CN106878251B - Distributed website program vulnerability scanning system, method and device - Google Patents
Distributed website program vulnerability scanning system, method and device Download PDFInfo
- Publication number
- CN106878251B CN106878251B CN201610704751.0A CN201610704751A CN106878251B CN 106878251 B CN106878251 B CN 106878251B CN 201610704751 A CN201610704751 A CN 201610704751A CN 106878251 B CN106878251 B CN 106878251B
- Authority
- CN
- China
- Prior art keywords
- scanning
- task
- client
- server
- preset condition
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Abstract
The application provides a distributed website program vulnerability scanning system, method and device, which relate to the technical field of network security and comprise a server and a client, wherein the client is used for controlling the packet sending speed, sending a scanning task request to the server when the packet sending speed meets a first preset condition, and executing the scanning task when receiving the scanning task issued by the server; and the server is used for receiving the scanning task request sent by the client, controlling the number of scanning processes, and issuing the scanning task to the client when the number of scanning processes meets a second preset condition. The network packet sending speed can be limited, and the situation that the service is unavailable due to the fact that the scanning speed is too fast is prevented.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a distributed website program vulnerability scanning system, method and device.
Background
With the various Web (Web) applications, such as internet banking, electronic commerce, personal space, cloud storage, etc., entering people's lives, if these Web applications have potential safety hazards, personal information, even Web site systems, face safety risks. Statistically, 75% of the current network attacks are performed through the Web.
Ensuring that Web services can run safely and stably is an important task for IT (internet technology) departments in many companies and institutions. Generally, due to the lack of effective Web security assessment tools and checking mechanisms, security problems are difficult to be discovered at ordinary times, and often, such problems are discovered only when a major accident occurs.
The traditional scanning mode for website program vulnerabilities (Web vulnerabilities) is generally based on a stand-alone system, and related modules of a scanner are installed on the same computer in a centralized mode. Therefore, the safety diagnosis results of all computers are mutually isolated, the overall risk assessment and prevention effect of the network is poor, the scanning speed is slow, and the single node has the risk of causing the breakdown of the whole system due to failure. In a Web scanning system, the single-computer processing capacity is limited within a certain time, and the conventional Web vulnerability scanning is only limited by the single-computer speed, and cannot be limited by distributed deployment.
Disclosure of Invention
The invention provides a distributed website program vulnerability scanning system, method and device, and solves the problem of speed limitation after distributed deployment of a web vulnerability scanning system.
In order to achieve the purpose of the invention, the technical scheme adopted by the invention is as follows:
a distributed website program vulnerability scanning system comprises a server and a client,
the client is used for controlling the packet sending speed, sending a scanning task request to the server when the packet sending speed meets a first preset condition, and executing the scanning task when receiving the scanning task issued by the server;
and the server is used for receiving the scanning task request sent by the client, controlling the number of scanning processes, and issuing the scanning task to the client when the number of scanning processes meets a second preset condition.
Optionally, the server is further configured to limit the scanning task of the scanning client when the number of scanning processes does not satisfy a second preset condition.
Optionally, limiting the scanning task of the scanning client comprises:
and suspending the issued scanning task or transferring the issued scanning task or waiting for the next scanning process parameter not exceeding the preset limit, and issuing the scanning task.
Optionally, after receiving the scan task request sent by the client, the server is further configured to:
and determining whether the scanning task of the scanning client is in a scanning queue, and adding the scanning task of the scanning client to the scanning queue when the scanning task of the scanning client is not in the scanning queue.
Optionally, the first preset condition includes: the speed of the hair packet is less than or equal to a preset speed threshold; the second preset condition includes: the number of scanning processes is less than or equal to a predetermined process number threshold.
The embodiment of the invention also provides a distributed website program vulnerability scanning method, which is applied to the client and comprises the following steps:
the client determines the packet sending speed;
judging whether the packet sending speed meets a first preset condition or not;
when the packet sending speed meets a first preset condition, sending a scanning task request to a server;
and receiving a scanning task issued by the server and executing the scanning task.
Optionally, the first preset condition includes: the speed of the hair packet is less than or equal to a predetermined speed threshold.
The embodiment of the invention also provides a distributed website program vulnerability scanning method, which is applied to a server and comprises the following steps:
receiving the scanning task request sent by a client;
and judging whether the number of scanning processes meets a second preset condition, and issuing the scanning task to the client when the number of scanning processes meets the second preset condition.
Optionally, when the number of scanning processes does not satisfy a second preset condition, the scanning task of the scanning client is limited.
Optionally, limiting the scanning task of the scanning client comprises:
and suspending the issued scanning task or transferring the issued scanning task or waiting for the next scanning process parameter not exceeding the preset limit, and issuing the scanning task.
Optionally, after receiving the scan task request sent by the client, the method further includes:
and determining whether the scanning task of the scanning client is in a scanning queue, and adding the scanning task of the scanning client to the scanning queue when the scanning task of the scanning client is not in the scanning queue.
The embodiment of the present invention further provides a distributed website program vulnerability scanning device, which is arranged at a client and includes:
the request module is set to send a scanning task request to the server when the packet sending speed meets a first preset condition;
and the execution module is configured to execute the scanning task when receiving the scanning task issued by the server.
The embodiment of the present invention further provides a distributed website program vulnerability scanning device, which is arranged at a server and includes:
the communication module is used for receiving a scanning request task sent by a scanning client;
and the issuing module is used for controlling the number of scanning processes and issuing the scanning task to the client when the number of the scanning processes meets a second preset condition.
Optionally, the apparatus further comprises: and the speed limit module is set to limit the scanning task of the scanning client when the number of the scanning processes does not meet a second preset condition.
Optionally, the issuing module is further configured to:
and determining whether the scanning task of the scanning client is in a scanning queue, and adding the scanning task of the scanning client to the scanning queue when the scanning task of the scanning client is not in the scanning queue.
Optionally, the limiting the scanning task of the scanning client by the speed limiting module means:
and suspending the issued scanning task or transferring the issued scanning task or waiting for the next scanning process parameter not exceeding the preset limit, and issuing the scanning task.
The embodiment of the present invention further provides a device for scanning distributed website program vulnerabilities, including: a first memory and a first processor;
the first memory is used for storing a program for distributed web vulnerability scanning; the program for distributed web vulnerability scanning, when read and executed by the first processor, performs the following operations:
and when the packet sending speed meets a first preset condition, sending a scanning task request to the server, and executing the scanning task when receiving the scanning task issued by the server.
The embodiment of the present invention further provides a device for scanning distributed website program vulnerabilities, including: a second memory and a second processor;
the second memory is used for storing a program for distributed web vulnerability scanning; the program for distributed web vulnerability scanning, when read and executed by the second processor, performs the following operations:
and receiving the scanning task request sent by the client, controlling the number of scanning processes, and issuing the scanning task to the client when the number of scanning processes meets a second preset condition.
Compared with the prior art, the invention has the following beneficial effects:
the method and the device can limit the network packet sending speed in the distributed web vulnerability scanning process, and prevent the situation that the service is unavailable of the scanned target server due to the fact that the scanning speed is too high.
Drawings
FIG. 1 is a block diagram of a vulnerability scanning system for distributed web sites according to an embodiment of the present invention;
FIG. 2 is a flowchart of a vulnerability scanning method for a distributed website according to an embodiment of the present invention;
FIG. 3 is a schematic structural diagram of a distributed website vulnerability scanning apparatus according to an embodiment of the present invention;
FIG. 4 is a schematic structural diagram of a distributed website vulnerability scanning apparatus according to an embodiment of the present invention;
FIG. 5 is a flowchart of a speed limit task according to embodiment 2 of the present invention;
fig. 6 is a flowchart of a speed limit task according to embodiment 1 of the present invention;
fig. 7 is a schematic structural diagram of a distributed scanning system according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the following description of the embodiments of the present invention with reference to the accompanying drawings is provided, and it should be noted that, in the case of conflict, features in the embodiments and the embodiments in the present application may be arbitrarily combined with each other.
As shown in fig. 1, an embodiment of the present invention provides a distributed website bug scanning system, which includes a server 2 and a client 1,
the client 1 is used for controlling the packet sending speed, sending a scanning task request to the server 2 when the packet sending speed meets a first preset condition, and executing the scanning task when receiving the scanning task issued by the server 2;
and the server 2 is configured to receive the scan task request sent by the client 1, control the number of scan processes, and issue the scan task to the client 1 when the number of scan processes meets a second preset condition.
The server 2 is further configured to limit the scanning task of the scanning client 1 when the number of scanning processes does not satisfy a second preset condition.
The embodiment of the invention can adopt a pause, wait or cancel mode to the scanning task which exceeds the processing capacity of the distributed web vulnerability scanning system, thereby achieving the purpose of limiting the speed of the distributed web vulnerability scanning system and realizing the speed limit after the distributed deployment of the scanning system.
In the embodiment of the invention, the scanning client-side 1 speed limit is combined with the server-side 2 limited scanning process, so that the scanning speed limit effect aiming at the domain name in the distributed web vulnerability scanning system is achieved. The embodiment of the present invention may simultaneously limit the scanning speed of a plurality of scanning clients 1, and as shown in fig. 7, the scanning task of each scanning client 1 is maintained by using the identifier of the scanning client 1, for example, the address of the scanning client 1IP (Internet Protocol ) is used as the identifier of the scanning client 1.
After receiving the scan task request sent by the client 1, the server 2 is further configured to:
determining whether the scanning task of the scanning client 1 is in a scanning queue, and adding the scanning task of the scanning client 1 to the scanning queue when the scanning task is not in the scanning queue.
The first preset condition includes: the packet sending speed is less than or equal to a preset maximum speed threshold; the second preset condition includes: the number of scan passes is less than or equal to a predetermined maximum pass threshold.
The packet sending speed corresponding to the server is the product of the scanning process number of the server 2 and the packet sending speed of the scanning end.
The embodiment of the invention can limit the number of scanning processes and the speed of each scanning process, can also limit the number of data packets sent per second, and can limit the number of data packets sent per second to be controlled by the maximum packet sending speed.
The scanning end of the embodiment of the invention adopts a python requests library for encapsulation, wherein the number of data packets sent per second is defined, and the judgment of whether the speed of a legal tender exceeds a preset limit is realized.
Limiting the scanning task of the scanning client 1 comprises:
and suspending the issued scanning task or transferring the issued scanning task or waiting for the next scanning process parameter not exceeding the preset limit, and issuing the scanning task.
When the scanning client 1 limits the speed and the server 2 limits the scanning task, the scanning client 1 may not issue a new scanning task or wait for a period of time to limit the scanning speed.
As shown in fig. 7, the embodiment of the present invention includes a plurality of scanning clients 1, and the embodiment of the present invention may limit the scanning speeds of the plurality of scanning clients 1 at the same time, and perform speed limit processing in combination with a load balancing technology of the related art, and when a scanning process parameter corresponding to one or more scanning clients 1 exceeds a preset limit, distribute a scanning task of the scanning client 1 that is limited to the other scanning clients 1.
As shown in fig. 2, an embodiment of the present invention further provides a distributed website program vulnerability scanning method, which is applied to the client 1, and includes:
s101, when the packet sending speed meets a first preset condition, sending a scanning task request to the server 2, and executing the scanning task when receiving the scanning task issued by the server 2.
Wherein the first preset condition comprises: the packet speed is less than or equal to a predetermined maximum speed threshold.
As shown in fig. 2, an embodiment of the present invention further provides a distributed website program vulnerability scanning method, which is applied to the server 2, and includes:
s102, receiving the scanning task request sent by the client 1, controlling the number of scanning processes, and S103, issuing the scanning task to the client 1 when the number of scanning processes meets a second preset condition.
The method further comprises the following steps: and S104, when the number of the scanning processes does not meet a second preset condition, limiting the scanning task of the scanning client 1.
After receiving the scan task request sent by the client 1, the method further includes:
determining whether the scanning task of the scanning client 1 is in a scanning queue, and adding the scanning task of the scanning client 1 to the scanning queue when the scanning task is not in the scanning queue.
Limiting the scanning task of the scanning client 1 comprises:
and suspending the issued scanning task or transferring the issued scanning task or waiting for the next scanning process parameter not exceeding the preset limit, and issuing the scanning task.
As shown in fig. 3, an embodiment of the present invention further provides a distributed website bug scanning apparatus, which is disposed at a client 1, and includes:
the request module 11 is configured to send a scan task request to the server 2 when the packet sending speed meets a first preset condition;
the execution module 12 is configured to execute the scanning task when receiving the scanning task issued by the server 2.
The request module 11 of the embodiment of the present invention may be set in an HTTP (HyperText Transfer Protocol) request server. Packet sending speed detection is carried out in an HTTP request server.
As shown in fig. 4, an embodiment of the present invention further provides a distributed website bug scanning apparatus, which is disposed at the server 2, and includes:
a communication module 21 configured to receive a request scanning task sent by the scanning client 1;
and the issuing module 22 controls the number of scanning processes, and issues the scanning task to the client 1 when the number of scanning processes meets a second preset condition.
The device further comprises: and the speed limit module 23 is configured to limit the scanning task of the scanning client 1 when the number of the scanning processes does not satisfy a second preset condition.
The issuing module 22 is further configured to:
determining whether the scanning task of the scanning client 1 is in a scanning queue, and adding the scanning task of the scanning client 1 to the scanning queue when the scanning task is not in the scanning queue.
The limiting module 23 limits the scanning task of the scanning client 1 by:
and suspending the issued scanning task or transferring the issued scanning task or waiting for the next scanning process parameter not exceeding the preset limit, and issuing the scanning task.
The embodiment of the present invention may also implement the function corresponding to the speed limit module 23 in a task distribution server, and perform processing for limiting the scanning task of the scanning client 1 in the task distribution server.
For the client 1, when the result returned by the speed limiting device is the scanning task, waiting for the speed limiting device to issue the scanning task;
and when the result returned by the speed limiting device is the issued scanning task, executing the scanning task.
The embodiment of the invention also provides a speed limiting device for the distributed scanning system, which comprises: a first memory and a first processor;
the first memory is used for storing a program for distributed web vulnerability scanning; the program for distributed web vulnerability scanning, when read and executed by the first processor, performs the following operations:
when the packet sending speed meets a first preset condition, sending a scanning task request to the server 2, and executing the scanning task when receiving the scanning task issued by the server 2.
The embodiment of the invention also provides a speed limiting device for the distributed scanning system, which comprises: a second memory and a second processor;
the second memory is used for storing a program for distributed web vulnerability scanning; the program for distributed web vulnerability scanning, when read and executed by the second processor, performs the following operations:
and receiving the scanning task request sent by the client 1, controlling the number of scanning processes, and issuing the scanning task to the client when the number of scanning processes meets a second preset condition.
Example 1
The method and the device for controlling the packet sending speed max _ speed can set the maximum packet sending speed max _ speed.
As shown in fig. 6, the embodiment of the present invention illustrates the steps of the speed limiting task:
the request module determines that when the packet sending speed meets a first preset condition, step 210 sends a scanning task request to the server;
when the packet transmission speed does not satisfy the first preset condition, step 230 waits for the next time.
Determining that the data packet sending speed of the scanning client does not exceed a preset maximum packet sending speed according to the scanning task; step 240, sending a scan task request.
Example 2
The method is used for maintaining a scanning queue and scanning process number, when a scanning client initiates a scanning task request A, if the scanning process number does not exceed max _ threads, a scanning task of the scanning task A is issued, and the scanning process number is increased by one; otherwise, no new task is issued.
As shown in fig. 5, the embodiment of the present invention illustrates the steps of the speed limiting task:
and step 130, when the scanning task is not in the scanning queue, adding the scanning task of the scanning client to the scanning queue.
and 150, limiting the scanning task of the scanning client.
Example 3
As shown in fig. 7, the embodiment of the present invention illustrates a process of simultaneously limiting the scanning speeds of multiple scanning clients:
the server side maintains a scanning queue of each scanning client side, and scanning key values stored in the queues comprise: a scanned domain name and a scanned client IP;
when the scanning client A determines that the packet sending speed does not exceed the preset limit, initiating a request scanning task, and the server determines whether the scanning process of the corresponding scanning client A exceeds the preset limit according to the maintained scanning queue; the server side can also count the scanning process parameters of each scanning client side in advance, and can also count the scanning process parameters of the corresponding scanning client side A in real time;
if the scanning process parameter of the scanning client A does not exceed the preset limit, a scanning task is issued to the scanning client A; otherwise, issuing a scanning task without issuing a new task or waiting for the scanning process parameter of the scanning client A not to exceed the preset limit; here, the server may maintain the scanning process parameter corresponding to the scanning client a after issuing the scanning task to the scanning client a, that is, add 1 to the scanning process parameter corresponding to the scanning client a, or count the scanning process parameter of the scanning client a again when waiting for next receiving of the scanning request initiated by the scanning client a.
Example 4
As shown in fig. 7, the embodiment of the present invention describes a process of simultaneously limiting the scanning speeds of multiple scanning clients, and the distributed scanning system of the embodiment of the present invention includes a server, a scanning client a, a scanning client B, and a scanning client C:
the server side maintains a scanning queue of each scanning client side, and scanning key values stored in the queues comprise: a scanned domain name and a scanned client IP; the server side presets the limit corresponding to the scanning process parameter of each scanning client side, and presets the total limit of the distributed scanning system; the limits corresponding to the scanning process parameters of the plurality of scanning clients can be the same or different;
when the scanning client A determines that the packet sending speed does not exceed the preset limit and initiates a request scanning task, the server determines whether the scanning process parameter of the corresponding scanning client A exceeds the preset limit according to the maintained scanning queue; the server side can also count the scanning process parameters of each scanning client side in advance, and can also count the scanning process parameters of the corresponding scanning client side A in real time;
if the scanning process parameter of the scanning client A does not exceed the preset limit, a scanning task is issued to the scanning client A; otherwise, determining whether the sum of the scanning process parameters of the scanning client A, the scanning client B and the scanning client C exceeds the total limit of the distributed scanning system or not according to the maintained scanning queue; when the total limit of the server is exceeded, a new task is not issued or a scanning process parameter of the scanning client A is waited to be not exceeded a preset limit, a scanning task is issued; when the total limit of the server is not exceeded, determining whether the scanning process parameters of other scanning clients exceed a preset limit (namely whether the scanning process parameters of the scanning client B and the scanning client C exceed the corresponding preset limit) according to the maintained scanning queue; when the scanning process parameters of the scanning client B and the scanning client C both exceed the corresponding preset limits, a new task is not issued or the scanning process parameters of the scanning client A are not waited to exceed the preset limits, and a scanning task is issued; when the scanning process parameters of the scanning client B or the scanning client C do not exceed the corresponding preset limits; and issuing the scanning task to a scanning client which does not exceed a preset limit, and maintaining the scanning process parameters corresponding to the scanning client B or the scanning client C after issuing the scanning task to the scanning client B or the scanning client C, namely adding 1 to the scanning process parameters corresponding to the scanning client B or the scanning client C, or counting the scanning process parameters of the scanning client B or the scanning client C when the scanning client B or the scanning client C initiates a request scanning task next time.
Although the embodiments of the present invention have been described above, the contents thereof are merely embodiments adopted to facilitate understanding of the technical aspects of the present invention, and are not intended to limit the present invention. It will be apparent to persons skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined in the appended claims.
Claims (18)
1. A distributed website program vulnerability scanning system is characterized by comprising a server and a client,
the client is used for controlling the packet sending speed, sending a scanning task request to the server when the packet sending speed meets a first preset condition, and executing the scanning task when receiving the scanning task issued by the server;
and the server is used for receiving the scanning task request sent by the client, controlling the number of scanning processes, and issuing the scanning task to the client when the number of scanning processes meets a second preset condition.
2. The system of claim 1, wherein: and the server is further used for limiting the scanning task of the scanning client when the number of the scanning processes does not meet a second preset condition.
3. The system of claim 2, wherein: limiting the scanning task of the scanning client comprises:
and suspending the issuing of the scanning task, or transferring the issuing of the scanning task, or waiting for the next scanning process number not to exceed the preset limit, and issuing the scanning task.
4. The system of claim 1, wherein: after receiving the scan task request sent by the client, the server is further configured to:
and determining whether the scanning task of the scanning client is in a scanning queue, and adding the scanning task of the scanning client to the scanning queue when the scanning task of the scanning client is not in the scanning queue.
5. The system of any of claims 1 to 4, wherein:
the first preset condition includes: the speed of the hair packet is less than or equal to a preset speed threshold; the second preset condition includes: the number of scanning processes is less than or equal to a predetermined process number threshold.
6. A distributed website program vulnerability scanning method is applied to a client, and comprises the following steps:
the client determines the packet sending speed;
judging whether the packet sending speed meets a first preset condition or not;
when the packet sending speed meets a first preset condition, sending a scanning task request to a server;
and receiving a scanning task issued by the server and executing the scanning task.
7. The method of claim 5, wherein: the first preset condition includes: the speed of the hair packet is less than or equal to a predetermined speed threshold.
8. A distributed website program vulnerability scanning method is applied to a server and comprises the following steps:
receiving the scanning task request sent by a client;
judging whether the number of scanning processes meets a second preset condition, and issuing the scanning task to the client when the number of scanning processes meets the second preset condition;
the scanning task request is sent when the client judges that the packet sending speed meets a first preset condition.
9. The method of claim 8, wherein the scanning task of the scanning client is limited when the number of scanning processes does not satisfy a second preset condition.
10. The method of claim 9, wherein: limiting the scanning task of the scanning client comprises:
and suspending the issued scanning task or transferring the issued scanning task or waiting for the next scanning process parameter not exceeding the preset limit, and issuing the scanning task.
11. The method of claim 8, wherein: after receiving the scan task request sent by the client, the method further includes:
and determining whether the scanning task of the scanning client is in a scanning queue, and adding the scanning task of the scanning client to the scanning queue when the scanning task of the scanning client is not in the scanning queue.
12. The utility model provides a distributed website program vulnerability scanning device which characterized in that sets up in the customer end, includes:
the request module is set to send a scanning task request to the server when the packet sending speed meets a first preset condition;
and the execution module is configured to execute the scanning task when receiving the scanning task issued by the server.
13. The utility model provides a distributed website program vulnerability scanning device which characterized in that sets up in the server side, includes:
the communication module is used for receiving a scanning request task sent by a scanning client;
the issuing module is used for controlling the number of scanning processes, and issuing the scanning task to the client when the number of the scanning processes meets a second preset condition;
the request scanning task is sent when the client judges that the packet sending speed meets a first preset condition.
14. The apparatus of claim 13, wherein: further comprising: and the speed limit module is set to limit the scanning task of the scanning client when the number of the scanning processes does not meet a second preset condition.
15. The apparatus of claim 13, wherein: the issuing module is further configured to:
and determining whether the scanning task of the scanning client is in a scanning queue, and adding the scanning task of the scanning client to the scanning queue when the scanning task of the scanning client is not in the scanning queue.
16. The apparatus of claim 14, wherein: the limiting of the scanning task of the scanning client by the speed limiting module is as follows:
and suspending the issued scanning task or transferring the issued scanning task or waiting for the next scanning process parameter not exceeding the preset limit, and issuing the scanning task.
17. A website vulnerability scanning apparatus for distribution, comprising: a first memory and a first processor; the method is characterized in that:
the first memory is used for storing a program for distributed web vulnerability scanning; the program for distributed web vulnerability scanning, when read and executed by the first processor, performs the following operations:
and when the packet sending speed meets a first preset condition, sending a scanning task request to the server, and executing the scanning task when receiving the scanning task issued by the server.
18. A website vulnerability scanning apparatus for distribution, comprising: a second memory and a second processor; the method is characterized in that:
the second memory is used for storing a program for distributed web vulnerability scanning; the program for distributed web vulnerability scanning, when read and executed by the second processor, performs the following operations:
receiving the scanning task request sent by the client, controlling the number of scanning processes, and issuing the scanning task to the client when the number of scanning processes meets a second preset condition;
the scanning task request is sent when the client judges that the packet sending speed meets a first preset condition.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610704751.0A CN106878251B (en) | 2016-08-22 | 2016-08-22 | Distributed website program vulnerability scanning system, method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610704751.0A CN106878251B (en) | 2016-08-22 | 2016-08-22 | Distributed website program vulnerability scanning system, method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106878251A CN106878251A (en) | 2017-06-20 |
| CN106878251B true CN106878251B (en) | 2020-07-03 |
Family
ID=59238904
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610704751.0A Active CN106878251B (en) | 2016-08-22 | 2016-08-22 | Distributed website program vulnerability scanning system, method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106878251B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108063755B (en) * | 2017-11-08 | 2020-12-15 | 携程旅游信息技术(上海)有限公司 | Vulnerability scanning method, system, storage medium and electronic equipment |
| CN112637119A (en) * | 2020-11-13 | 2021-04-09 | 北京大米科技有限公司 | Host scanning method and device, storage medium and electronic equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101064736A (en) * | 2006-04-30 | 2007-10-31 | 飞塔信息科技(北京)有限公司 | Computer network risk assessment device and method thereof |
| CN103856467A (en) * | 2012-12-06 | 2014-06-11 | 百度在线网络技术(北京)有限公司 | Method and distributed system for achieving safety scanning |
| CN105763562A (en) * | 2016-04-15 | 2016-07-13 | 全球能源互联网研究院 | Electric power information network vulnerability threat evaluation model establishment method faced to electric power CPS risk evaluation and evaluation system based on the model |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8438643B2 (en) * | 2005-09-22 | 2013-05-07 | Alcatel Lucent | Information system service-level security risk analysis |
-
2016
- 2016-08-22 CN CN201610704751.0A patent/CN106878251B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101064736A (en) * | 2006-04-30 | 2007-10-31 | 飞塔信息科技(北京)有限公司 | Computer network risk assessment device and method thereof |
| CN103856467A (en) * | 2012-12-06 | 2014-06-11 | 百度在线网络技术(北京)有限公司 | Method and distributed system for achieving safety scanning |
| CN105763562A (en) * | 2016-04-15 | 2016-07-13 | 全球能源互联网研究院 | Electric power information network vulnerability threat evaluation model establishment method faced to electric power CPS risk evaluation and evaluation system based on the model |
Non-Patent Citations (1)
| Title |
|---|
| "基于任务驱动的云计算平台漏洞扫描系统";张海辉,张勇,欧争光;《深圳大学学报理工版》;20140130;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106878251A (en) | 2017-06-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109257293B (en) | Speed limiting method and device for network congestion and gateway server | |
| CN106534114B (en) | Malicious attack prevention system based on big data analysis | |
| CN102143088B (en) | Method and equipment for forwarding data based on security socket layer (SSL) virtual private network (VPN) | |
| JP2015507380A (en) | How to combine stateless and stateful server load balancing | |
| WO2014152076A1 (en) | Retry and snapshot enabled cross-platform synchronized communication queue | |
| CN106878251B (en) | Distributed website program vulnerability scanning system, method and device | |
| CN114268667B (en) | Data forwarding method, device, computer equipment and storage medium | |
| CN105357239B (en) | Method and device for providing service and method and device for obtaining service | |
| CN113438256B (en) | Data transmission method, system and proxy server based on double-layer SSL | |
| CN105429975A (en) | Data safety defense system and method based on cloud terminal, and cloud terminal safety system | |
| CN114510711A (en) | Method, device, medium and computer equipment for preventing CC attack | |
| US9369384B2 (en) | Server system connection process method preventing network congestion | |
| CN109600395A (en) | A kind of device and implementation method of terminal network access control system | |
| US9203851B1 (en) | Redirection of data from an on-premise computer to a cloud scanning service | |
| US20160205135A1 (en) | Method and system to actively defend network infrastructure | |
| Liu et al. | A clusterized firewall framework for cloud computing | |
| CN113259429A (en) | Session keeping control method, device, computer equipment and medium | |
| Michelin et al. | Mitigating dos to authenticated cloud rest apis | |
| CN104601578A (en) | Recognition method and device for attack message and core device | |
| CN105939315A (en) | Method and device for protecting against HTTP attack | |
| CN106506660B (en) | A kind of online request processing method, server and system | |
| US8589605B2 (en) | Inbound message rate limit based on maximum queue times | |
| CN114513465A (en) | Load balancing method, load balancing device, electronic device and storage medium | |
| CN109842587B (en) | Method and device for monitoring system safety | |
| CN105791238A (en) | Method for preventing DHCP flooding attacks of wireless local area network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20200917 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Patentee after: Innovative advanced technology Co.,Ltd. Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Patentee before: Advanced innovation technology Co.,Ltd. Effective date of registration: 20200917 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Patentee after: Advanced innovation technology Co.,Ltd. Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands Patentee before: Alibaba Group Holding Ltd. |