scan task ask, and When receiving the scan task that the service end 2 is issued, the scan task is performed.
Wherein, described first it is pre-conditioned including:Speed of giving out a contract for a project is less than or equal to predetermined maximum velocity threshold.
As shown in Fig. 2 the embodiment of the present invention also provides a kind of distributed procedure site vulnerability scanning method, clothes are applied to Business end 2, including:
S102, the scan task request that client 1 sends is received, and control to be scanned into number of passes, S103, swept when described Retouch into number of passes meet second it is pre-conditioned when, issue the scan task to the client 1.
Described method also includes:S104, when it is described be scanned into number of passes be unsatisfactory for second it is pre-conditioned when, limitation described in sweep Retouch the scan task of client 1.
Receive after the scan task request of the transmission of the client 1, also include:
Determine it is described scanning client 1 scan task whether in scan queue, when not in the scan queue, The scan task of the scanning client 1 is added in the scan queue.
The scan task of the limitation scanning client 1 includes:
Pause issue scan task or transfer issue scan task or wait next time scan procedure parameter not less than Preset limit, issues scan task.
As shown in figure 3, the embodiment of the present invention also provides a kind of distributed procedure site vulnerability scanner, visitor is arranged at Family end 1, including:
Request module 11, is set to, when speed satisfaction first of giving out a contract for a project is pre-conditioned, send scanning to the service end 2 and appoint Business request;
Performing module 12, is set to, when the scan task that the service end 2 is issued is received, perform the scanning and appoint Business.
The request module 11 of the embodiment of the present invention can be arranged on HTTP, and (HyperText Transfer Protocol surpass Text transfer protocol) in request server.Velocity measuring of giving out a contract for a project is carried out in HTTP request server.
As shown in figure 4, the embodiment of the present invention also provides a kind of distributed procedure site vulnerability scanner, clothes are arranged at Business end 2, including:
Communication module 21, is set to receive the request scan task that scanning client 1 sends;
Issue module 22, control is scanned into number of passes, when it is described be scanned into number of passes meet second it is pre-conditioned when, issue described Scan task gives the client 1.
Described device also includes:Speed limit module 23, is set to be scanned into number of passes to be unsatisfactory for second pre-conditioned when described When, limit the scan task of the scanning client 1.
The module 22 that issues is also configured to:
Determine it is described scanning client 1 scan task whether in scan queue, when not in the scan queue, The scan task of the scanning client 1 is added in the scan queue.
The speed limit module 23 limits the scan task for scanning client 1:
Pause issue scan task or transfer issue scan task or wait next time scan procedure parameter not less than Preset limit, issues scan task.
The embodiment of the present invention can also realize the corresponding function of the speed limit module 23 in task Distributor, Task Distributor carries out the treatment of the scan task for limiting the scanning client 1.
For client 1, when the result that the speed-limiting device is returned is for limitation scan task, the speed-limiting device is waited Issue scan task;
When the result that the speed-limiting device is returned is to issue scan task, the scan task is performed.
The embodiment of the present invention also provides a kind of speed-limiting device for Distributed Scans system, including:First memory and First processor;
The first memory is used to store the program for distributed web vulnerability scannings;It is described for distributed The program of web vulnerability scannings performs following operation when execution is read by the first processor:
When speed satisfaction first of giving out a contract for a project is pre-conditioned, sends scan task to the service end 2 and ask, and receiving During the scan task that the service end 2 is issued, the scan task is performed.
The embodiment of the present invention also provides a kind of speed-limiting device for Distributed Scans system, including:Second memory and Second processing device;
The second memory is used to store the program for distributed web vulnerability scannings;It is described for distributed The program of web vulnerability scannings performs following operation when execution is read by the second processing device:
The scan task request that client 1 sends is received, and control is scanned into number of passes, when the number of passes that is scanned into is expired When foot second is pre-conditioned, the scan task is issued to the client.
Embodiment 1
The embodiment of the present invention for controlling to give out a contract for a project speed max_speed, maximum can be set and given out a contract for a project speed=max_ speed。
As shown in fig. 6, the step of embodiment of the present invention explanation speed limit task:
Request module determines that step 210 sends to the service end and scans when speed satisfaction first of giving out a contract for a project is pre-conditioned Task requests;
Step 220 judges to give out a contract for a project, and whether to meet first pre-conditioned for speed;
When speed of giving out a contract for a project be unsatisfactory for first it is pre-conditioned when, step 230 waits next moment.
The packet transmission speed for determining the scanning client according to scan task is given out a contract for a project speed not less than default maximum When;Step 240, transmission scan task request.
Embodiment 2
The embodiment of the present invention for safeguarding a scan queue, be scanned into number of passes, scanning client initiates scan task During request A, if being scanned into number of passes not less than max_threads, a scan task of scan task A is issued, and will scanning Enter number of passes and plus one;Otherwise, new task is not issued.
As shown in figure 5, the step of embodiment of the present invention explanation speed limit task:
Step 110, the request scan task for receiving scanning client transmission;
Step 120, determine it is described scanning client scan task whether in scan queue;
Step 130, when not in the scan queue, the scan task of the scanning client is added to described sweeping In retouching queue.
Step 140, to determine that the scan procedure quantity of the scanning client exceedes according to the request scan task default During max_threads;
Step 150, the scan task for limiting the scanning client.
Step 160, according to it is described request scan task determine it is described scanning client scan procedure quantity not less than pre- If during max_threads;Scan task is issued according to the request scan task.
Embodiment 3
As shown in fig. 7, embodiment of the present invention explanation limits the process of the sweep speed of multiple scanning clients simultaneously:
Service end safeguards the scan queue of each scanning client, and the scanning key assignments preserved in queue includes:The domain of scanning Name and scanning client ip;
When scanning customer end A determines to give out a contract for a project speed not less than preset limit, request scan task, service end root are initiated Whether the scan procedure for determining corresponding scanning customer end A according to the scan queue safeguarded exceedes preset limit;Here service end is also The scan procedure parameter of each scanning client can in advance be counted, it is also possible to the scanning of real-time statistics correspondence scanning customer end A Process parameter;
If scanning the scan procedure parameter of customer end A not less than preset limit, scan task to scanning client is issued A;Otherwise, new task is not issued or waits the scan procedure parameter of customer end A to be scanned not less than preset limit, issue scanning Task;Here service end can issue scan task to after scanning customer end A, safeguard the corresponding scanning of scanning customer end A Process parameter, i.e., add 1 in the corresponding scan procedure parameter of scanning customer end A, or wait receives scanning customer end A next time When initiating request scan task, then the scan procedure parameter for counting scanning customer end A.
Embodiment 4
As shown in fig. 7, embodiment of the present invention explanation limits the process of the sweep speed of multiple scanning clients, this hair simultaneously The Distributed Scans system of bright embodiment includes service end and scanning customer end A, scanning customer end B, scanning client C:
Service end safeguards the scan queue of each scanning client, and the scanning key assignments preserved in queue includes:The domain of scanning Name and scanning client ip;The service end pre-sets the corresponding limitation of scan procedure parameter of each scanning client, and And pre-set the overall constraint of the Distributed Scans system;Wherein, the scan procedure parameter of the multiple scanning client Corresponding limitation can be with identical or difference;
When scanning customer end A determines to give out a contract for a project speed not less than preset limit, when initiating request scan task, service end Scan queue according to safeguarding determines whether the scan procedure parameter of corresponding scanning customer end A exceedes preset limit;Here take Business end can also in advance count the scan procedure parameter of each scanning client, it is also possible to real-time statistics correspondence scanning customer end A Scan procedure parameter;
If scanning the scan procedure parameter of customer end A not less than preset limit, scan task to scanning client is issued A;Otherwise, the scan procedure ginseng of scanning customer end A, scanning customer end B, scanning client C is determined according to the scan queue safeguarded Whether number sum exceedes the overall constraint of the Distributed Scans system;When the overall constraint more than service end, do not issue new Task or when waiting the scan procedure parameter of customer end A to be scanned not less than preset limit, issue scan task;When not less than During the overall constraint of service end, whether the scan procedure parameter for determining other scanning clients according to the scan queue safeguarded exceedes Preset limit (scans customer end B and whether scanning client C-scan process parameter exceedes corresponding preset limit);Work as scanning When customer end B and scanning client C-scan process parameter exceed corresponding preset limit, new task or wait is not issued The scan procedure parameter of customer end A is scanned not less than preset limit, scan task is issued;As scanning customer end B or scanning client When end C-scan process parameter is not less than corresponding preset limit;The scan task is issued to sweeping not less than preset limit Retouch client, it is possible to issue scan task to after scanning customer end B or scanning client C, safeguard scanning customer end B or The corresponding scan procedure parameters of scanning client C, i.e., in scanning customer end B or the corresponding scan procedure parameters of scanning client C Plus 1, or wait and receive scanning customer end B next time or when scanning client C initiates request scan task, then count The scan procedure parameter of scanning customer end B or scanning client C.
Although disclosed implementation method is as above, its content is only to facilitate understand technical side of the invention Case and the implementation method that uses, are not intended to limit the present invention.Any those skilled in the art to which this invention pertains, not On the premise of departing from disclosed core technology scheme, any modification can be made in the form and details implemented and is become Change, but the protection domain that the present invention is limited, must be still defined by the scope of appending claims restriction.

Claims (18)

1. a kind of distributed procedure site vulnerability scanning system, it is characterised in that including service end and client,
The client, for controlling speed of giving out a contract for a project, when the speed satisfaction first of giving out a contract for a project is pre-conditioned, to the service end Scan task request is sent, and when the scan task that the service end is issued is received, performs the scan task;
The service end, for receiving the scan task request that the client sends, and control is scanned into number of passes, works as institute State be scanned into number of passes meet second it is pre-conditioned when, issue the scan task to the client.
2. the system as claimed in claim 1, it is characterised in that:The service end, is additionally operable to be discontented with when the number of passes that is scanned into When foot second is pre-conditioned, the scan task of the scanning client is limited.
3. system as claimed in claim 2, it is characterised in that:The scan task of the limitation scanning client includes:
Pause issues scan task or transfer issue scan task or wait next time scan procedure parameter not less than default Limitation, issues scan task.
4. the system as claimed in claim 1, it is characterised in that:The scan task for receiving the client transmission asks it Afterwards, the service end is additionally operable to:
Whether the scan task of the scanning client is determined in scan queue, when not in the scan queue, by institute The scan task for stating scanning client is added in the scan queue.
5. the system as described in Claims 1 to 4 is any, it is characterised in that:
Described first it is pre-conditioned including:The speed of giving out a contract for a project is less than or equal to predetermined speed threshold value;Described second default bar Part includes:The scan procedure quantity is less than or equal to preset course number threshold value.
6. a kind of distributed procedure site vulnerability scanning method, it is characterised in that be applied to client, including:
Client determines speed of giving out a contract for a project;
It is pre-conditioned whether speed of giving out a contract for a project described in judging meets first;
When speed satisfaction first of giving out a contract for a project is pre-conditioned, sends scan task to service end and ask;
The scan task that the service end is issued is received, and performs the scan task.
7. method as claimed in claim 5, it is characterised in that:Described first it is pre-conditioned including:The speed of giving out a contract for a project is less than Or equal to predetermined speed threshold value.
8. a kind of distributed procedure site vulnerability scanning method, it is characterised in that be applied to service end, including:
Receive the scan task request that client sends;
Judgement is scanned into whether number of passes meets second pre-conditioned, when it is described be scanned into number of passes meet second it is pre-conditioned when, under Send out scan task described to the client.
9. method as claimed in claim 8, it is characterised in that described when the number of passes that be scanned into is unsatisfactory for the second default bar During part, the scan task of the scanning client is limited.
10. method as claimed in claim 9, it is characterised in that:The scan task of the limitation scanning client includes:
Pause issues scan task or transfer issue scan task or wait next time scan procedure parameter not less than default Limitation, issues scan task.
11. methods as claimed in claim 8, it is characterised in that:After the scan task request that reception client sends, Also include:
Whether the scan task of the scanning client is determined in scan queue, when not in the scan queue, by institute The scan task for stating scanning client is added in the scan queue.
12. a kind of distributed procedure site vulnerability scanners, it is characterised in that be arranged at client, including:
Request module, is set to, when speed satisfaction first of giving out a contract for a project is pre-conditioned, send scan task to the service end and ask;
Performing module, is set to, when the scan task that the service end is issued is received, perform the scan task.
13. a kind of distributed procedure site vulnerability scanners, it is characterised in that be arranged at service end, including:
Communication module, is set to receive the request scan task that scanning client sends;
Issue module, control is scanned into number of passes, when it is described be scanned into number of passes meet second it is pre-conditioned when, issue the scanning and appoint It is engaged in the client.
14. devices as claimed in claim 13, it is characterised in that:Also include:Speed limit module, is set to when the scan procedure Number be unsatisfactory for second it is pre-conditioned when, limit it is described scanning client scan task.
15. devices as claimed in claim 13, it is characterised in that:The module that issues is also configured to:
Whether the scan task of the scanning client is determined in scan queue, when not in the scan queue, by institute The scan task for stating scanning client is added in the scan queue.
16. devices as claimed in claim 14, it is characterised in that:The scanning of the speed limit module limitation scanning client Task refers to:
Pause issues scan task or transfer issue scan task or wait next time scan procedure parameter not less than default Limitation, issues scan task.
17. is a kind of for distributed procedure site vulnerability scanner, including:First memory and first processor;It is special Levy and be:
The first memory is used to store the program for distributed web vulnerability scannings;It is described to be leaked for distributed web The program of hole scanning performs following operation when execution is read by the first processor:
When speed satisfaction first of giving out a contract for a project is pre-conditioned, sends scan task to the service end and ask, and it is described receiving During the scan task that service end is issued, the scan task is performed.
18. is a kind of for distributed procedure site vulnerability scanner, including:Second memory and second processing device;It is special Levy and be:
The second memory is used to store the program for distributed web vulnerability scannings;It is described to be leaked for distributed web The program of hole scanning performs following operation when execution is read by the second processing device:
The scan task request that client sends is received, and control is scanned into number of passes, when the number of passes that is scanned into meets the Two it is pre-conditioned when, issue the scan task to the client.
CN201610704751.0A 2016-08-22 2016-08-22 Distributed website program vulnerability scanning system, method and device Active CN106878251B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610704751.0A CN106878251B (en) 2016-08-22 2016-08-22 Distributed website program vulnerability scanning system, method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610704751.0A CN106878251B (en) 2016-08-22 2016-08-22 Distributed website program vulnerability scanning system, method and device

Publications (2)

Publication Number Publication Date
CN106878251A true CN106878251A (en) 2017-06-20
CN106878251B CN106878251B (en) 2020-07-03

Family

ID=59238904

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610704751.0A Active CN106878251B (en) 2016-08-22 2016-08-22 Distributed website program vulnerability scanning system, method and device

Country Status (1)

Country Link
CN (1) CN106878251B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108063755A (en) * 2017-11-08 2018-05-22 携程旅游信息技术(上海)有限公司 vulnerability scanning method, system, storage medium and electronic equipment
CN112637119A (en) * 2020-11-13 2021-04-09 北京大米科技有限公司 Host scanning method and device, storage medium and electronic equipment
CN114595457A (en) * 2020-12-04 2022-06-07 腾讯科技(深圳)有限公司 Task processing method and device, computer equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070067847A1 (en) * 2005-09-22 2007-03-22 Alcatel Information system service-level security risk analysis
CN101064736A (en) * 2006-04-30 2007-10-31 飞塔信息科技(北京)有限公司 Computer network risk assessment device and method thereof
CN103856467A (en) * 2012-12-06 2014-06-11 百度在线网络技术(北京)有限公司 Method and distributed system for achieving safety scanning
CN105763562A (en) * 2016-04-15 2016-07-13 全球能源互联网研究院 Electric power information network vulnerability threat evaluation model establishment method faced to electric power CPS risk evaluation and evaluation system based on the model

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070067847A1 (en) * 2005-09-22 2007-03-22 Alcatel Information system service-level security risk analysis
CN101064736A (en) * 2006-04-30 2007-10-31 飞塔信息科技(北京)有限公司 Computer network risk assessment device and method thereof
CN103856467A (en) * 2012-12-06 2014-06-11 百度在线网络技术(北京)有限公司 Method and distributed system for achieving safety scanning
CN105763562A (en) * 2016-04-15 2016-07-13 全球能源互联网研究院 Electric power information network vulnerability threat evaluation model establishment method faced to electric power CPS risk evaluation and evaluation system based on the model

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
张海辉,张勇,欧争光: ""基于任务驱动的云计算平台漏洞扫描系统"", 《深圳大学学报理工版》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108063755A (en) * 2017-11-08 2018-05-22 携程旅游信息技术(上海)有限公司 vulnerability scanning method, system, storage medium and electronic equipment
CN108063755B (en) * 2017-11-08 2020-12-15 携程旅游信息技术(上海)有限公司 Vulnerability scanning method, system, storage medium and electronic equipment
CN112637119A (en) * 2020-11-13 2021-04-09 北京大米科技有限公司 Host scanning method and device, storage medium and electronic equipment
CN114595457A (en) * 2020-12-04 2022-06-07 腾讯科技(深圳)有限公司 Task processing method and device, computer equipment and storage medium

Also Published As

Publication number Publication date
CN106878251B (en) 2020-07-03

Similar Documents

Publication Publication Date Title
EP3457627B1 (en) Automatic login method and device between multiple websites
CN104184832B (en) Data submission method and device in network application
US9369480B2 (en) Systems and methods for automating blind detection of computational vulnerabilities
CN107135073B (en) Interface calling method and device
US8091120B2 (en) Adaptive authentication methods, systems, devices, and computer program products
CN101834866B (en) CC (Communication Center) attack protective method and system thereof
CN106302346A (en) The safety certifying method of API Calls, device, system
US7685630B2 (en) Methods and systems for providing scalable authentication
US20110264910A1 (en) Communication control device, computer-readable medium, and communication control system
CN103414684A (en) Single sign-on method and system
CN101997685A (en) Single sign-on method, single sign-on system and associated equipment
CN106550056B (en) A kind of domain name analytic method and device
CN101594232B (en) Authentication method for dynamic password, system and corresponding authentication device
CN107124423A (en) A kind of operation system access method and system based on cloud computing
CN103347016A (en) Attack defense method
CN106878251A (en) One kind is used for distributed procedure site vulnerability scanning system, method and apparatus
WO2015180496A1 (en) Method and system for loading application-specific interfaces in a social networking application
CN105592046B (en) A kind of authentication-exempt access method and device
US20150180850A1 (en) Method and system to provide additional security mechanism for packaged web applications
CN109861994A (en) The vulnerability scanning method and its scanning means that cloud is invaded
CN107835145A (en) The method and distributed system of a kind of anti-replay-attack
CN102045309A (en) Method and device for preventing computer from being attacked by virus
CN102243738A (en) Safety payment system and method
CN110224971A (en) Authorize method, authorization server, system, equipment and the storage medium logged in
CN112202710A (en) Method and device for preventing data leakage, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20200917

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Patentee after: Innovative advanced technology Co.,Ltd.

Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Patentee before: Advanced innovation technology Co.,Ltd.

Effective date of registration: 20200917

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Patentee after: Advanced innovation technology Co.,Ltd.

Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands

Patentee before: Alibaba Group Holding Ltd.

TR01 Transfer of patent right