CN107046527A - WEB vulnerability scannings method, apparatus and system - Google Patents

WEB vulnerability scannings method, apparatus and system Download PDF

Info

Publication number
CN107046527A
CN107046527A CN201611246376.6A CN201611246376A CN107046527A CN 107046527 A CN107046527 A CN 107046527A CN 201611246376 A CN201611246376 A CN 201611246376A CN 107046527 A CN107046527 A CN 107046527A
Authority
CN
China
Prior art keywords
hole
website
scanner
detected
leak
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611246376.6A
Other languages
Chinese (zh)
Other versions
CN107046527B (en
Inventor
白健
葛珅
陈得福
韩钰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qihoo Technology Co Ltd
Beijing Qianxin Technology Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Beijing Qianxin Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd, Beijing Qianxin Technology Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201611246376.6A priority Critical patent/CN107046527B/en
Publication of CN107046527A publication Critical patent/CN107046527A/en
Application granted granted Critical
Publication of CN107046527B publication Critical patent/CN107046527B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Abstract

The invention discloses a kind of WEB vulnerability scannings method, apparatus and system, at least it can solve the problem that in the prior art because the time interval between the discovery and identification of leak is long and then makes the problem of network information security of Internet user is on the hazard.The WEB vulnerability scanning methods include:The hole scanner of Hole Detection terminal offer is obtained and stores, hole scanner is the expansible scanning tools write for specific website leak;The leak type that the hole scanner that Hole Detection terminal is provided is applicable is determined, hole scanner and its applicable leak type that displaying Hole Detection terminal is provided;The hole scanner selection request that website to be detected is sent is obtained, it is determined that the hole scanner corresponding with hole scanner selection request;Website to be detected is scanned by the hole scanner for selecting request corresponding with hole scanner.

Description

WEB vulnerability scannings method, apparatus and system
Technical field
The present invention relates to communication technical field, and in particular to a kind of WEB vulnerability scannings method, apparatus and system.
Background technology
At present, with the development of internet, the problem of inevitably being started a leak in web page program or website, hacker Corporate secret information and the personal information of Internet user etc. often are stolen using network hole, the information to internet is pacified Threaten entirely.
During the embodiment of the present invention is realized, inventor has found that at least there are the following problems in the prior art:At present, Discovery for leak is substantially to utilize scanning tools or hardware scanning equipment, but either scanning tools or hardware scanning Equipment, is all based on flow as " leak carries out analyze-extracting leak identification feature-become vulnerability scanning storehouse-upgrading ", It discovery leak is spent longer time to identification leak, such as often have the duration of 1 to 3 months even more The long time, and the attack based on leak is more and more in reality, often occurs due to being found to from leak between leak identification The problem of time difference is long and cause enterprise database to be dragged, user profile leakage event, to Internet user information pacify Cause very big risk entirely.
The content of the invention
In view of the above problems, it is proposed that the present invention so as to provide one kind overcome above mentioned problem or at least in part solve on State WEB vulnerability scannings method, the apparatus and system of problem.
According to an aspect of the invention, there is provided a kind of WEB vulnerability scannings method, including:Obtain and store leak inspection The hole scanner that terminal is provided is surveyed, wherein, the hole scanner is for expanding that specific website leak is write Open up scanning tools;The leak type that the hole scanner that the Hole Detection terminal is provided is applicable is determined, the leakage is shown Hole scanner and its applicable leak type that hole detection terminal is provided;Obtain the vulnerability scanning work that website to be detected is sent Tool selection request, it is determined that the hole scanner corresponding with hole scanner selection request;By it is described with it is described The corresponding hole scanner of hole scanner selection request is scanned to the website to be detected.
According to another aspect of the present invention there is provided a kind of WEB vulnerability scanners, including:First acquisition module, is suitable to The hole scanner of Hole Detection terminal offer is obtained and stores, wherein, the hole scanner is to be directed to specific website The expansible scanning tools that leak is write;First determining module, is adapted to determine that the leak that the Hole Detection terminal is provided is swept The leak type that the instrument of retouching is applicable;Display module, suitable for show hole scanner that the Hole Detection terminal provides and Its applicable leak type;Second acquisition module, the hole scanner sent suitable for obtaining website to be detected selects request;The Two determining modules, are adapted to determine that the hole scanner corresponding with hole scanner selection request;Scan module, is fitted The website to be detected is carried out in by the hole scanner for selecting request corresponding with the hole scanner Scanning.
In accordance with a further aspect of the present invention there is provided a kind of WEB vulnerability scanning systems, including any of the above-described described leak Scanning means, the website to be detected and the Hole Detection terminal.
In WEB vulnerability scannings method provided in an embodiment of the present invention, apparatus and system, obtain first and store leak inspection The hole scanner that terminal is provided is surveyed, wherein, hole scanner expansible is swept for what specific website leak was write Retouch instrument;It is then determined that the leak type that the hole scanner that Hole Detection terminal is provided is applicable, and show Hole Detection Hole scanner and its applicable leak type that terminal is provided;The hole scanner that website to be detected is sent is obtained simultaneously Selection request, it is determined that the hole scanner corresponding with hole scanner selection request;Finally by with vulnerability scanning work The corresponding hole scanner of tool selection request is scanned to the website to be detected.As can be seen here, the present invention is solved Because the time interval between the discovery and identification of leak is long and then the network information security of Internet user is on the hazard The problem of there is provided a kind of WEB vulnerability scannings scheme, maintain the safety of the network information of Internet user.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention, And can be practiced according to the content of specification, and in order to allow above and other objects of the present invention, feature and advantage can Become apparent, below especially exemplified by the embodiment of the present invention.
Brief description of the drawings
By reading the detailed description of hereafter preferred embodiment, various other advantages and benefit is common for this area Technical staff will be clear understanding.Accompanying drawing is only used for showing the purpose of preferred embodiment, and is not considered as to the present invention Limitation.And in whole accompanying drawing, identical part is denoted by the same reference numerals.In the accompanying drawings:
Fig. 1 shows a kind of flow chart for WEB vulnerability scannings method that one embodiment of the invention is provided;
Fig. 2 shows a kind of flow chart for WEB vulnerability scannings method that another specific embodiment of the invention is provided;
Fig. 3 shows a kind of structured flowchart for WEB vulnerability scanners that one embodiment of the invention is provided;
Fig. 4 shows a kind of structured flowchart for WEB vulnerability scanners that another specific embodiment of the invention is provided;
Fig. 5 shows a kind of structured flowchart for WEB vulnerability scanning systems that further embodiment of the present invention is provided.
Fig. 6 shows a kind of structured flowchart for WEB vulnerability scanning systems that another specific embodiment of the invention is provided.
Embodiment
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although illustrating the disclosure in accompanying drawing Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here Limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure Complete conveys to those skilled in the art.
Fig. 1 shows a kind of flow chart for WEB vulnerability scannings method that one embodiment of the invention is provided.As shown in figure 1, This method comprises the following steps:
Step S110:The hole scanner of Hole Detection terminal offer is obtained and stores, wherein, hole scanner is The expansible scanning tools write for specific website leak.
Specifically, Hole Detection terminal can write corresponding expansible sweep for the leak type of specific website leak Instrument is retouched, such as writing vulnerability scanning script, for carrying out vulnerability scanning for specific leak type.In the present embodiment In, Hole Detection terminal can be multiple., can be in webpage circle when obtaining the hole scanner that Hole Detection terminal is provided One submission entrance on above-mentioned hole scanner is set in face, obtained by the submission entrance in Hole Detection terminal The hole scanner of biography, and acquired hole scanner is stored.
Step S120:The leak type that the hole scanner that Hole Detection terminal is provided is applicable is determined, leak is shown The hole scanner and its applicable leak type of terminal offer are provided.
Specifically, after obtaining and the hole scanner of Hole Detection terminal offer is provided, leak is further determined that The leak type that scanning tools are applicable, then shows the leakage that Hole Detection terminal is provided according to determination result in web interface Hole scanning tools and the leak type suitable for above-mentioned hole scanner, for being treated in subsequent step (correspondence step S130) Detection website can be selected hole scanner according to above-mentioned exhibition information.
Step S130:The hole scanner selection request that website to be detected is sent is obtained, it is determined that and hole scanner The corresponding hole scanner of selection request.
Specifically, website to be detected is to need the manufacturer, the net of enterprise that are detected to own website leak in internet Stand, in the present embodiment, object to be detected can be multiple.Hole scanner selection request is website to be detected according to certainly The request that the characteristics of body website vulnerability sends, wherein the information such as leak type of own website leak comprising website to be detected. When obtaining the hole scanner selection request that website to be detected is sent, one can be set in web interface on above-mentioned The request entrance of hole scanner selection request, the vulnerability scanning that website to be detected is sent is obtained by above-mentioned request entrance Instrument selection request, and according to information and steps such as the leak types included in the selection request of the hole scanner of above-mentioned acquisition The leak type that the hole scanner that rapid S120 is determined is applicable, it is determined that the leakage corresponding with hole scanner selection request Hole scanning tools.Wherein, the vulnerability scanning that above-mentioned hole scanner provides for the Hole Detection terminal that is stored in step S110 Instrument.
Step S140:Website to be detected is entered by the hole scanner for selecting request corresponding with hole scanner Row scanning.
Specifically, after it is determined that selecting the corresponding hole scanner of request with hole scanner, by above-mentioned The hole scanner of determination carries out vulnerability scanning to website to be detected, and is tied according to the corresponding scanning of above-mentioned scanning process generation Really, scanning result is then sent to corresponding website to be detected, so that website to be detected is found certainly in time according to scanning result Vulnerability information in body website.
As can be seen here, in WEB vulnerability scannings method provided in an embodiment of the present invention, obtain first and store Hole Detection end The hole scanner provided is provided, wherein, hole scanner is the expansible scanning work write for specific website leak Tool;It is then determined that the leak type that the hole scanner that Hole Detection terminal is provided is applicable, and show Hole Detection terminal The hole scanner of offer and its applicable leak type;The hole scanner selection that website to be detected is sent is obtained simultaneously Request, it is determined that the hole scanner corresponding with hole scanner selection request;Selected finally by with hole scanner Select and ask corresponding hole scanner to be scanned the website to be detected.Therefore, the present invention is solved due to leak Discovery and identification between time interval it is long and then make the problem of network information security of Internet user is on the hazard, have Effect shorten leak find and leak identification between time interval there is provided a kind of WEB vulnerability scannings scheme, improve confrontation The ability of leak.
Fig. 2 shows a kind of flow chart for WEB vulnerability scannings method that another specific embodiment of the invention is provided.As schemed Shown in 2, this method comprises the following steps:
Step S210:Receive in advance and preserve the mailing address of website to be detected, the corresponding detection address in website to be detected And the mailing address of Hole Detection terminal.
Specifically, website to be detected is to need manufacturer, enterprise for being detected to its website vulnerability information etc. in internet Website, and object to be detected quantity to be multiple.Hole Detection terminal can be compiled for the type of specific website leak The terminal of corresponding hole scanner is write, and the quantity of Hole Detection terminal is also multiple.Receiving and preserving to be detected During the mailing address of the mailing address of website, the corresponding detection address in website to be detected and Hole Detection terminal, it can set One information registration procedure, passes through above- mentioned information registration process typing website to be detected and the mailing address of Hole Detection terminal Information, detection address information etc..Wherein, the mailing address of website to be detected and Hole Detection terminal can for email address or Person is for specific contact account address set by each website to be detected and Hole Detection terminal etc., website pair to be detected The detection address answered can be chained address for being included in the address of website homepage of website to be detected, website etc..
Step S220:The hole scanner of Hole Detection terminal offer is obtained and stores, hole scanner is to be directed to The expansible scanning tools that specific website leak is write.
Specifically, pair that hole scanner is write by Hole Detection terminal for the leak type of specific website leak The expansible scanning tools answered, the instrument can carry out vulnerability scanning for specific leak type.In the present embodiment, leak Script plug-in unit of the scanning tools particularly for vulnerability scanning.When obtaining the hole scanner that Hole Detection terminal is provided, One submission entrance on above-mentioned hole scanner can be set in web interface, obtained Lou by the submission entrance The hole scanner that hole detection terminal is uploaded, for example, a submitting button can be set in web interface, is leaked by responding The associative operation (such as clicking operation) that the above-mentioned submitting button of hole detection terminal-pair is carried out uploads to obtain Hole Detection terminal Hole scanner and acquired hole scanner is stored.Also, further, obtaining and storing leak Detect after the hole scanner that terminal is provided, can also further receive and show that the leak that Hole Detection terminal is provided is swept The corresponding value information of instrument is retouched, for the leak that can be provided in subsequent step (correspondence step S270) Hole Detection terminal The corresponding value information of scanning tools is determined.
Step S230:The leak type that the hole scanner that Hole Detection terminal is provided is applicable is determined, leak is shown The hole scanner and its applicable leak type of terminal offer are provided.
Specifically, after obtaining and the hole scanner of Hole Detection terminal offer is provided, leak is further determined that The leak type that scanning tools are applicable, then shows the leakage that Hole Detection terminal is provided according to determination result in web interface Hole scanning tools and the leak type suitable for above-mentioned hole scanner, so as in subsequent step (correspondence step S240) Website to be detected can be selected hole scanner according to above-mentioned exhibition information.Wherein, it is determined that vulnerability scanning work Used in tool during leak type, the leak application type information that can be provided by Hole Detection terminal determines leak class Type, the information that be included of hole scanner that can also be provided for Hole Detection terminal determine leak type, specific real The determination mode of its in applying can flexibly be selected by those skilled in the art, and the present invention is not limited this.
When showing the hole scanner and its applicable leak type that Hole Detection terminal is provided, it will directly can leak The hole scanner and its applicable leak type that hole detection terminal is provided carry out exhibition to all users of vulnerability scanning platform Show.Or, in order to improve the privacy and specific aim of information, a displaying authority selection window, Hole Detection can also be set Terminal screens website to be detected by being configured to realize to the displaying rights parameters included in displaying authority selection window Purpose, and show the hole scanner and its applicable that the Hole Detection terminal is provided only for the website to be detected filtered out Leak type.For example, the displaying rights parameters included in displaying authority selection window can include:Standard rights parameter, safety Rights parameters and open rights parameters etc..Wherein, when showing in authority selection window comprising security permission parameter, show The hole scanner that the Hole Detection terminal is provided be only oriented to predetermined number by certification, the website that security is higher enters Row displaying;When showing in authority selection window comprising open rights parameters, show that the leak that the Hole Detection terminal is provided is swept Instrument is retouched to be shown towards all websites;When showing in authority selection window comprising standard rights parameter, show the leakage The hole scanner that hole detection terminal is provided is shown towards most popular websites.The exhibition method of its in specific implementation can be by Those skilled in the art are flexibly selected, and the present invention is not limited this.For example, the displaying power included in displaying authority selection window Parameter is limited in addition to can be according to security classification, can also be divided according to the Type of website.
Step S240:Corresponding selection entrance is set for the hole scanner that Hole Detection terminal is provided and shown above-mentioned Select entrance.
Specifically, it is determined that after the leak type that is applicable of hole scanner that Hole Detection terminal is provided, to be upper State hole scanner and corresponding selection entrance be set, can for example be set in webpage one it is corresponding select entrance button or Person selects portal page, and the selection entrance of above-mentioned setting is illustrated in corresponding Webpage, for subsequent step (correspondence Step S250) in the hole scanner that website to be detected sends received by above-mentioned set selection entrance select to ask.
Step S250:The hole scanner selection request that website to be detected is sent is obtained, it is determined that and hole scanner The corresponding hole scanner of selection request.
Specifically, hole scanner selection request is asking that website to be detected is sent according to the characteristics of own website leak Ask, wherein the information such as leak type of own website leak comprising website to be detected.Obtaining the leakage that website to be detected is sent During the scanning tools selection request of hole, above-mentioned request is obtained by the selection entrance set in step S240.It is determined that and leak When corresponding hole scanner is asked in scanning tools selection, wrapped according in the selection request of the hole scanner of above-mentioned acquisition The leak type that the hole scanner determined in the information such as the leak type contained and step S230 is applicable, it is determined that and leak The corresponding hole scanner of scanning tools selection request.
Step S260:Website to be detected is entered by the hole scanner for selecting request corresponding with hole scanner Row scanning, and scanning result is sent to by website to be detected according to the mailing address of website to be detected.
Specifically, when being scanned using Hole Detection instrument to website to be detected, by being selected with hole scanner Select and ask corresponding hole scanner to be scanned the corresponding detection address in website to be detected, and given birth to by above-mentioned scanning Into corresponding scanning result, then by the mailing address of website to be detected that is preserved in step S210 by above-mentioned scanning result It is sent to website to be detected.Wherein, vulnerability information corresponding with the website to be detected is included in above-mentioned scanning result.Also, When generating corresponding scanning result, the severity level of the vulnerability information included in scanning result can also be classified, example Such as, the scanning result of vulnerability information according to the order of seriousness from high to low can be divided into high-risk rank, middle danger rank, low danger These three grades of rank, then it is determined that during scanning result, scanning result correspondence can be defined as into above three grade, to realize Sent to website to be detected after scanning result, remind and inform the purpose of the security of its vulnerability information of website to be detected;Or, Above-mentioned scanning result can not also be classified, scanning result is directly sent to website to be detected, to realize to be detected Website shows the purpose of corresponding scanning result.
Step S270:The result feedback information that website to be detected is sent is received, result feedback information is sent to offer leakage The Hole Detection terminal of hole scanning tools.
Wherein, as a result feedback information is determined according to the corresponding value information of hole scanner.That is, result is fed back Include the information confirmed to the corresponding value information of hole scanner in information, receive result feedback information it Afterwards, the above results feedback information is sent to Hole Detection terminal, for Hole Detection terminal according to the value information of confirmation more It is new itself to comment grading information.Specifically, website to be detected is tied after scanning result is received to above-mentioned scanning result Fruit confirms, and further sends corresponding result feedback information according to confirmation result.Wherein, because scanning result is by leak The hole scanner that detection terminal is submitted is scanned what is submitted afterwards, and centre may have some error messages or simultaneously Not necessarily meet the situation the need for website to be detected, it is therefore desirable to correctness and validity of the website to be detected to vulnerability information Verified, to further ensure that the correctness and validity of vulnerability information, and send corresponding result feedback after verification Information.After the result feedback information that website to be detected is sent is received, the above results feedback information is sent to offer leakage The Hole Detection terminal of hole scanning tools, so that Hole Detection terminal updates the letter such as scoring of itself according to the value information of confirmation Breath.
Pass through the method in the embodiment of the present invention, it is possible to achieve following beneficial effect:
The present invention can be shortened the time difference that leak is found and leak is recognized by 1 to 3 months (or even longer time) To 1 day even within several hours, and can be customized according to the requirement of user, solve user need it is high-quality and The quick demand for finding website vulnerability, drastically increases the ability resisted with leak.
The invention provides it is a kind of can the scanning engine based on script plug-in extension scan capability, based on the engine, only Corresponding script plug-in unit is write, the ability for the vulnerability scanning that can just upgrade immediately, without carrying out special collection action, i.e.,: Only need to write corresponding script plug-in unit in the present invention, the mesh thus, it is possible to realize the ability of upgrading vulnerability scanning immediately , and special collection action need not be carried out during it;On the other hand, the present invention can be leakage using Hole Detection terminal Hole provides script plug-in unit, the ability for enabling hole scanner to keep Real time identification leak, when improving hole scanner Effect property and availability.
As can be seen here, in WEB vulnerability scannings method provided in an embodiment of the present invention, receive in advance first and preserve to be checked The mailing address of the mailing address at survey grid station, the corresponding detection address in website to be detected and Hole Detection terminal, is then obtained And the hole scanner of Hole Detection terminal offer is provided, wherein, hole scanner is compiled for specific website leak The expansible scanning tools write;The leak class that the hole scanner that Hole Detection terminal is provided is applicable is determined after this Type, and the hole scanner and its applicable leak type of the offer of Hole Detection terminal are provided, and carried for Hole Detection terminal The hole scanner of confession sets corresponding selection entrance and shows above-mentioned selection entrance;And further obtain website hair to be detected The hole scanner selection request sent, it is determined that the hole scanner corresponding with hole scanner selection request, then By selecting the corresponding hole scanner of request to be scanned to website to be detected and to be detected with hole scanner Website sends scanning result, finally receives the result feedback information that website to be detected is sent, result feedback information is sent to and carried For the Hole Detection terminal of hole scanner.Therefore, the present invention solves the time between the discovery and identification due to leak The problem of interval network information security that is long and then making Internet user is on the hazard, effectively shortens leak and finds and leak Time interval between identification, can accomplish the processing of real-time to the discovery and identification of leak, improve confrontation leak Ability.
Fig. 3 shows a kind of structured flowchart for WEB vulnerability scanners that one embodiment of the invention is provided.Such as Fig. 3 institutes Show, the device includes:First acquisition module 31, the first determining module 32, display module 33, the second acquisition module 34, second are true Cover half block 35 and scan module 36.
First acquisition module 31 is suitable to the hole scanner for obtaining and storing the offer of Hole Detection terminal, wherein, it is described Hole scanner is the expansible scanning tools write for specific website leak.
Specifically, Hole Detection terminal can write corresponding expansible sweep for the leak type of specific website leak Instrument is retouched, such as writing vulnerability scanning script, for carrying out vulnerability scanning for specific leak type.In the present embodiment In, Hole Detection terminal can be multiple.First acquisition module 31 is obtaining the hole scanner that Hole Detection terminal is provided When, a submission entrance on above-mentioned hole scanner can be set in web interface, obtained by the submission entrance The hole scanner for taking Hole Detection terminal to upload, and acquired hole scanner is stored.
First determining module 32 is adapted to determine that the leak type that the hole scanner that Hole Detection terminal is provided is applicable.
Specifically, after the first acquisition module 31 obtains and stored the hole scanner that Hole Detection terminal is provided, Determining module 32 further determines that the leak type that hole scanner is applicable.Then it will determine that result is sent to display module 33。
Display module 33 is suitable to hole scanner and its applicable leak type that displaying Hole Detection terminal is provided;
Specifically, after display module 33 receives the determination result of the transmission of determining module 32, exist according to determination result The hole scanner and the leak suitable for above-mentioned hole scanner of Hole Detection terminal offer are provided in web interface Type.
Second acquisition module 34 is suitable to obtain the hole scanner selection request that website to be detected is sent.Specifically, treat Detection website is to need manufacturer, website of enterprise for being detected to own website leak etc. in internet, in the present embodiment, Object to be detected can be multiple.Hole scanner selection request is sent out for website to be detected according to the characteristics of own website leak The request sent, wherein the information such as leak type of own website leak comprising website to be detected.Second acquisition module 34 is being obtained During the hole scanner selection request for taking website to be detected to send, one can be set in web interface on above-mentioned leak The request entrance of scanning tools selection request, the hole scanner that website to be detected is sent is obtained by above-mentioned request entrance Selection request.
Second determining module 35 is adapted to determine that the hole scanner corresponding with hole scanner selection request.
Specifically, after the second acquisition module 34 obtains the hole scanner selection request that website to be detected is sent, Second determining module 35 selects in request the information such as leak type for including and the according to the hole scanner of above-mentioned acquisition The leak type that the hole scanner determined in one determining module 32 is applicable, it is determined that asking phase with hole scanner selection Corresponding hole scanner.
Scan module 36 is suitable to treat to described by the hole scanner for selecting request corresponding with hole scanner Detection website is scanned.
Specifically, the hole scanner corresponding with hole scanner selection request is determined in the second determining module 35 Afterwards, scan module 36 carries out vulnerability scanning by the hole scanner of above-mentioned determination to website to be detected, and according to above-mentioned Scanning process generates corresponding scanning result, scanning result then is sent into corresponding website to be detected, for survey grid to be checked Stand the vulnerability information found in time according to scanning result in own website.
As can be seen here, in WEB vulnerability scanners provided in an embodiment of the present invention, the first acquisition module 31 is passed through first The hole scanner of Hole Detection terminal offer is obtained and stores, wherein, hole scanner is to be directed to specific website leak The expansible scanning tools write;Then the vulnerability scanning work that Hole Detection terminal is provided is determined by the first determining module 32 Have the leak type being applicable, and the hole scanner of Hole Detection terminal offer is shown by display module 33 and its is applicable Leak type;The hole scanner selection request that website to be detected is sent is obtained by the second acquisition module 34 simultaneously, and The hole scanner corresponding with hole scanner selection request is determined by the second determining module 35;Finally by scanning Module 36 is scanned by the hole scanner for selecting request corresponding with hole scanner to the website to be detected. Therefore, the time interval between the discovery and identification of the invention solved due to leak is long and then makes the network of Internet user The problem of information security is on the hazard, effectively shorten leak find and leak identification between time interval there is provided one kind WEB vulnerability scanning schemes, improve the ability of confrontation leak.
Fig. 4 shows a kind of structured flowchart for WEB vulnerability scanners that another specific embodiment of the invention is provided.Such as Shown in Fig. 4, the device includes:First receives and obtains the 41, first determining module 42, display module 43, the second acquisition module 44, the Two connect determining module 45 and scan module 46, sending module 47 and result feedback module 48.
First acquisition module 41 is suitable to the hole scanner for obtaining and storing the offer of Hole Detection terminal, wherein, it is described Hole scanner is the expansible scanning tools write for specific website leak.
Specifically, pair that hole scanner is write by Hole Detection terminal for the leak type of specific website leak The expansible scanning tools answered, the instrument can carry out vulnerability scanning for specific leak type.In the present embodiment, leak Script plug-in unit of the scanning tools particularly for vulnerability scanning.The leakage that Hole Detection terminal is provided is obtained in the first acquisition module 41 During the scanning tools of hole, a submission entrance on above-mentioned hole scanner can be set in web interface, carried by this Hand over entrance to obtain the hole scanner of Hole Detection terminal upload, for example, a submission can be set in web interface Button, is obtained Lou by responding the associative operation (such as clicking operation) of the above-mentioned submitting button progress of Hole Detection terminal-pair The hole scanner of hole detection terminal upload is simultaneously stored acquired hole scanner.
First determining module 42 is adapted to determine that the leak type that the hole scanner that Hole Detection terminal is provided is applicable.
Specifically, after the first acquisition module 41 obtains and stored the hole scanner that Hole Detection terminal is provided, First determining module 42 further determines that the leak type that hole scanner is applicable, and then will determine that result is sent to displaying Module 43.With wherein, it is determined that during leak type used in hole scanner, can be provided by Hole Detection terminal Leak application type information come determine leak type, can also for Hole Detection terminal provide hole scanner be included Information determine leak type, the determination mode of its in specific implementation can flexibly select by those skilled in the art, and the present invention is right This is not limited.
Display module 43 is suitable to the hole scanner and its applicable leak class for showing that the Hole Detection terminal is provided Type.
Display module 43, can when showing the hole scanner and its applicable leak type that Hole Detection terminal is provided With the hole scanner for directly providing Hole Detection terminal and its applicable leak type owning to vulnerability scanning platform User is shown.Or, in order to improve the privacy and specific aim of information, a displaying authority selection window can also be set Mouthful, Hole Detection terminal to the displaying rights parameters included in displaying authority selection window by being configured to realize that screening is treated The purpose of website is detected, and the hole scanner that the Hole Detection terminal is provided is shown only for the website to be detected filtered out And its applicable leak type.For example, the displaying rights parameters included in displaying authority selection window can include:Standard rights Parameter, security permission parameter and open rights parameters etc..Wherein, join when in displaying authority selection window comprising security permission Number when, show the Hole Detection terminal provide hole scanner be only oriented to predetermined number by certification, security compared with High website is shown;When showing in authority selection window comprising open rights parameters, show that the Hole Detection terminal is carried The hole scanner of confession is shown towards all websites;Standard rights parameter is included in authority selection window when showing When, show that the hole scanner that the Hole Detection terminal is provided is shown towards most popular websites.Its in specific implementation Exhibition method can flexibly be selected by those skilled in the art, and the present invention is not limited this.For example, in displaying authority selection window Comprising displaying rights parameters in addition to can be according to security classification, can also be divided according to the Type of website.
Second acquisition module 44 is suitable to obtain the hole scanner selection request that website to be detected is sent.
Specifically, hole scanner selection request is asking that website to be detected is sent according to the characteristics of own website leak Ask, wherein the information such as leak type of own website leak comprising website to be detected.Second acquisition module 44 is obtaining to be checked During the hole scanner selection request that survey grid station is sent, above-mentioned ask is obtained by the selection entrance set in Webpage Ask.
Second determining module 45 determines the hole scanner corresponding with hole scanner selection request.
Second determining module 45 when it is determined that selecting request corresponding hole scanner with hole scanner, according to Information and first determinations such as the leak type included in the hole scanner selection request obtained in the second acquisition module 44 The leak type that the hole scanner determined in module 42 is applicable, it is determined that corresponding with hole scanner selection request Hole scanner.
Scan module 46 is suitable to treat to described by the hole scanner for selecting request corresponding with hole scanner Detection website is scanned.
Specifically, scan module 46 using Hole Detection instrument to website to be detected when being scanned, by with leak The corresponding hole scanner of scanning tools selection request is scanned to the corresponding detection address in website to be detected, and is passed through Above-mentioned scanning generates corresponding scanning result, and then scanning result is sent to sending module 47.Wherein, wrapped in above-mentioned scanning result Contain vulnerability information corresponding with the website to be detected.Also, can also be to scanning result when generating corresponding scanning result In the severity level of vulnerability information that includes classified, for example, can by the scanning result of vulnerability information according to seriousness from High to Low order is divided into high-risk rank, middle danger rank, low these three grades of danger rank, then it is determined that during scanning result, can be with Scanning result correspondence is defined as above three grade, is sent with realizing to website to be detected after scanning result, is reminded and inform The purpose of the security of its vulnerability information of website to be detected;Or, above-mentioned scanning result can not also be classified, directly will Scanning result is sent to website to be detected, to realize the purpose that corresponding scanning result is shown to website to be detected.
Sending module 47 is suitable to the mailing address for receiving and preserving the website to be detected in advance, and according to described to be detected Scanning result is sent to the website to be detected by the mailing address of website.
Specifically, sending module 47 is when receiving the scanning result of the transmission of scan module 46, according to receiving and protect in advance Above-mentioned scanning result is sent to website to be detected by the mailing address for the website to be detected deposited.
As a result feedback module 48 is suitable to the mailing address for receiving and preserving the Hole Detection terminal in advance, and receives described The result feedback information that website to be detected is sent, the result feedback information is sent to the leakage for providing the hole scanner Detect terminal in hole.
Wherein, as a result feedback information is determined according to the corresponding value information of hole scanner.That is, result is fed back Include the information confirmed to the corresponding value information of hole scanner in information, received in result feedback module 48 As a result after feedback information, the above results feedback information is sent to Hole Detection terminal, so that Hole Detection terminal is according to really What the value information recognized updated itself comments grading information.
As can be seen here, in WEB vulnerability scanners provided in an embodiment of the present invention, receive in advance first and preserve to be checked The mailing address of the mailing address at survey grid station, the corresponding detection address in website to be detected and Hole Detection terminal, then passes through First acquisition module 41 obtains and stores the hole scanner of Hole Detection terminal offer, wherein, hole scanner is pin The expansible scanning tools write to specific website leak;Determine that Hole Detection is whole by the first determining module 42 after this The leak type that the hole scanner that end is provided is applicable, and the leakage that Hole Detection terminal is provided is shown by display module 43 Hole scanning tools and its applicable leak type, and the hole scanner provided for Hole Detection terminal sets corresponding selection Entrance simultaneously shows above-mentioned selection entrance;And the vulnerability scanning that website to be detected is sent further is obtained by the second acquisition module 44 Instrument selection request, then determines the vulnerability scanning corresponding with hole scanner selection request by the second determining module 45 Instrument, and by scan module 46 by selecting the corresponding hole scanner of request to net to be detected with hole scanner Station is scanned, and sends scanning result to by the website to be detected of sending module 47, is connect finally by result feedback module 48 The result feedback information that website to be detected is sent is received, result feedback information is sent to the Hole Detection for providing hole scanner Terminal.Therefore, the time interval between the discovery and identification of the invention solved due to leak is long and then makes Internet user Network information security the problem of be on the hazard, effectively shorten leak and find time interval between leak identification, can The processing of real-time is accomplished in discovery and identification to leak, improves the ability of confrontation leak.
Fig. 5 shows a kind of structured flowchart for WEB vulnerability scanning systems 500 that further embodiment of the present invention is provided.Such as Shown in Fig. 5, the WEB vulnerability scanning systems include above-mentioned Fig. 3 shown in WEB vulnerability scanners 50, website to be detected 57 and Hole Detection terminal 58, wherein, WEB vulnerability scanners 50 are specifically included:First acquisition module 51, the first determining module 52, Display module 53, the second acquisition module 54, the second determining module 55 and scan module 56.Website 57 to be detected and leak inspection The concrete structure and operation principle for surveying terminal 58 can refer to the description of corresponding steps in embodiment of the method, and here is omitted.
Fig. 6 shows a kind of structured flowchart for WEB vulnerability scanning systems that another specific embodiment of the invention is provided.Such as Shown in Fig. 6, the WEB vulnerability scanning systems include above-mentioned Fig. 4 shown in WEB vulnerability scanners 60, website to be detected 69 and Hole Detection terminal 60, wherein, WEB vulnerability scanners 60 are specifically included:First the 61, first determining module 62 of reception acquisition, Display module 63, the second acquisition module 64, second connect determining module 65 and scan module 66, sending module 67 and result are anti- Present module 68.The concrete structure and operation principle of website 69 to be detected and Hole Detection terminal 60 can refer in embodiment of the method The description of corresponding steps, here is omitted.
Algorithm and displaying be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein. Various general-purpose systems can also be used together with based on teaching in this.As described above, construct required by this kind of system Structure be obvious.In addition, the present invention is not also directed to any certain programmed language.It is understood that, it is possible to use it is various Programming language realizes the content of invention described herein, and the description done above to language-specific is to disclose this hair Bright preferred forms.
In the specification that this place is provided, numerous specific details are set forth.It is to be appreciated, however, that the implementation of the present invention Example can be put into practice in the case of these no details.In some instances, known method, structure is not been shown in detail And technology, so as not to obscure the understanding of this description.
Similarly, it will be appreciated that in order to simplify the disclosure and help to understand one or more of each inventive aspect, exist Above in the description of the exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect following intention:It is i.e. required to protect The application claims of shield features more more than the feature being expressly recited in each claim.More precisely, such as following Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore, Thus the claims for following embodiment are expressly incorporated in the embodiment, wherein each claim is in itself All as the separate embodiments of the present invention.
Those skilled in the art, which are appreciated that, to be carried out adaptively to the module in the equipment in embodiment Change and they are arranged in one or more equipment different from the embodiment.Can be the module or list in embodiment Member or component be combined into a module or unit or component, and can be divided into addition multiple submodule or subelement or Sub-component.In addition at least some in such feature and/or process or unit exclude each other, it can use any Combination is disclosed to all features disclosed in this specification (including adjoint claim, summary and accompanying drawing) and so to appoint Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification (including adjoint power Profit is required, summary and accompanying drawing) disclosed in each feature can or similar purpose identical, equivalent by offer alternative features come generation Replace.
Although in addition, it will be appreciated by those of skill in the art that some embodiments described herein include other embodiments In included some features rather than further feature, but the combination of the feature of be the same as Example does not mean in of the invention Within the scope of and form different embodiments.For example, in the following claims, times of embodiment claimed One of meaning mode can be used in any combination.
The present invention all parts embodiment can be realized with hardware, or with one or more processor run Software module realize, or realized with combinations thereof.It will be understood by those of skill in the art that can use in practice Microprocessor or digital signal processor (DSP) realize one in WEB vulnerability scanning equipments according to embodiments of the present invention The some or all functions of a little or whole parts.The present invention is also implemented as performing method as described herein Some or all equipment or program of device (for example, computer program and computer program product).It is such to realize The program of the present invention can be stored on a computer-readable medium, or can have the form of one or more signal.This The signal of sample can be downloaded from internet website and obtained, and either provided or carried in any other form on carrier signal For.
It should be noted that the present invention will be described rather than limits the invention for above-described embodiment, and ability Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims, Any reference symbol between bracket should not be configured to limitations on claims.Word "comprising" is not excluded the presence of not Element or step listed in the claims.Word "a" or "an" before element does not exclude the presence of multiple such Element.The present invention can be by means of including the hardware of some different elements and coming real by means of properly programmed computer It is existing.In if the unit claim of equipment for drying is listed, several in these devices can be by same hardware branch To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and run after fame Claim.
The invention discloses:A1, a kind of WEB vulnerability scannings method, including:
The hole scanner of Hole Detection terminal offer is obtained and stores, wherein, the hole scanner is to be directed to The expansible scanning tools that specific website leak is write;
The leak type that the hole scanner that the Hole Detection terminal is provided is applicable is determined, the leak inspection is shown Survey hole scanner and its applicable leak type that terminal is provided;
The hole scanner selection request that website to be detected is sent is obtained, it is determined that please with hole scanner selection Seek corresponding hole scanner;
By the hole scanner corresponding with hole scanner selection request to the survey grid to be checked Station is scanned.
A2, the method according to A1, wherein, it is described to determine the hole scanner institute that the Hole Detection terminal is provided After the step of applicable leak type, further comprise step:The hole scanner provided for the Hole Detection terminal Corresponding selection entrance is set, then the hole scanner and its applicable leak type of the Hole Detection terminal offer are provided When, further show the selection entrance;
It is then described to receive the hole scanner selection request that website to be detected is sent, it is determined that with the hole scanner The step of corresponding hole scanner is asked in selection specifically includes:Website to be detected is obtained to send by the selection entrance Hole scanner selection request, according to it is described selection entrance and hole scanner between corresponding relation determine with it is described The corresponding hole scanner of hole scanner selection request.
A3, the method according to A1 or A2, wherein, methods described further comprises step:Receive in advance and preserve institute State the mailing address of website to be detected, then it is described to be swept by the leak for selecting request corresponding with the hole scanner Retouch after the step of instrument is scanned to the website to be detected, further comprise:According to the communication of the website to be detected Scanning result is sent to the website to be detected by address.
A4, according to any described methods of A1-A3, wherein, methods described further comprises step:Receive and preserve in advance The corresponding detection address in the website to be detected, then it is described with the hole scanner to select request corresponding by described The step of hole scanner is scanned to the website to be detected specifically includes:Pass through the described and vulnerability scanning work The tool selection corresponding hole scanner of request is scanned to the corresponding detection address in the website to be detected.
A5, according to any described methods of A1-A4, wherein, methods described further comprises step:Receive and preserve in advance The mailing address of the Hole Detection terminal, then according to scanning result is sent to by the mailing address of the website to be detected After the step of website to be detected, further comprise step:
The result feedback information that the website to be detected is sent is received, it is described that the result feedback information is sent into offer The Hole Detection terminal of hole scanner.
A6, the method according to A5, wherein, methods described further comprises:
Receive and show the corresponding value information of hole scanner that the Hole Detection terminal is provided in advance, then it is described As a result feedback information is determined according to the corresponding value information of the hole scanner.
A7, according to any described methods of A1-A6, wherein, the quantity of the website to be detected is multiple, and the leak The quantity for detecting terminal is multiple.
A8, the method according to A1-A7 is any, wherein, the hole scanner is script plug-in unit.
The invention also discloses:B9, a kind of WEB vulnerability scanners, including:
First acquisition module, the hole scanner suitable for obtaining and storing the offer of Hole Detection terminal, wherein, the leakage Hole scanning tools are the expansible scanning tools write for specific website leak;
First determining module, is adapted to determine that the leak class that the hole scanner that the Hole Detection terminal is provided is applicable Type;
Display module, hole scanner and its applicable leak class suitable for showing the Hole Detection terminal offer Type;
Second acquisition module, the hole scanner sent suitable for obtaining website to be detected selects request;
Second determining module, is adapted to determine that the hole scanner corresponding with hole scanner selection request;
Scan module, suitable for passing through the hole scanner pair corresponding with hole scanner selection request The website to be detected is scanned.
B10, the device according to B9, wherein, the display module is further used for:Carried for the Hole Detection terminal The hole scanner of confession sets corresponding selection entrance, and is showing the hole scanner that the Hole Detection terminal is provided And its during applicable leak type, further show the selection entrance;
Then second receiving module specifically for:Website to be detected is obtained to sweep by the leak of the selection entrance transmission Instrument selection request is retouched, is determined and the vulnerability scanning according to the corresponding relation between the selection entrance and hole scanner The corresponding hole scanner of instrument selection request.
B11, the device according to B9 or B10, wherein, described device further comprises:
Sending module, the mailing address suitable for receiving and preserving the website to be detected in advance, and according to described to be detected Scanning result is sent to the website to be detected by the mailing address of website.
B12, according to any described devices of B9-B11, wherein, the scan module specifically for:Receive and preserve in advance The corresponding detection address in the website to be detected, is swept by the leak for selecting request corresponding with the hole scanner Instrument is retouched to be scanned the corresponding detection address in the website to be detected.
B13, according to any described devices of B9-B12, wherein, described device further comprises:As a result feedback module, is fitted In receiving and preserve the mailing address of the Hole Detection terminal in advance, and receive the result feedback that the website to be detected is sent Information, the result feedback information is sent to the Hole Detection terminal for providing the hole scanner.
B14, the device according to B13, wherein, the display module is further used for:Show that the Hole Detection is whole The corresponding value information of hole scanner provided is held, then the result feedback information is according to hole scanner correspondence Value information determine.
B15, according to any described devices of B9-B14, wherein, the quantity of the website to be detected is multiple, and the leakage The quantity of hole detection terminal is multiple.
B16, the device according to B9-B15 is any, wherein, the hole scanner is script plug-in unit.
The invention also discloses:C17, a kind of WEB vulnerability scanning systems, including:Any described leaks of above-mentioned B9-B16 Scanning means, the website to be detected and the Hole Detection terminal.

Claims (10)

1. a kind of WEB vulnerability scannings method, including:
The hole scanner of Hole Detection terminal offer is obtained and stores, wherein, the hole scanner is for specific The expansible scanning tools that website vulnerability is write;
The leak type that the hole scanner that the Hole Detection terminal is provided is applicable is determined, shows that the Hole Detection is whole The hole scanner provided and its applicable leak type are provided;
The hole scanner selection request that website to be detected is sent is obtained, it is determined that asking phase with hole scanner selection Corresponding hole scanner;
The website to be detected is entered by the hole scanner for selecting request corresponding with the hole scanner Row scanning.
2. according to the method described in claim 1, wherein, it is described to determine the hole scanner that the Hole Detection terminal is provided After the step of leak type being applicable, further comprise step:The vulnerability scanning work provided for the Hole Detection terminal Tool sets corresponding selection entrance, then shows the hole scanner and its applicable leak class of the Hole Detection terminal offer During type, the selection entrance is further shown;
It is then described to receive the hole scanner selection request that website to be detected is sent, it is determined that being selected with the hole scanner The step of asking corresponding hole scanner specifically includes:Obtain the leakage that website to be detected is sent by the selection entrance Hole scanning tools selection request, is determined and the leak according to the corresponding relation between the selection entrance and hole scanner The corresponding hole scanner of scanning tools selection request.
3. method according to claim 1 or 2, wherein, methods described further comprises step:Receive in advance and preserve institute State the mailing address of website to be detected, then it is described to be swept by the leak for selecting request corresponding with the hole scanner Retouch after the step of instrument is scanned to the website to be detected, further comprise:According to the communication of the website to be detected Scanning result is sent to the website to be detected by address.
4. according to any described methods of claim 1-3, wherein, methods described further comprises step:Receive and protect in advance Deposit the corresponding detection address in the website to be detected, then it is described by described corresponding with hole scanner selection request Hole scanner specifically include the step of be scanned to the website to be detected:Pass through the described and vulnerability scanning The instrument selection corresponding hole scanner of request is scanned to the corresponding detection address in the website to be detected.
5. according to any described methods of claim 1-4, wherein, methods described further comprises step:Receive and protect in advance The mailing address of the Hole Detection terminal is deposited, then scanning result is sent to by institute according to the mailing address of the website to be detected After the step of stating website to be detected, further comprise step:
The result feedback information that the website to be detected is sent is received, the result feedback information is sent to the offer leak The Hole Detection terminal of scanning tools.
6. method according to claim 5, wherein, methods described further comprises:
The corresponding value information of hole scanner that the Hole Detection terminal is provided is received and shown in advance, then the result Feedback information is determined according to the corresponding value information of the hole scanner.
7. according to any described methods of claim 1-6, wherein, the quantity of the website to be detected is multiple, and the leakage The quantity of hole detection terminal is multiple.
8. according to any described methods of claim 1-7, wherein, the hole scanner is script plug-in unit.
9. a kind of WEB vulnerability scanners, including:
First acquisition module, the hole scanner suitable for obtaining and storing the offer of Hole Detection terminal, wherein, the leak is swept The instrument of retouching is the expansible scanning tools write for specific website leak;
First determining module, is adapted to determine that the leak type that the hole scanner that the Hole Detection terminal is provided is applicable;
Display module, hole scanner and its applicable leak type suitable for showing the Hole Detection terminal offer;
Second acquisition module, the hole scanner sent suitable for obtaining website to be detected selects request;
Second determining module, is adapted to determine that the hole scanner corresponding with hole scanner selection request;
Scan module, suitable for selecting the corresponding hole scanner of request with the hole scanner to described by described Website to be detected is scanned.
10. a kind of WEB vulnerability scanning systems, including:Vulnerability scanner, the survey grid to be checked described in the claims 9 Stand and the Hole Detection terminal.
CN201611246376.6A 2016-12-29 2016-12-29 WEB vulnerability scanning method, device and system Active CN107046527B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611246376.6A CN107046527B (en) 2016-12-29 2016-12-29 WEB vulnerability scanning method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611246376.6A CN107046527B (en) 2016-12-29 2016-12-29 WEB vulnerability scanning method, device and system

Publications (2)

Publication Number Publication Date
CN107046527A true CN107046527A (en) 2017-08-15
CN107046527B CN107046527B (en) 2020-12-08

Family

ID=59542974

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611246376.6A Active CN107046527B (en) 2016-12-29 2016-12-29 WEB vulnerability scanning method, device and system

Country Status (1)

Country Link
CN (1) CN107046527B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109165505A (en) * 2018-06-29 2019-01-08 重庆小雨点小额贷款有限公司 A kind of the security sweep method, apparatus and security sweep server of data
CN111124841A (en) * 2019-12-09 2020-05-08 广州品唯软件有限公司 Abnormal page alarming method and device and computer system
CN112580053A (en) * 2020-10-28 2021-03-30 西安四叶草信息技术有限公司 Vulnerability scanning method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102789502A (en) * 2012-07-17 2012-11-21 北京奇虎科技有限公司 Method and device for scanning website
US20140082729A1 (en) * 2012-09-19 2014-03-20 Estsecurity Co., Ltd. System and method for analyzing repackaged application through risk calculation
CN103685290A (en) * 2013-12-19 2014-03-26 南京理工大学连云港研究院 Vulnerability scanning system based on GHDB
CN105991554A (en) * 2015-02-04 2016-10-05 阿里巴巴集团控股有限公司 Vulnerability detection method and equipment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102789502A (en) * 2012-07-17 2012-11-21 北京奇虎科技有限公司 Method and device for scanning website
US20140082729A1 (en) * 2012-09-19 2014-03-20 Estsecurity Co., Ltd. System and method for analyzing repackaged application through risk calculation
CN103685290A (en) * 2013-12-19 2014-03-26 南京理工大学连云港研究院 Vulnerability scanning system based on GHDB
CN105991554A (en) * 2015-02-04 2016-10-05 阿里巴巴集团控股有限公司 Vulnerability detection method and equipment

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109165505A (en) * 2018-06-29 2019-01-08 重庆小雨点小额贷款有限公司 A kind of the security sweep method, apparatus and security sweep server of data
CN111124841A (en) * 2019-12-09 2020-05-08 广州品唯软件有限公司 Abnormal page alarming method and device and computer system
CN111124841B (en) * 2019-12-09 2023-08-18 广州品唯软件有限公司 Alarm method and device for abnormal page and computer system
CN112580053A (en) * 2020-10-28 2021-03-30 西安四叶草信息技术有限公司 Vulnerability scanning method and device

Also Published As

Publication number Publication date
CN107046527B (en) 2020-12-08

Similar Documents

Publication Publication Date Title
CN104980309B (en) website security detection method and device
CN103618717B (en) The dynamic confirming method of more account client informations, device and system
CN104580104B (en) The method, apparatus and system of authentication
EP3497609A1 (en) Detecting scripted or otherwise anomalous interactions with social media platform
CN107896244B (en) Version file distribution method, client and server
CN105099676B (en) A kind of user login method, user terminal and server
CN107885995A (en) The security sweep method, apparatus and electronic equipment of small routine
CN107247660A (en) The method of testing and test device of a kind of interface
CN103220153B (en) Cipher set-up method based on Quick Response Code and device, information system
CN107046527A (en) WEB vulnerability scannings method, apparatus and system
CN109145585B (en) Method and device for detecting weak password of website
CN108076056A (en) Cloud server login method and device
CN106657096B (en) WEB vulnerability detection method, device and system
CN112491874A (en) Network asset management method and device and related equipment
CN110825705A (en) Data set caching method and related device
CN105117340B (en) URL detection methods and device for iOS browser application quality evaluations
US9923916B1 (en) Adaptive web application vulnerability scanner
Pathirathna et al. Security testing as a service with docker containerization
WO2018072733A1 (en) Webpage security check method and device
US9268944B2 (en) System and method for sampling based source code security audit
Subedi et al. Secure paradigm for web application development
CN105553671B (en) A kind of management method of digital certificate, apparatus and system
Simmons et al. Designing and implementing cloud-based digital forensics hands-on labs
CN108664811A (en) A kind of right management method and device
CN105512020B (en) Test method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant