CN107046527A - WEB vulnerability scannings method, apparatus and system - Google Patents
WEB vulnerability scannings method, apparatus and system Download PDFInfo
- Publication number
- CN107046527A CN107046527A CN201611246376.6A CN201611246376A CN107046527A CN 107046527 A CN107046527 A CN 107046527A CN 201611246376 A CN201611246376 A CN 201611246376A CN 107046527 A CN107046527 A CN 107046527A
- Authority
- CN
- China
- Prior art keywords
- hole
- website
- scanner
- detected
- leak
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Abstract
The invention discloses a kind of WEB vulnerability scannings method, apparatus and system, at least it can solve the problem that in the prior art because the time interval between the discovery and identification of leak is long and then makes the problem of network information security of Internet user is on the hazard.The WEB vulnerability scanning methods include:The hole scanner of Hole Detection terminal offer is obtained and stores, hole scanner is the expansible scanning tools write for specific website leak;The leak type that the hole scanner that Hole Detection terminal is provided is applicable is determined, hole scanner and its applicable leak type that displaying Hole Detection terminal is provided;The hole scanner selection request that website to be detected is sent is obtained, it is determined that the hole scanner corresponding with hole scanner selection request;Website to be detected is scanned by the hole scanner for selecting request corresponding with hole scanner.
Description
Technical field
The present invention relates to communication technical field, and in particular to a kind of WEB vulnerability scannings method, apparatus and system.
Background technology
At present, with the development of internet, the problem of inevitably being started a leak in web page program or website, hacker
Corporate secret information and the personal information of Internet user etc. often are stolen using network hole, the information to internet is pacified
Threaten entirely.
During the embodiment of the present invention is realized, inventor has found that at least there are the following problems in the prior art:At present,
Discovery for leak is substantially to utilize scanning tools or hardware scanning equipment, but either scanning tools or hardware scanning
Equipment, is all based on flow as " leak carries out analyze-extracting leak identification feature-become vulnerability scanning storehouse-upgrading ",
It discovery leak is spent longer time to identification leak, such as often have the duration of 1 to 3 months even more
The long time, and the attack based on leak is more and more in reality, often occurs due to being found to from leak between leak identification
The problem of time difference is long and cause enterprise database to be dragged, user profile leakage event, to Internet user information pacify
Cause very big risk entirely.
The content of the invention
In view of the above problems, it is proposed that the present invention so as to provide one kind overcome above mentioned problem or at least in part solve on
State WEB vulnerability scannings method, the apparatus and system of problem.
According to an aspect of the invention, there is provided a kind of WEB vulnerability scannings method, including:Obtain and store leak inspection
The hole scanner that terminal is provided is surveyed, wherein, the hole scanner is for expanding that specific website leak is write
Open up scanning tools;The leak type that the hole scanner that the Hole Detection terminal is provided is applicable is determined, the leakage is shown
Hole scanner and its applicable leak type that hole detection terminal is provided;Obtain the vulnerability scanning work that website to be detected is sent
Tool selection request, it is determined that the hole scanner corresponding with hole scanner selection request;By it is described with it is described
The corresponding hole scanner of hole scanner selection request is scanned to the website to be detected.
According to another aspect of the present invention there is provided a kind of WEB vulnerability scanners, including:First acquisition module, is suitable to
The hole scanner of Hole Detection terminal offer is obtained and stores, wherein, the hole scanner is to be directed to specific website
The expansible scanning tools that leak is write;First determining module, is adapted to determine that the leak that the Hole Detection terminal is provided is swept
The leak type that the instrument of retouching is applicable;Display module, suitable for show hole scanner that the Hole Detection terminal provides and
Its applicable leak type;Second acquisition module, the hole scanner sent suitable for obtaining website to be detected selects request;The
Two determining modules, are adapted to determine that the hole scanner corresponding with hole scanner selection request;Scan module, is fitted
The website to be detected is carried out in by the hole scanner for selecting request corresponding with the hole scanner
Scanning.
In accordance with a further aspect of the present invention there is provided a kind of WEB vulnerability scanning systems, including any of the above-described described leak
Scanning means, the website to be detected and the Hole Detection terminal.
In WEB vulnerability scannings method provided in an embodiment of the present invention, apparatus and system, obtain first and store leak inspection
The hole scanner that terminal is provided is surveyed, wherein, hole scanner expansible is swept for what specific website leak was write
Retouch instrument;It is then determined that the leak type that the hole scanner that Hole Detection terminal is provided is applicable, and show Hole Detection
Hole scanner and its applicable leak type that terminal is provided;The hole scanner that website to be detected is sent is obtained simultaneously
Selection request, it is determined that the hole scanner corresponding with hole scanner selection request;Finally by with vulnerability scanning work
The corresponding hole scanner of tool selection request is scanned to the website to be detected.As can be seen here, the present invention is solved
Because the time interval between the discovery and identification of leak is long and then the network information security of Internet user is on the hazard
The problem of there is provided a kind of WEB vulnerability scannings scheme, maintain the safety of the network information of Internet user.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention,
And can be practiced according to the content of specification, and in order to allow above and other objects of the present invention, feature and advantage can
Become apparent, below especially exemplified by the embodiment of the present invention.
Brief description of the drawings
By reading the detailed description of hereafter preferred embodiment, various other advantages and benefit is common for this area
Technical staff will be clear understanding.Accompanying drawing is only used for showing the purpose of preferred embodiment, and is not considered as to the present invention
Limitation.And in whole accompanying drawing, identical part is denoted by the same reference numerals.In the accompanying drawings:
Fig. 1 shows a kind of flow chart for WEB vulnerability scannings method that one embodiment of the invention is provided;
Fig. 2 shows a kind of flow chart for WEB vulnerability scannings method that another specific embodiment of the invention is provided;
Fig. 3 shows a kind of structured flowchart for WEB vulnerability scanners that one embodiment of the invention is provided;
Fig. 4 shows a kind of structured flowchart for WEB vulnerability scanners that another specific embodiment of the invention is provided;
Fig. 5 shows a kind of structured flowchart for WEB vulnerability scanning systems that further embodiment of the present invention is provided.
Fig. 6 shows a kind of structured flowchart for WEB vulnerability scanning systems that another specific embodiment of the invention is provided.
Embodiment
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although illustrating the disclosure in accompanying drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here
Limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure
Complete conveys to those skilled in the art.
Fig. 1 shows a kind of flow chart for WEB vulnerability scannings method that one embodiment of the invention is provided.As shown in figure 1,
This method comprises the following steps:
Step S110:The hole scanner of Hole Detection terminal offer is obtained and stores, wherein, hole scanner is
The expansible scanning tools write for specific website leak.
Specifically, Hole Detection terminal can write corresponding expansible sweep for the leak type of specific website leak
Instrument is retouched, such as writing vulnerability scanning script, for carrying out vulnerability scanning for specific leak type.In the present embodiment
In, Hole Detection terminal can be multiple., can be in webpage circle when obtaining the hole scanner that Hole Detection terminal is provided
One submission entrance on above-mentioned hole scanner is set in face, obtained by the submission entrance in Hole Detection terminal
The hole scanner of biography, and acquired hole scanner is stored.
Step S120:The leak type that the hole scanner that Hole Detection terminal is provided is applicable is determined, leak is shown
The hole scanner and its applicable leak type of terminal offer are provided.
Specifically, after obtaining and the hole scanner of Hole Detection terminal offer is provided, leak is further determined that
The leak type that scanning tools are applicable, then shows the leakage that Hole Detection terminal is provided according to determination result in web interface
Hole scanning tools and the leak type suitable for above-mentioned hole scanner, for being treated in subsequent step (correspondence step S130)
Detection website can be selected hole scanner according to above-mentioned exhibition information.
Step S130:The hole scanner selection request that website to be detected is sent is obtained, it is determined that and hole scanner
The corresponding hole scanner of selection request.
Specifically, website to be detected is to need the manufacturer, the net of enterprise that are detected to own website leak in internet
Stand, in the present embodiment, object to be detected can be multiple.Hole scanner selection request is website to be detected according to certainly
The request that the characteristics of body website vulnerability sends, wherein the information such as leak type of own website leak comprising website to be detected.
When obtaining the hole scanner selection request that website to be detected is sent, one can be set in web interface on above-mentioned
The request entrance of hole scanner selection request, the vulnerability scanning that website to be detected is sent is obtained by above-mentioned request entrance
Instrument selection request, and according to information and steps such as the leak types included in the selection request of the hole scanner of above-mentioned acquisition
The leak type that the hole scanner that rapid S120 is determined is applicable, it is determined that the leakage corresponding with hole scanner selection request
Hole scanning tools.Wherein, the vulnerability scanning that above-mentioned hole scanner provides for the Hole Detection terminal that is stored in step S110
Instrument.
Step S140:Website to be detected is entered by the hole scanner for selecting request corresponding with hole scanner
Row scanning.
Specifically, after it is determined that selecting the corresponding hole scanner of request with hole scanner, by above-mentioned
The hole scanner of determination carries out vulnerability scanning to website to be detected, and is tied according to the corresponding scanning of above-mentioned scanning process generation
Really, scanning result is then sent to corresponding website to be detected, so that website to be detected is found certainly in time according to scanning result
Vulnerability information in body website.
As can be seen here, in WEB vulnerability scannings method provided in an embodiment of the present invention, obtain first and store Hole Detection end
The hole scanner provided is provided, wherein, hole scanner is the expansible scanning work write for specific website leak
Tool;It is then determined that the leak type that the hole scanner that Hole Detection terminal is provided is applicable, and show Hole Detection terminal
The hole scanner of offer and its applicable leak type;The hole scanner selection that website to be detected is sent is obtained simultaneously
Request, it is determined that the hole scanner corresponding with hole scanner selection request;Selected finally by with hole scanner
Select and ask corresponding hole scanner to be scanned the website to be detected.Therefore, the present invention is solved due to leak
Discovery and identification between time interval it is long and then make the problem of network information security of Internet user is on the hazard, have
Effect shorten leak find and leak identification between time interval there is provided a kind of WEB vulnerability scannings scheme, improve confrontation
The ability of leak.
Fig. 2 shows a kind of flow chart for WEB vulnerability scannings method that another specific embodiment of the invention is provided.As schemed
Shown in 2, this method comprises the following steps:
Step S210:Receive in advance and preserve the mailing address of website to be detected, the corresponding detection address in website to be detected
And the mailing address of Hole Detection terminal.
Specifically, website to be detected is to need manufacturer, enterprise for being detected to its website vulnerability information etc. in internet
Website, and object to be detected quantity to be multiple.Hole Detection terminal can be compiled for the type of specific website leak
The terminal of corresponding hole scanner is write, and the quantity of Hole Detection terminal is also multiple.Receiving and preserving to be detected
During the mailing address of the mailing address of website, the corresponding detection address in website to be detected and Hole Detection terminal, it can set
One information registration procedure, passes through above- mentioned information registration process typing website to be detected and the mailing address of Hole Detection terminal
Information, detection address information etc..Wherein, the mailing address of website to be detected and Hole Detection terminal can for email address or
Person is for specific contact account address set by each website to be detected and Hole Detection terminal etc., website pair to be detected
The detection address answered can be chained address for being included in the address of website homepage of website to be detected, website etc..
Step S220:The hole scanner of Hole Detection terminal offer is obtained and stores, hole scanner is to be directed to
The expansible scanning tools that specific website leak is write.
Specifically, pair that hole scanner is write by Hole Detection terminal for the leak type of specific website leak
The expansible scanning tools answered, the instrument can carry out vulnerability scanning for specific leak type.In the present embodiment, leak
Script plug-in unit of the scanning tools particularly for vulnerability scanning.When obtaining the hole scanner that Hole Detection terminal is provided,
One submission entrance on above-mentioned hole scanner can be set in web interface, obtained Lou by the submission entrance
The hole scanner that hole detection terminal is uploaded, for example, a submitting button can be set in web interface, is leaked by responding
The associative operation (such as clicking operation) that the above-mentioned submitting button of hole detection terminal-pair is carried out uploads to obtain Hole Detection terminal
Hole scanner and acquired hole scanner is stored.Also, further, obtaining and storing leak
Detect after the hole scanner that terminal is provided, can also further receive and show that the leak that Hole Detection terminal is provided is swept
The corresponding value information of instrument is retouched, for the leak that can be provided in subsequent step (correspondence step S270) Hole Detection terminal
The corresponding value information of scanning tools is determined.
Step S230:The leak type that the hole scanner that Hole Detection terminal is provided is applicable is determined, leak is shown
The hole scanner and its applicable leak type of terminal offer are provided.
Specifically, after obtaining and the hole scanner of Hole Detection terminal offer is provided, leak is further determined that
The leak type that scanning tools are applicable, then shows the leakage that Hole Detection terminal is provided according to determination result in web interface
Hole scanning tools and the leak type suitable for above-mentioned hole scanner, so as in subsequent step (correspondence step S240)
Website to be detected can be selected hole scanner according to above-mentioned exhibition information.Wherein, it is determined that vulnerability scanning work
Used in tool during leak type, the leak application type information that can be provided by Hole Detection terminal determines leak class
Type, the information that be included of hole scanner that can also be provided for Hole Detection terminal determine leak type, specific real
The determination mode of its in applying can flexibly be selected by those skilled in the art, and the present invention is not limited this.
When showing the hole scanner and its applicable leak type that Hole Detection terminal is provided, it will directly can leak
The hole scanner and its applicable leak type that hole detection terminal is provided carry out exhibition to all users of vulnerability scanning platform
Show.Or, in order to improve the privacy and specific aim of information, a displaying authority selection window, Hole Detection can also be set
Terminal screens website to be detected by being configured to realize to the displaying rights parameters included in displaying authority selection window
Purpose, and show the hole scanner and its applicable that the Hole Detection terminal is provided only for the website to be detected filtered out
Leak type.For example, the displaying rights parameters included in displaying authority selection window can include:Standard rights parameter, safety
Rights parameters and open rights parameters etc..Wherein, when showing in authority selection window comprising security permission parameter, show
The hole scanner that the Hole Detection terminal is provided be only oriented to predetermined number by certification, the website that security is higher enters
Row displaying;When showing in authority selection window comprising open rights parameters, show that the leak that the Hole Detection terminal is provided is swept
Instrument is retouched to be shown towards all websites;When showing in authority selection window comprising standard rights parameter, show the leakage
The hole scanner that hole detection terminal is provided is shown towards most popular websites.The exhibition method of its in specific implementation can be by
Those skilled in the art are flexibly selected, and the present invention is not limited this.For example, the displaying power included in displaying authority selection window
Parameter is limited in addition to can be according to security classification, can also be divided according to the Type of website.
Step S240:Corresponding selection entrance is set for the hole scanner that Hole Detection terminal is provided and shown above-mentioned
Select entrance.
Specifically, it is determined that after the leak type that is applicable of hole scanner that Hole Detection terminal is provided, to be upper
State hole scanner and corresponding selection entrance be set, can for example be set in webpage one it is corresponding select entrance button or
Person selects portal page, and the selection entrance of above-mentioned setting is illustrated in corresponding Webpage, for subsequent step (correspondence
Step S250) in the hole scanner that website to be detected sends received by above-mentioned set selection entrance select to ask.
Step S250:The hole scanner selection request that website to be detected is sent is obtained, it is determined that and hole scanner
The corresponding hole scanner of selection request.
Specifically, hole scanner selection request is asking that website to be detected is sent according to the characteristics of own website leak
Ask, wherein the information such as leak type of own website leak comprising website to be detected.Obtaining the leakage that website to be detected is sent
During the scanning tools selection request of hole, above-mentioned request is obtained by the selection entrance set in step S240.It is determined that and leak
When corresponding hole scanner is asked in scanning tools selection, wrapped according in the selection request of the hole scanner of above-mentioned acquisition
The leak type that the hole scanner determined in the information such as the leak type contained and step S230 is applicable, it is determined that and leak
The corresponding hole scanner of scanning tools selection request.
Step S260:Website to be detected is entered by the hole scanner for selecting request corresponding with hole scanner
Row scanning, and scanning result is sent to by website to be detected according to the mailing address of website to be detected.
Specifically, when being scanned using Hole Detection instrument to website to be detected, by being selected with hole scanner
Select and ask corresponding hole scanner to be scanned the corresponding detection address in website to be detected, and given birth to by above-mentioned scanning
Into corresponding scanning result, then by the mailing address of website to be detected that is preserved in step S210 by above-mentioned scanning result
It is sent to website to be detected.Wherein, vulnerability information corresponding with the website to be detected is included in above-mentioned scanning result.Also,
When generating corresponding scanning result, the severity level of the vulnerability information included in scanning result can also be classified, example
Such as, the scanning result of vulnerability information according to the order of seriousness from high to low can be divided into high-risk rank, middle danger rank, low danger
These three grades of rank, then it is determined that during scanning result, scanning result correspondence can be defined as into above three grade, to realize
Sent to website to be detected after scanning result, remind and inform the purpose of the security of its vulnerability information of website to be detected;Or,
Above-mentioned scanning result can not also be classified, scanning result is directly sent to website to be detected, to realize to be detected
Website shows the purpose of corresponding scanning result.
Step S270:The result feedback information that website to be detected is sent is received, result feedback information is sent to offer leakage
The Hole Detection terminal of hole scanning tools.
Wherein, as a result feedback information is determined according to the corresponding value information of hole scanner.That is, result is fed back
Include the information confirmed to the corresponding value information of hole scanner in information, receive result feedback information it
Afterwards, the above results feedback information is sent to Hole Detection terminal, for Hole Detection terminal according to the value information of confirmation more
It is new itself to comment grading information.Specifically, website to be detected is tied after scanning result is received to above-mentioned scanning result
Fruit confirms, and further sends corresponding result feedback information according to confirmation result.Wherein, because scanning result is by leak
The hole scanner that detection terminal is submitted is scanned what is submitted afterwards, and centre may have some error messages or simultaneously
Not necessarily meet the situation the need for website to be detected, it is therefore desirable to correctness and validity of the website to be detected to vulnerability information
Verified, to further ensure that the correctness and validity of vulnerability information, and send corresponding result feedback after verification
Information.After the result feedback information that website to be detected is sent is received, the above results feedback information is sent to offer leakage
The Hole Detection terminal of hole scanning tools, so that Hole Detection terminal updates the letter such as scoring of itself according to the value information of confirmation
Breath.
Pass through the method in the embodiment of the present invention, it is possible to achieve following beneficial effect:
The present invention can be shortened the time difference that leak is found and leak is recognized by 1 to 3 months (or even longer time)
To 1 day even within several hours, and can be customized according to the requirement of user, solve user need it is high-quality and
The quick demand for finding website vulnerability, drastically increases the ability resisted with leak.
The invention provides it is a kind of can the scanning engine based on script plug-in extension scan capability, based on the engine, only
Corresponding script plug-in unit is write, the ability for the vulnerability scanning that can just upgrade immediately, without carrying out special collection action, i.e.,:
Only need to write corresponding script plug-in unit in the present invention, the mesh thus, it is possible to realize the ability of upgrading vulnerability scanning immediately
, and special collection action need not be carried out during it;On the other hand, the present invention can be leakage using Hole Detection terminal
Hole provides script plug-in unit, the ability for enabling hole scanner to keep Real time identification leak, when improving hole scanner
Effect property and availability.
As can be seen here, in WEB vulnerability scannings method provided in an embodiment of the present invention, receive in advance first and preserve to be checked
The mailing address of the mailing address at survey grid station, the corresponding detection address in website to be detected and Hole Detection terminal, is then obtained
And the hole scanner of Hole Detection terminal offer is provided, wherein, hole scanner is compiled for specific website leak
The expansible scanning tools write;The leak class that the hole scanner that Hole Detection terminal is provided is applicable is determined after this
Type, and the hole scanner and its applicable leak type of the offer of Hole Detection terminal are provided, and carried for Hole Detection terminal
The hole scanner of confession sets corresponding selection entrance and shows above-mentioned selection entrance;And further obtain website hair to be detected
The hole scanner selection request sent, it is determined that the hole scanner corresponding with hole scanner selection request, then
By selecting the corresponding hole scanner of request to be scanned to website to be detected and to be detected with hole scanner
Website sends scanning result, finally receives the result feedback information that website to be detected is sent, result feedback information is sent to and carried
For the Hole Detection terminal of hole scanner.Therefore, the present invention solves the time between the discovery and identification due to leak
The problem of interval network information security that is long and then making Internet user is on the hazard, effectively shortens leak and finds and leak
Time interval between identification, can accomplish the processing of real-time to the discovery and identification of leak, improve confrontation leak
Ability.
Fig. 3 shows a kind of structured flowchart for WEB vulnerability scanners that one embodiment of the invention is provided.Such as Fig. 3 institutes
Show, the device includes:First acquisition module 31, the first determining module 32, display module 33, the second acquisition module 34, second are true
Cover half block 35 and scan module 36.
First acquisition module 31 is suitable to the hole scanner for obtaining and storing the offer of Hole Detection terminal, wherein, it is described
Hole scanner is the expansible scanning tools write for specific website leak.
Specifically, Hole Detection terminal can write corresponding expansible sweep for the leak type of specific website leak
Instrument is retouched, such as writing vulnerability scanning script, for carrying out vulnerability scanning for specific leak type.In the present embodiment
In, Hole Detection terminal can be multiple.First acquisition module 31 is obtaining the hole scanner that Hole Detection terminal is provided
When, a submission entrance on above-mentioned hole scanner can be set in web interface, obtained by the submission entrance
The hole scanner for taking Hole Detection terminal to upload, and acquired hole scanner is stored.
First determining module 32 is adapted to determine that the leak type that the hole scanner that Hole Detection terminal is provided is applicable.
Specifically, after the first acquisition module 31 obtains and stored the hole scanner that Hole Detection terminal is provided,
Determining module 32 further determines that the leak type that hole scanner is applicable.Then it will determine that result is sent to display module
33。
Display module 33 is suitable to hole scanner and its applicable leak type that displaying Hole Detection terminal is provided;
Specifically, after display module 33 receives the determination result of the transmission of determining module 32, exist according to determination result
The hole scanner and the leak suitable for above-mentioned hole scanner of Hole Detection terminal offer are provided in web interface
Type.
Second acquisition module 34 is suitable to obtain the hole scanner selection request that website to be detected is sent.Specifically, treat
Detection website is to need manufacturer, website of enterprise for being detected to own website leak etc. in internet, in the present embodiment,
Object to be detected can be multiple.Hole scanner selection request is sent out for website to be detected according to the characteristics of own website leak
The request sent, wherein the information such as leak type of own website leak comprising website to be detected.Second acquisition module 34 is being obtained
During the hole scanner selection request for taking website to be detected to send, one can be set in web interface on above-mentioned leak
The request entrance of scanning tools selection request, the hole scanner that website to be detected is sent is obtained by above-mentioned request entrance
Selection request.
Second determining module 35 is adapted to determine that the hole scanner corresponding with hole scanner selection request.
Specifically, after the second acquisition module 34 obtains the hole scanner selection request that website to be detected is sent,
Second determining module 35 selects in request the information such as leak type for including and the according to the hole scanner of above-mentioned acquisition
The leak type that the hole scanner determined in one determining module 32 is applicable, it is determined that asking phase with hole scanner selection
Corresponding hole scanner.
Scan module 36 is suitable to treat to described by the hole scanner for selecting request corresponding with hole scanner
Detection website is scanned.
Specifically, the hole scanner corresponding with hole scanner selection request is determined in the second determining module 35
Afterwards, scan module 36 carries out vulnerability scanning by the hole scanner of above-mentioned determination to website to be detected, and according to above-mentioned
Scanning process generates corresponding scanning result, scanning result then is sent into corresponding website to be detected, for survey grid to be checked
Stand the vulnerability information found in time according to scanning result in own website.
As can be seen here, in WEB vulnerability scanners provided in an embodiment of the present invention, the first acquisition module 31 is passed through first
The hole scanner of Hole Detection terminal offer is obtained and stores, wherein, hole scanner is to be directed to specific website leak
The expansible scanning tools write;Then the vulnerability scanning work that Hole Detection terminal is provided is determined by the first determining module 32
Have the leak type being applicable, and the hole scanner of Hole Detection terminal offer is shown by display module 33 and its is applicable
Leak type;The hole scanner selection request that website to be detected is sent is obtained by the second acquisition module 34 simultaneously, and
The hole scanner corresponding with hole scanner selection request is determined by the second determining module 35;Finally by scanning
Module 36 is scanned by the hole scanner for selecting request corresponding with hole scanner to the website to be detected.
Therefore, the time interval between the discovery and identification of the invention solved due to leak is long and then makes the network of Internet user
The problem of information security is on the hazard, effectively shorten leak find and leak identification between time interval there is provided one kind
WEB vulnerability scanning schemes, improve the ability of confrontation leak.
Fig. 4 shows a kind of structured flowchart for WEB vulnerability scanners that another specific embodiment of the invention is provided.Such as
Shown in Fig. 4, the device includes:First receives and obtains the 41, first determining module 42, display module 43, the second acquisition module 44, the
Two connect determining module 45 and scan module 46, sending module 47 and result feedback module 48.
First acquisition module 41 is suitable to the hole scanner for obtaining and storing the offer of Hole Detection terminal, wherein, it is described
Hole scanner is the expansible scanning tools write for specific website leak.
Specifically, pair that hole scanner is write by Hole Detection terminal for the leak type of specific website leak
The expansible scanning tools answered, the instrument can carry out vulnerability scanning for specific leak type.In the present embodiment, leak
Script plug-in unit of the scanning tools particularly for vulnerability scanning.The leakage that Hole Detection terminal is provided is obtained in the first acquisition module 41
During the scanning tools of hole, a submission entrance on above-mentioned hole scanner can be set in web interface, carried by this
Hand over entrance to obtain the hole scanner of Hole Detection terminal upload, for example, a submission can be set in web interface
Button, is obtained Lou by responding the associative operation (such as clicking operation) of the above-mentioned submitting button progress of Hole Detection terminal-pair
The hole scanner of hole detection terminal upload is simultaneously stored acquired hole scanner.
First determining module 42 is adapted to determine that the leak type that the hole scanner that Hole Detection terminal is provided is applicable.
Specifically, after the first acquisition module 41 obtains and stored the hole scanner that Hole Detection terminal is provided,
First determining module 42 further determines that the leak type that hole scanner is applicable, and then will determine that result is sent to displaying
Module 43.With wherein, it is determined that during leak type used in hole scanner, can be provided by Hole Detection terminal
Leak application type information come determine leak type, can also for Hole Detection terminal provide hole scanner be included
Information determine leak type, the determination mode of its in specific implementation can flexibly select by those skilled in the art, and the present invention is right
This is not limited.
Display module 43 is suitable to the hole scanner and its applicable leak class for showing that the Hole Detection terminal is provided
Type.
Display module 43, can when showing the hole scanner and its applicable leak type that Hole Detection terminal is provided
With the hole scanner for directly providing Hole Detection terminal and its applicable leak type owning to vulnerability scanning platform
User is shown.Or, in order to improve the privacy and specific aim of information, a displaying authority selection window can also be set
Mouthful, Hole Detection terminal to the displaying rights parameters included in displaying authority selection window by being configured to realize that screening is treated
The purpose of website is detected, and the hole scanner that the Hole Detection terminal is provided is shown only for the website to be detected filtered out
And its applicable leak type.For example, the displaying rights parameters included in displaying authority selection window can include:Standard rights
Parameter, security permission parameter and open rights parameters etc..Wherein, join when in displaying authority selection window comprising security permission
Number when, show the Hole Detection terminal provide hole scanner be only oriented to predetermined number by certification, security compared with
High website is shown;When showing in authority selection window comprising open rights parameters, show that the Hole Detection terminal is carried
The hole scanner of confession is shown towards all websites;Standard rights parameter is included in authority selection window when showing
When, show that the hole scanner that the Hole Detection terminal is provided is shown towards most popular websites.Its in specific implementation
Exhibition method can flexibly be selected by those skilled in the art, and the present invention is not limited this.For example, in displaying authority selection window
Comprising displaying rights parameters in addition to can be according to security classification, can also be divided according to the Type of website.
Second acquisition module 44 is suitable to obtain the hole scanner selection request that website to be detected is sent.
Specifically, hole scanner selection request is asking that website to be detected is sent according to the characteristics of own website leak
Ask, wherein the information such as leak type of own website leak comprising website to be detected.Second acquisition module 44 is obtaining to be checked
During the hole scanner selection request that survey grid station is sent, above-mentioned ask is obtained by the selection entrance set in Webpage
Ask.
Second determining module 45 determines the hole scanner corresponding with hole scanner selection request.
Second determining module 45 when it is determined that selecting request corresponding hole scanner with hole scanner, according to
Information and first determinations such as the leak type included in the hole scanner selection request obtained in the second acquisition module 44
The leak type that the hole scanner determined in module 42 is applicable, it is determined that corresponding with hole scanner selection request
Hole scanner.
Scan module 46 is suitable to treat to described by the hole scanner for selecting request corresponding with hole scanner
Detection website is scanned.
Specifically, scan module 46 using Hole Detection instrument to website to be detected when being scanned, by with leak
The corresponding hole scanner of scanning tools selection request is scanned to the corresponding detection address in website to be detected, and is passed through
Above-mentioned scanning generates corresponding scanning result, and then scanning result is sent to sending module 47.Wherein, wrapped in above-mentioned scanning result
Contain vulnerability information corresponding with the website to be detected.Also, can also be to scanning result when generating corresponding scanning result
In the severity level of vulnerability information that includes classified, for example, can by the scanning result of vulnerability information according to seriousness from
High to Low order is divided into high-risk rank, middle danger rank, low these three grades of danger rank, then it is determined that during scanning result, can be with
Scanning result correspondence is defined as above three grade, is sent with realizing to website to be detected after scanning result, is reminded and inform
The purpose of the security of its vulnerability information of website to be detected;Or, above-mentioned scanning result can not also be classified, directly will
Scanning result is sent to website to be detected, to realize the purpose that corresponding scanning result is shown to website to be detected.
Sending module 47 is suitable to the mailing address for receiving and preserving the website to be detected in advance, and according to described to be detected
Scanning result is sent to the website to be detected by the mailing address of website.
Specifically, sending module 47 is when receiving the scanning result of the transmission of scan module 46, according to receiving and protect in advance
Above-mentioned scanning result is sent to website to be detected by the mailing address for the website to be detected deposited.
As a result feedback module 48 is suitable to the mailing address for receiving and preserving the Hole Detection terminal in advance, and receives described
The result feedback information that website to be detected is sent, the result feedback information is sent to the leakage for providing the hole scanner
Detect terminal in hole.
Wherein, as a result feedback information is determined according to the corresponding value information of hole scanner.That is, result is fed back
Include the information confirmed to the corresponding value information of hole scanner in information, received in result feedback module 48
As a result after feedback information, the above results feedback information is sent to Hole Detection terminal, so that Hole Detection terminal is according to really
What the value information recognized updated itself comments grading information.
As can be seen here, in WEB vulnerability scanners provided in an embodiment of the present invention, receive in advance first and preserve to be checked
The mailing address of the mailing address at survey grid station, the corresponding detection address in website to be detected and Hole Detection terminal, then passes through
First acquisition module 41 obtains and stores the hole scanner of Hole Detection terminal offer, wherein, hole scanner is pin
The expansible scanning tools write to specific website leak;Determine that Hole Detection is whole by the first determining module 42 after this
The leak type that the hole scanner that end is provided is applicable, and the leakage that Hole Detection terminal is provided is shown by display module 43
Hole scanning tools and its applicable leak type, and the hole scanner provided for Hole Detection terminal sets corresponding selection
Entrance simultaneously shows above-mentioned selection entrance;And the vulnerability scanning that website to be detected is sent further is obtained by the second acquisition module 44
Instrument selection request, then determines the vulnerability scanning corresponding with hole scanner selection request by the second determining module 45
Instrument, and by scan module 46 by selecting the corresponding hole scanner of request to net to be detected with hole scanner
Station is scanned, and sends scanning result to by the website to be detected of sending module 47, is connect finally by result feedback module 48
The result feedback information that website to be detected is sent is received, result feedback information is sent to the Hole Detection for providing hole scanner
Terminal.Therefore, the time interval between the discovery and identification of the invention solved due to leak is long and then makes Internet user
Network information security the problem of be on the hazard, effectively shorten leak and find time interval between leak identification, can
The processing of real-time is accomplished in discovery and identification to leak, improves the ability of confrontation leak.
Fig. 5 shows a kind of structured flowchart for WEB vulnerability scanning systems 500 that further embodiment of the present invention is provided.Such as
Shown in Fig. 5, the WEB vulnerability scanning systems include above-mentioned Fig. 3 shown in WEB vulnerability scanners 50, website to be detected 57 and
Hole Detection terminal 58, wherein, WEB vulnerability scanners 50 are specifically included:First acquisition module 51, the first determining module 52,
Display module 53, the second acquisition module 54, the second determining module 55 and scan module 56.Website 57 to be detected and leak inspection
The concrete structure and operation principle for surveying terminal 58 can refer to the description of corresponding steps in embodiment of the method, and here is omitted.
Fig. 6 shows a kind of structured flowchart for WEB vulnerability scanning systems that another specific embodiment of the invention is provided.Such as
Shown in Fig. 6, the WEB vulnerability scanning systems include above-mentioned Fig. 4 shown in WEB vulnerability scanners 60, website to be detected 69 and
Hole Detection terminal 60, wherein, WEB vulnerability scanners 60 are specifically included:First the 61, first determining module 62 of reception acquisition,
Display module 63, the second acquisition module 64, second connect determining module 65 and scan module 66, sending module 67 and result are anti-
Present module 68.The concrete structure and operation principle of website 69 to be detected and Hole Detection terminal 60 can refer in embodiment of the method
The description of corresponding steps, here is omitted.
Algorithm and displaying be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein.
Various general-purpose systems can also be used together with based on teaching in this.As described above, construct required by this kind of system
Structure be obvious.In addition, the present invention is not also directed to any certain programmed language.It is understood that, it is possible to use it is various
Programming language realizes the content of invention described herein, and the description done above to language-specific is to disclose this hair
Bright preferred forms.
In the specification that this place is provided, numerous specific details are set forth.It is to be appreciated, however, that the implementation of the present invention
Example can be put into practice in the case of these no details.In some instances, known method, structure is not been shown in detail
And technology, so as not to obscure the understanding of this description.
Similarly, it will be appreciated that in order to simplify the disclosure and help to understand one or more of each inventive aspect, exist
Above in the description of the exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes
In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect following intention:It is i.e. required to protect
The application claims of shield features more more than the feature being expressly recited in each claim.More precisely, such as following
Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore,
Thus the claims for following embodiment are expressly incorporated in the embodiment, wherein each claim is in itself
All as the separate embodiments of the present invention.
Those skilled in the art, which are appreciated that, to be carried out adaptively to the module in the equipment in embodiment
Change and they are arranged in one or more equipment different from the embodiment.Can be the module or list in embodiment
Member or component be combined into a module or unit or component, and can be divided into addition multiple submodule or subelement or
Sub-component.In addition at least some in such feature and/or process or unit exclude each other, it can use any
Combination is disclosed to all features disclosed in this specification (including adjoint claim, summary and accompanying drawing) and so to appoint
Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification (including adjoint power
Profit is required, summary and accompanying drawing) disclosed in each feature can or similar purpose identical, equivalent by offer alternative features come generation
Replace.
Although in addition, it will be appreciated by those of skill in the art that some embodiments described herein include other embodiments
In included some features rather than further feature, but the combination of the feature of be the same as Example does not mean in of the invention
Within the scope of and form different embodiments.For example, in the following claims, times of embodiment claimed
One of meaning mode can be used in any combination.
The present invention all parts embodiment can be realized with hardware, or with one or more processor run
Software module realize, or realized with combinations thereof.It will be understood by those of skill in the art that can use in practice
Microprocessor or digital signal processor (DSP) realize one in WEB vulnerability scanning equipments according to embodiments of the present invention
The some or all functions of a little or whole parts.The present invention is also implemented as performing method as described herein
Some or all equipment or program of device (for example, computer program and computer program product).It is such to realize
The program of the present invention can be stored on a computer-readable medium, or can have the form of one or more signal.This
The signal of sample can be downloaded from internet website and obtained, and either provided or carried in any other form on carrier signal
For.
It should be noted that the present invention will be described rather than limits the invention for above-described embodiment, and ability
Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference symbol between bracket should not be configured to limitations on claims.Word "comprising" is not excluded the presence of not
Element or step listed in the claims.Word "a" or "an" before element does not exclude the presence of multiple such
Element.The present invention can be by means of including the hardware of some different elements and coming real by means of properly programmed computer
It is existing.In if the unit claim of equipment for drying is listed, several in these devices can be by same hardware branch
To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and run after fame
Claim.
The invention discloses:A1, a kind of WEB vulnerability scannings method, including:
The hole scanner of Hole Detection terminal offer is obtained and stores, wherein, the hole scanner is to be directed to
The expansible scanning tools that specific website leak is write;
The leak type that the hole scanner that the Hole Detection terminal is provided is applicable is determined, the leak inspection is shown
Survey hole scanner and its applicable leak type that terminal is provided;
The hole scanner selection request that website to be detected is sent is obtained, it is determined that please with hole scanner selection
Seek corresponding hole scanner;
By the hole scanner corresponding with hole scanner selection request to the survey grid to be checked
Station is scanned.
A2, the method according to A1, wherein, it is described to determine the hole scanner institute that the Hole Detection terminal is provided
After the step of applicable leak type, further comprise step:The hole scanner provided for the Hole Detection terminal
Corresponding selection entrance is set, then the hole scanner and its applicable leak type of the Hole Detection terminal offer are provided
When, further show the selection entrance;
It is then described to receive the hole scanner selection request that website to be detected is sent, it is determined that with the hole scanner
The step of corresponding hole scanner is asked in selection specifically includes:Website to be detected is obtained to send by the selection entrance
Hole scanner selection request, according to it is described selection entrance and hole scanner between corresponding relation determine with it is described
The corresponding hole scanner of hole scanner selection request.
A3, the method according to A1 or A2, wherein, methods described further comprises step:Receive in advance and preserve institute
State the mailing address of website to be detected, then it is described to be swept by the leak for selecting request corresponding with the hole scanner
Retouch after the step of instrument is scanned to the website to be detected, further comprise:According to the communication of the website to be detected
Scanning result is sent to the website to be detected by address.
A4, according to any described methods of A1-A3, wherein, methods described further comprises step:Receive and preserve in advance
The corresponding detection address in the website to be detected, then it is described with the hole scanner to select request corresponding by described
The step of hole scanner is scanned to the website to be detected specifically includes:Pass through the described and vulnerability scanning work
The tool selection corresponding hole scanner of request is scanned to the corresponding detection address in the website to be detected.
A5, according to any described methods of A1-A4, wherein, methods described further comprises step:Receive and preserve in advance
The mailing address of the Hole Detection terminal, then according to scanning result is sent to by the mailing address of the website to be detected
After the step of website to be detected, further comprise step:
The result feedback information that the website to be detected is sent is received, it is described that the result feedback information is sent into offer
The Hole Detection terminal of hole scanner.
A6, the method according to A5, wherein, methods described further comprises:
Receive and show the corresponding value information of hole scanner that the Hole Detection terminal is provided in advance, then it is described
As a result feedback information is determined according to the corresponding value information of the hole scanner.
A7, according to any described methods of A1-A6, wherein, the quantity of the website to be detected is multiple, and the leak
The quantity for detecting terminal is multiple.
A8, the method according to A1-A7 is any, wherein, the hole scanner is script plug-in unit.
The invention also discloses:B9, a kind of WEB vulnerability scanners, including:
First acquisition module, the hole scanner suitable for obtaining and storing the offer of Hole Detection terminal, wherein, the leakage
Hole scanning tools are the expansible scanning tools write for specific website leak;
First determining module, is adapted to determine that the leak class that the hole scanner that the Hole Detection terminal is provided is applicable
Type;
Display module, hole scanner and its applicable leak class suitable for showing the Hole Detection terminal offer
Type;
Second acquisition module, the hole scanner sent suitable for obtaining website to be detected selects request;
Second determining module, is adapted to determine that the hole scanner corresponding with hole scanner selection request;
Scan module, suitable for passing through the hole scanner pair corresponding with hole scanner selection request
The website to be detected is scanned.
B10, the device according to B9, wherein, the display module is further used for:Carried for the Hole Detection terminal
The hole scanner of confession sets corresponding selection entrance, and is showing the hole scanner that the Hole Detection terminal is provided
And its during applicable leak type, further show the selection entrance;
Then second receiving module specifically for:Website to be detected is obtained to sweep by the leak of the selection entrance transmission
Instrument selection request is retouched, is determined and the vulnerability scanning according to the corresponding relation between the selection entrance and hole scanner
The corresponding hole scanner of instrument selection request.
B11, the device according to B9 or B10, wherein, described device further comprises:
Sending module, the mailing address suitable for receiving and preserving the website to be detected in advance, and according to described to be detected
Scanning result is sent to the website to be detected by the mailing address of website.
B12, according to any described devices of B9-B11, wherein, the scan module specifically for:Receive and preserve in advance
The corresponding detection address in the website to be detected, is swept by the leak for selecting request corresponding with the hole scanner
Instrument is retouched to be scanned the corresponding detection address in the website to be detected.
B13, according to any described devices of B9-B12, wherein, described device further comprises:As a result feedback module, is fitted
In receiving and preserve the mailing address of the Hole Detection terminal in advance, and receive the result feedback that the website to be detected is sent
Information, the result feedback information is sent to the Hole Detection terminal for providing the hole scanner.
B14, the device according to B13, wherein, the display module is further used for:Show that the Hole Detection is whole
The corresponding value information of hole scanner provided is held, then the result feedback information is according to hole scanner correspondence
Value information determine.
B15, according to any described devices of B9-B14, wherein, the quantity of the website to be detected is multiple, and the leakage
The quantity of hole detection terminal is multiple.
B16, the device according to B9-B15 is any, wherein, the hole scanner is script plug-in unit.
The invention also discloses:C17, a kind of WEB vulnerability scanning systems, including:Any described leaks of above-mentioned B9-B16
Scanning means, the website to be detected and the Hole Detection terminal.
Claims (10)
1. a kind of WEB vulnerability scannings method, including:
The hole scanner of Hole Detection terminal offer is obtained and stores, wherein, the hole scanner is for specific
The expansible scanning tools that website vulnerability is write;
The leak type that the hole scanner that the Hole Detection terminal is provided is applicable is determined, shows that the Hole Detection is whole
The hole scanner provided and its applicable leak type are provided;
The hole scanner selection request that website to be detected is sent is obtained, it is determined that asking phase with hole scanner selection
Corresponding hole scanner;
The website to be detected is entered by the hole scanner for selecting request corresponding with the hole scanner
Row scanning.
2. according to the method described in claim 1, wherein, it is described to determine the hole scanner that the Hole Detection terminal is provided
After the step of leak type being applicable, further comprise step:The vulnerability scanning work provided for the Hole Detection terminal
Tool sets corresponding selection entrance, then shows the hole scanner and its applicable leak class of the Hole Detection terminal offer
During type, the selection entrance is further shown;
It is then described to receive the hole scanner selection request that website to be detected is sent, it is determined that being selected with the hole scanner
The step of asking corresponding hole scanner specifically includes:Obtain the leakage that website to be detected is sent by the selection entrance
Hole scanning tools selection request, is determined and the leak according to the corresponding relation between the selection entrance and hole scanner
The corresponding hole scanner of scanning tools selection request.
3. method according to claim 1 or 2, wherein, methods described further comprises step:Receive in advance and preserve institute
State the mailing address of website to be detected, then it is described to be swept by the leak for selecting request corresponding with the hole scanner
Retouch after the step of instrument is scanned to the website to be detected, further comprise:According to the communication of the website to be detected
Scanning result is sent to the website to be detected by address.
4. according to any described methods of claim 1-3, wherein, methods described further comprises step:Receive and protect in advance
Deposit the corresponding detection address in the website to be detected, then it is described by described corresponding with hole scanner selection request
Hole scanner specifically include the step of be scanned to the website to be detected:Pass through the described and vulnerability scanning
The instrument selection corresponding hole scanner of request is scanned to the corresponding detection address in the website to be detected.
5. according to any described methods of claim 1-4, wherein, methods described further comprises step:Receive and protect in advance
The mailing address of the Hole Detection terminal is deposited, then scanning result is sent to by institute according to the mailing address of the website to be detected
After the step of stating website to be detected, further comprise step:
The result feedback information that the website to be detected is sent is received, the result feedback information is sent to the offer leak
The Hole Detection terminal of scanning tools.
6. method according to claim 5, wherein, methods described further comprises:
The corresponding value information of hole scanner that the Hole Detection terminal is provided is received and shown in advance, then the result
Feedback information is determined according to the corresponding value information of the hole scanner.
7. according to any described methods of claim 1-6, wherein, the quantity of the website to be detected is multiple, and the leakage
The quantity of hole detection terminal is multiple.
8. according to any described methods of claim 1-7, wherein, the hole scanner is script plug-in unit.
9. a kind of WEB vulnerability scanners, including:
First acquisition module, the hole scanner suitable for obtaining and storing the offer of Hole Detection terminal, wherein, the leak is swept
The instrument of retouching is the expansible scanning tools write for specific website leak;
First determining module, is adapted to determine that the leak type that the hole scanner that the Hole Detection terminal is provided is applicable;
Display module, hole scanner and its applicable leak type suitable for showing the Hole Detection terminal offer;
Second acquisition module, the hole scanner sent suitable for obtaining website to be detected selects request;
Second determining module, is adapted to determine that the hole scanner corresponding with hole scanner selection request;
Scan module, suitable for selecting the corresponding hole scanner of request with the hole scanner to described by described
Website to be detected is scanned.
10. a kind of WEB vulnerability scanning systems, including:Vulnerability scanner, the survey grid to be checked described in the claims 9
Stand and the Hole Detection terminal.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611246376.6A CN107046527B (en) | 2016-12-29 | 2016-12-29 | WEB vulnerability scanning method, device and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611246376.6A CN107046527B (en) | 2016-12-29 | 2016-12-29 | WEB vulnerability scanning method, device and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107046527A true CN107046527A (en) | 2017-08-15 |
CN107046527B CN107046527B (en) | 2020-12-08 |
Family
ID=59542974
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611246376.6A Active CN107046527B (en) | 2016-12-29 | 2016-12-29 | WEB vulnerability scanning method, device and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107046527B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109165505A (en) * | 2018-06-29 | 2019-01-08 | 重庆小雨点小额贷款有限公司 | A kind of the security sweep method, apparatus and security sweep server of data |
CN111124841A (en) * | 2019-12-09 | 2020-05-08 | 广州品唯软件有限公司 | Abnormal page alarming method and device and computer system |
CN112580053A (en) * | 2020-10-28 | 2021-03-30 | 西安四叶草信息技术有限公司 | Vulnerability scanning method and device |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102789502A (en) * | 2012-07-17 | 2012-11-21 | 北京奇虎科技有限公司 | Method and device for scanning website |
US20140082729A1 (en) * | 2012-09-19 | 2014-03-20 | Estsecurity Co., Ltd. | System and method for analyzing repackaged application through risk calculation |
CN103685290A (en) * | 2013-12-19 | 2014-03-26 | 南京理工大学连云港研究院 | Vulnerability scanning system based on GHDB |
CN105991554A (en) * | 2015-02-04 | 2016-10-05 | 阿里巴巴集团控股有限公司 | Vulnerability detection method and equipment |
-
2016
- 2016-12-29 CN CN201611246376.6A patent/CN107046527B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102789502A (en) * | 2012-07-17 | 2012-11-21 | 北京奇虎科技有限公司 | Method and device for scanning website |
US20140082729A1 (en) * | 2012-09-19 | 2014-03-20 | Estsecurity Co., Ltd. | System and method for analyzing repackaged application through risk calculation |
CN103685290A (en) * | 2013-12-19 | 2014-03-26 | 南京理工大学连云港研究院 | Vulnerability scanning system based on GHDB |
CN105991554A (en) * | 2015-02-04 | 2016-10-05 | 阿里巴巴集团控股有限公司 | Vulnerability detection method and equipment |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109165505A (en) * | 2018-06-29 | 2019-01-08 | 重庆小雨点小额贷款有限公司 | A kind of the security sweep method, apparatus and security sweep server of data |
CN111124841A (en) * | 2019-12-09 | 2020-05-08 | 广州品唯软件有限公司 | Abnormal page alarming method and device and computer system |
CN111124841B (en) * | 2019-12-09 | 2023-08-18 | 广州品唯软件有限公司 | Alarm method and device for abnormal page and computer system |
CN112580053A (en) * | 2020-10-28 | 2021-03-30 | 西安四叶草信息技术有限公司 | Vulnerability scanning method and device |
Also Published As
Publication number | Publication date |
---|---|
CN107046527B (en) | 2020-12-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104980309B (en) | website security detection method and device | |
CN103618717B (en) | The dynamic confirming method of more account client informations, device and system | |
CN104580104B (en) | The method, apparatus and system of authentication | |
EP3497609A1 (en) | Detecting scripted or otherwise anomalous interactions with social media platform | |
CN107896244B (en) | Version file distribution method, client and server | |
CN105099676B (en) | A kind of user login method, user terminal and server | |
CN107885995A (en) | The security sweep method, apparatus and electronic equipment of small routine | |
CN107247660A (en) | The method of testing and test device of a kind of interface | |
CN103220153B (en) | Cipher set-up method based on Quick Response Code and device, information system | |
CN107046527A (en) | WEB vulnerability scannings method, apparatus and system | |
CN109145585B (en) | Method and device for detecting weak password of website | |
CN108076056A (en) | Cloud server login method and device | |
CN106657096B (en) | WEB vulnerability detection method, device and system | |
CN112491874A (en) | Network asset management method and device and related equipment | |
CN110825705A (en) | Data set caching method and related device | |
CN105117340B (en) | URL detection methods and device for iOS browser application quality evaluations | |
US9923916B1 (en) | Adaptive web application vulnerability scanner | |
Pathirathna et al. | Security testing as a service with docker containerization | |
WO2018072733A1 (en) | Webpage security check method and device | |
US9268944B2 (en) | System and method for sampling based source code security audit | |
Subedi et al. | Secure paradigm for web application development | |
CN105553671B (en) | A kind of management method of digital certificate, apparatus and system | |
Simmons et al. | Designing and implementing cloud-based digital forensics hands-on labs | |
CN108664811A (en) | A kind of right management method and device | |
CN105512020B (en) | Test method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |