CN108259514A - Leak detection method, device, computer equipment and storage medium - Google Patents

Leak detection method, device, computer equipment and storage medium Download PDF

Info

Publication number
CN108259514A
CN108259514A CN201810254334.XA CN201810254334A CN108259514A CN 108259514 A CN108259514 A CN 108259514A CN 201810254334 A CN201810254334 A CN 201810254334A CN 108259514 A CN108259514 A CN 108259514A
Authority
CN
China
Prior art keywords
data access
virtual firewall
application data
access request
application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810254334.XA
Other languages
Chinese (zh)
Other versions
CN108259514B (en
Inventor
李洋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201810254334.XA priority Critical patent/CN108259514B/en
Publication of CN108259514A publication Critical patent/CN108259514A/en
Priority to PCT/CN2018/095221 priority patent/WO2019184137A1/en
Application granted granted Critical
Publication of CN108259514B publication Critical patent/CN108259514B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • H04L63/0218Distributed architectures, e.g. distributed firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer And Data Communications (AREA)

Abstract

This application involves a kind of leak detection method, device, computer equipment and storage mediums.The method includes:The application data access request that terminal is sent is received, application data access request carries application identities;Basic detection is carried out, and the application data access request that detection springs a leak is marked by the first virtual firewall application data access request for being located at infrastructure layer;Third virtual firewall corresponding with application identities is chosen from positioned at the second virtual firewall of software operation layer;Advanced detection is carried out to the application data access request after the detection of the first virtual firewall by selected third virtual firewall;When third virtual firewall detects the application data access request by label there are during loophole, then to by label and be detected as by third virtual firewall that there are the requests of the application data access of loophole to intercept.The above method can improve application server safety.

Description

Leak detection method, device, computer equipment and storage medium
Technical field
This application involves field of computer technology, more particularly to a kind of leak detection method, device, computer equipment and Storage medium.
Background technology
Universal with application program, user and application developer increasingly pay attention to the safety of application program, i.e., The safety of the corresponding application server of application program.
However, physics fire wall is usually used safely in protection application server at present, but physics fire wall does not have The ability of port and application is distinguished, therefore traditional attack can only be defendd, therefore traditional fire wall cannot be guaranteed application service The safety of device.
Invention content
Based on this, it is necessary to for above-mentioned technical problem, provide a kind of loophole that can improve application server safety Detection method, device, computer equipment and storage medium.
A kind of leak detection method, the method includes:
The application data access request that terminal is sent is received, the application data access request carries application identities;
The application data access is asked to carry out basic detection by the first virtual firewall for being located at infrastructure layer, And the application data access request that detection springs a leak is marked;
Third corresponding with the application identities is chosen from positioned at the second virtual firewall of software operation layer virtually to prevent Wall with flues;
By selected third virtual firewall to the application number after first virtual firewall detection Advanced detection is carried out according to access request;
When the third virtual firewall detects the application data access request by label there are during loophole, then To through label and being detected as asking to carry out there are the application data access of loophole by the third virtual firewall It intercepts.
The described pair of application data access request there are loophole in one of the embodiments, is marked, including:
The default position in the application data access request is obtained, and by the default position to the application data access Request is marked;
It is described by selected third virtual firewall to by first virtual firewall detection after described in should Before advanced detection being carried out with data access request, including:
Restore the application data access request by label.
The method further includes in one of the embodiments,:
Obtain first virtual firewall and the corresponding configuration information of second virtual firewall and running log;
The corresponding configuration information of first virtual firewall and the running log are stored to the described first void Intend corresponding first physics fire wall of fire wall;
The corresponding configuration information of second virtual firewall and the running log are stored to the described second void Intend corresponding second physics fire wall of fire wall.
The method further includes in one of the embodiments,:
The running log stored in second physics fire wall is obtained, and by the running log according to the described second void Intend fire wall to be classified to obtain running log set;
The corresponding advanced detected rule of running log in the running log set is obtained, and counts the identical height First quantity of the corresponding running log of grade detected rule;
When first quantity is more than the first preset value, then the operation that the first quantity is more than the first preset value is obtained The corresponding advanced detected rule of daily record, and increase corresponding second quantity of the advanced detected rule;
When second quantity is more than the second preset value, then it is virtual the advanced detected rule to be added to described first In fire wall.
The method further includes in one of the embodiments,:
Receive the regular configuration-direct corresponding with second virtual firewall of input;
Advanced detected rule corresponding with the rule configuration-direct is chosen from service rule base;
The advanced detected rule is added in second virtual firewall.
The method further includes in one of the embodiments,:
Not intercepted application data access request is sent to application server corresponding with the application identities, The application data access request is detected with the presence or absence of loophole by the leak detection rule in application server this described;
When application data access request, there is no during loophole, then obtain being answered with described for the application server return With the corresponding response data of data access request, and the response data is back to the terminal.
The method further includes in one of the embodiments,:
The leak detection rule that the application server is sent is received, and the leak detection rule is stored to corresponding In second virtual firewall and the service rule base.
A kind of Hole Detection device, described device include:
First receiving module, for receiving the application data access request of terminal transmission, the application data access request Carry application identities;
Mark module, for being asked by the first virtual firewall for being located at infrastructure layer the application data access Basic detection is carried out, and the application data access request that detection springs a leak is marked;
First chooses module, for being chosen and the application identities from positioned at the second virtual firewall of software operation layer Corresponding third virtual firewall;
Detection module, for by selected third virtual firewall to by first virtual firewall detection after Application data access request carry out advanced detection;
Blocking module, for work as the third virtual firewall detect by label the application data access request There are during loophole, then to being detected as by the mark and process third virtual firewall, there are the described using data of loophole Access request is intercepted.
A kind of computer equipment, including memory and processor, the memory is stored with computer program, the processing The step of device realizes any of the above-described the method when performing the computer program.
A kind of computer readable storage medium, is stored thereon with computer program, and the computer program is held by processor The step of method described in any one of the above embodiments is realized during row.
Above-mentioned leak detection method, device, computer equipment and storage medium, application data access request are layered Judge, carry out basic detection by being located at the first virtual firewall application data access request of infrastructure layer first, such as There are loopholes for fruit, then application data access request are marked, and in the second virtual firewall positioned at software operation layer In third virtual firewall carry out advanced detection, to by label and be detected as by third virtual firewall that there are loopholes Application data access request intercepted, the complete detection of application data access request is realized by double-deck judgement, is carried High safety.
Description of the drawings
Fig. 1 is the application scenario diagram of leak detection method in one embodiment;
Fig. 2 is the flow diagram of leak detection method in one embodiment;
Fig. 3 is the flow chart of the advanced detected rule addition step in an embodiment;
Fig. 4 is the structure diagram of Hole Detection device in one embodiment;
Fig. 5 is the internal structure chart of one embodiment Computer equipment.
Specific embodiment
It is with reference to the accompanying drawings and embodiments, right in order to which the object, technical solution and advantage for making the application are more clearly understood The application is further elaborated.It should be appreciated that specific embodiment described herein is only used to explain the application, not For limiting the application.
The leak detection method that the application provides, can be applied in application environment as shown in Figure 1.Wherein, cloud platform It is communicated by network with terminal and application server, wherein cloud platform can be configured by physics fire wall, for example, Each physics fire wall equipment is divided based on virtual resource to obtain more virtual firewall equipment, each virtual fire prevention Wall equipment is corresponding from different application servers respectively, to realize the safety assurance of the data in application server.Wherein, It can will fictionalize next virtual firewall to distribute into the different layer of cloud platform, for example, being assigned to the IAAS layer (bases of cloud platform Plinth structure sheaf) and SAAS layers (software operation layers), it is various for being sent to terminal positioned at IAAS layers of the first virtual firewalls Application data access request carries out basic detection, is used to various answer to what terminal was sent positioned at SAAS layer of the second virtual firewalls Advanced detection is carried out with data access request, with the multi-faceted safety for ensureing application server.
Specifically, cloud platform is after the application data access request of terminal transmission is received, first by being located at basic knot First virtual firewall application data access request of structure layer carries out basic detection, and the application data that detection springs a leak are visited Ask that request is marked.Secondly it is virtual to choose corresponding third from positioned at the second virtual firewall of software operation layer for cloud platform Fire wall, and advanced detection is carried out, and to by marking by selected third virtual firewall application data access request Remember and process third virtual firewall is detected as asking to be intercepted there are the application data access of loophole, so as to which there are loopholes Application data access request will not reach application server, ensure that the safety of application server.
Wherein, terminal can be, but not limited to be various personal computers, laptop, smart mobile phone, tablet computer and Portable wearable device, the server cluster that application server can be formed with the either multiple servers of independent server To realize.
In one embodiment, as shown in Fig. 2, a kind of leak detection method is provided, in this way applied in Fig. 1 It illustrates, includes the following steps for cloud platform:
S202:The application data access request that terminal is sent is received, application data access request carries application identities.
Specifically, application data access request is the request for being used to access corresponding application server that terminal is sent, should Corresponding response data can be returned to terminal by being based on the request with server.Application identities are can to uniquely determine application service The mark of device can be that the MAC Address of application server is either pre-assigned to number of application server etc..
Cloud platform is the terminal that terminal communicates with application server, and application data access is asked to send out by terminal first Cloud platform is given, cloud platform whether there is loophole by the fire wall in cloud platform to detect application data access request, only Have in application data access request there is no during loophole, which just can be asked to be sent to corresponding by cloud platform In application server.
S204:Basic inspection is carried out by the first virtual firewall application data access request for being located at infrastructure layer It surveys, and the application data access request that detection springs a leak is marked.
Specifically, basis detection can be carried out by the basic loophole feature database being located in the first virtual firewall, Wherein basic loophole feature database is the library for storing common loophole feature, can be applicable in all application servers.This One virtual firewall has big handling capacity, wherein the first virtual firewall in infrastructure layer can detect application data access Request is with the presence or absence of following loophole:SQL injection, XSS loopholes, CSRF loopholes, malice reptile, scanner, telefile include etc. Loophole.
Wherein, SQL injection abbreviation injection attacks, be web exploitation in the most common type security breaches, can with it come from Database obtains sensitive information or performs a series of addition malicious operations such as user, export using the characteristic of database, It could even be possible to obtain database or even system user highest permission.
XSS is also known as CSS, full name Cross SiteScript, and cross-site scripting attack is loophole common in web programs, XSS belongs to passive type and for the attack pattern of client, so easily ignore its harmfulness, principle is attacker to having The HTML code of (incoming) malice, when other users browse the website, this section of HTML code meeting are inputted in the website of XSS loopholes It is automatic to perform, so as to achieve the purpose that attack.Such as, user cookie is stolen, page structure is destroyed, is redirected to other websites Deng.
The full name of CSRF is " across station, request is forged ", is to forge request, pretends to be normal operating of the user in station.It forges and uses The normal operating at family by the approach such as XSS or link deception, allows user at the machine (browser end for possessing identity cookie) Initiate the ignorant request of user institute.
Web crawlers (Web Crawler) is also known as Web Spider (Web Spider) or network robot (Web Robot), It is a kind of program or script according to certain automatic crawl WWW resource of rule, has been widely used in internet neck Domain.Search engine passes through corresponding rope using web crawlers crawl web page, the document even resources such as picture, audio, video Draw technical organization these information, search user is supplied to be inquired.With the rapid development of network, WWW becomes a large amount of letters How the carrier of breath efficiently extracts and uses these information as a huge challenge.
Scanner is the program of a kind of automatic detection Local or Remote Host Security weakness, it quickly can accurately send out It now scans loophole existing for target and is supplied to user's scanning result.Operation principle is that scanner sends number to object-computer According to packet, then judge the OS Type of other side according to other side's feedack, the sensitivities such as port, the service provided are provided Information.Scanning is the prelude of attack, by scanning, collects the relevant information of destination host, finds the loophole of host.Common sweeps The tool of retouching has X-scan, superscan, streamer, X-port etc..
Telefile includes attack (Remote File Include) i.e. server and goes to wrap by the characteristic (function) of PHP During containing arbitrary file, since the filtering of this to be included document source is not stringent, so as to go, comprising a malicious file, to attack The person of hitting can remotely construct an advanced malicious file and reach attack purpose.File comprising loophole possibly be present at JSP, In the language such as PHP, ASP.
Cloud platform extracts the keyword in application data access request first, will be in the keyword and basic loophole feature database Keyword matched, if successful match, then it represents that the application data access request there are loopholes, cloud platform is to the application Data access request is marked.If matching is failed, application data access request is tentatively judged for normal data, no It needs to be marked.
S206:Third corresponding with application identities is chosen from positioned at the second virtual firewall of software operation layer virtually to prevent Wall with flues.
Specifically, since the second virtual firewall is corresponding with application server, and application data access request is taken With application identities, which is also corresponding, therefore application identities and the second virtual firewall with application server It is also corresponding, so as to cloud platform, corresponding third can be inquired from the second virtual firewall according to application identities virtual Fire wall, to realize that application data access request is accurately detected.
S208:The application data after the detection of the first virtual firewall are visited by selected third virtual firewall Ask that request carries out advanced detection.
Specifically, advanced detection can be special by the high level vulnerability being located in the third virtual firewall of software operation layer Levy what library carried out, middle-and-high-ranking loophole feature database is the library for storing high level vulnerability feature, is only applicable to specifically apply Server, and the high level vulnerability feature database can be configured by user.
Cloud platform can extract the keyword in application data access request first, by the keyword and high level vulnerability feature Keyword in library is matched, if successful match, and application data access request has been labeled, then it represents that the application There are loopholes for data access request.If matching is failed, it is normal data to illustrate application data access request.
In practical applications, judge it can is that the feature based on each loophole type is set in advance in the specific of software operation layer It puts, such as gets loophole type in infrastructure layer, and be marked, in software operation layer according to the loophole type from height Corresponding rule is selected in level vulnerability feature database, is then compared to judge whether application data access request has leakage Hole can ask targetedly to be detected, improves detection efficiency to the application data access of label in this way.Such as SQL injection In common " true expression (1=1) ", by " true expression (1=1) " it may determine that being attacked at this time by SQL injection, i.e., Application data access request has loophole.
S210:It is when third virtual firewall detects the application data access request by label there are during loophole, then right By label and by third virtual firewall be detected as there are loophole application data access request to be intercepted.
Specifically, cloud platform is corresponded to first by being located at the first virtual firewall with big handling capacity of infrastructure layer It is detected with data access request, if there is loophole, is then labeled first, without blocking and interrupting, i.e., without blocking It cuts.Cloud platform secondly by positioned at software operation layer have targetedly third virtual firewall to specific application server Application data access request be targetedly detected and block.Specifically, when cloud platform detect it is a certain using data Access request has been labeled in infrastructure layer, and is identified as in software operation layer that there are loopholes again, then cloud platform is to this Application data access request carries out interception blocking.It on the one hand can ensure the efficiency of Hole Detection in this way, reduce accidentally blocking rate, separately On the one hand the isomery of layered mode is used so that malice loophole is difficult to bypass layered weighting mechanism.
Above-mentioned leak detection method, application data access request carries out layering judgement, first by being located at foundation structure First virtual firewall application data access request of layer carries out basic detection, if there is loophole, then applies data to this Access request is marked, and the third virtual firewall progress in the second virtual firewall positioned at software operation layer is advanced Detection, to passing through marking and being detected as asking to block there are the application data access of loophole by third virtual firewall It cuts, the complete detection of application data access request is realized by double-deck judgement, improves safety.
Above-mentioned steps S204 in one of the embodiments, is asked into rower there are the application data access of loophole Note, can include:The default position in application data access request is obtained, and is carried out by default position application data access request Label.So as to be asked by selected third virtual firewall to the application data access after the detection of the first virtual firewall It asks before carrying out advanced detection, is i.e. can also include before step S208:Restore the application data access request by label.
Specifically, application data access request can be that the application data access based on standard TCP protocol is asked, Ke Yitong The default position crossed in Transmission Control Protocol is carried out application data access request and is marked, i.e., pre- in being asked by application data access If loophole is marked in position, if there is loophole, then the content on the default position is changed to represent that application data access please Ask that there are loopholes.
In order to ensure that the third virtual firewall in software operation layer is to ask to carry out for original application data access Detection, cloud platform are asking the application data access after the detection of the first virtual firewall by the third virtual firewall Before carrying out advanced detection, restore the application data access request of the label, pass through third void so as to improve cloud platform Intend the accuracy that fire wall carries out the application data access request after the detection of the first virtual firewall advanced detection.
Specifically, the application data access of label can be asked to replicate by cloud platform, and change one of label Application data access request it is identical with original application data access request, cloud platform is by third virtual firewall to the modification Application data access request afterwards carries out advanced detection, can ensure the accuracy of testing result in this way, and due to saving original Come the application data access request marked, sentenced so as to which subsequently cloud platform can be preserved by what the first virtual firewall was made It is disconnected.For example, cloud platform can be got according to the loophole type that the application data access of label is asked in high level vulnerability feature database Then corresponding advanced detected rule is detected application data access request by the advanced detected rule, in this way may be used To improve detection efficiency, if application data access request is labeled, directly pass through the height in high level vulnerability feature database Grade detected rule is detected.
In above-described embodiment, the mark to loophole is realized in default position in being asked by application data access, does not need to Increase other contents, it is easy to operate, and restore mark first before by third virtual firewall application data access request The application data access request of note, ensure that identical with original application data access request, improves the accuracy rate of detection.
Above-mentioned leak detection method can also include in one of the embodiments,:Obtain the first virtual firewall and The corresponding configuration information of two virtual firewalls and running log;By the corresponding configuration information of the first virtual firewall and running log Store the first physics fire wall corresponding to the first virtual firewall;By the corresponding configuration information of the second virtual firewall and operation Daily record stores the second physics fire wall corresponding to the second virtual firewall.
It specifically, i.e., can when physics fire wall equipment is divided based on virtual resource when generating virtual firewall Storing the configuration informations such as the capacity of the result divided and resource into corresponding configuration file, for convenient storage and letter Checking for breath, can store configuration file into the corresponding physics fire wall of virtual firewall.
Running log refers to the daily record about operation result that virtual firewall is generated in the process of running, such as in base First virtual firewall of plinth structure sheaf then visits this using data when judging whether application data access request has loophole It asks that request is marked, and will mark in result, detection time, used basic detected rule storage to running log. Second virtual firewall of software operation layer then applies data when judging whether application data access request has loophole to this Access request is intercepted, and detection time, used advanced detected rule are stored into running log, in order to follow-up It is checked, and the running log is stored directly in corresponding physics fire wall equipment for convenience.
In above-described embodiment, the configuration information and running log of virtual firewall can be stored in corresponding physics fire wall In equipment, so as to facilitate checking for information, such as when judging that application data access request has in infrastructure layer Loophole feature, i.e., comprising loophole when, then be marked, and carry out daily record storage, and virtual anti-by second in software operation layer When wall with flues judges whether application data access request has loophole, daily record storage can also be carried out, in order to which user is checked Loophole etc..
In one of the embodiments, referring to Fig. 3, Fig. 3 is the stream of the advanced detected rule addition step in an embodiment Cheng Tu, the advanced detected rule addition step can include:
S302:The running log stored in second physics fire wall is obtained, and by the running log according to Second virtual firewall is classified to obtain running log set.
It specifically, can be by automatic in order to realize the expansion to the basic loophole feature database in the first virtual firewall Judge the advanced detected rule in the second physics fire wall being added in the first virtual firewall, with the change of time Change, the detected rule of some common loopholes is added in the first virtual firewall.
Specifically, cloud platform can get the running log in the second physics fire wall first, and according to second Virtual firewall classifies to running log, i.e., is classified by application server to running log.For example, when there are three During a second virtual firewall, then corresponding there are three application servers, and running log is classified according to application server, Such as first application server correspond to the first running log set, the second application server corresponds to the second running log set, the Three application servers correspond to third running log set.
S304:The corresponding advanced detected rule of running log in the running log set is obtained, and counts identical First quantity of the corresponding running log of the advanced detected rule.
Specifically, after cloud platform is classified running log, the running log in each set is got, and obtains fortune The corresponding advanced detected rule of row daily record.Such as it is above-mentioned running log is divided into three running log set, then obtain each The corresponding advanced detected rule of each running log in set, such as the first running log set, the second operation are got respectively The corresponding advanced detected rule of each running log in daily record set and third running log set.Then cloud platform gets phase First quantity of the same corresponding running log of advanced detected rule.Wherein illustrated by taking the first running log set as an example, Assuming that there are five running logs in the first running log set, and the first running log, third running log and the 5th transport Row daily record corresponds to the first advanced detected rule, and the second running log and the 4th running log correspond to the second advanced detected rule, because This corresponding first quantity of the first advanced detected rule is 3, and corresponding first quantity of the second advanced detected rule is 2.
S306:When first quantity is more than the first preset value, then the institute that the first quantity is more than the first preset value is obtained The corresponding advanced detected rule of running log is stated, and increases corresponding second quantity of the advanced detected rule.
Specifically, the first preset value is to ask corresponding height according to the application data access intercepted in the second virtual firewall The quantity of grade detected rule carrys out determining, such as the second virtual firewall is intercepted in a certain period application data access request It both corresponds to same advanced detected rule, then illustrates that the corresponding loophole of the advanced detected rule is more universal, then it can should Advanced detected rule is recommended to be added in the first virtual firewall.
But the application to all application servers is needed due to basis detected rule corresponding in the first virtual firewall Data access request is detected, and therefore, in order to ensure the basic of advanced detected rule, cloud platform can get the second void Intend the advanced detected rule that corresponding first quantity of fire wall is more than the first preset value, and be each advanced detected rule configuration pair The counter answered, when there are the advanced detected rules that corresponding first quantity of second virtual firewall is more than the first preset value When, then counter corresponding with the advanced detected rule is incremented by, such as adds 1, i.e., accordingly increases by the second quantity.
S308:When second quantity is more than the second preset value, then will the advanced detected rule added to described the In one virtual firewall.
Specifically, the second quantity is for weighing the advanced detected rule corresponding that the first quantity is more than the first preset value The quantity of two virtual firewalls.Second preset value be then in order to weigh a certain advanced detected rule whether have it is basic, be No to can be adapted for most application server, which can be configured by user, when cloud platform judges When going out second quantity more than the second preset value, then the advanced detected rule is added to the corresponding basic loophole of infrastructure layer In feature database, to realize the dynamic change of basic loophole feature database in cloud platform.
In above-described embodiment, by double-deck standard, i.e. the corresponding identical advanced detected rule institute of an application server is right The quantity of the quantity for the running log answered and corresponding second virtual firewall of same advanced detected rule, to determine whether can A certain advanced detected rule is added in the first virtual firewall, you can examined with the basis expanded in the first virtual firewall Gauge then, and improves the accuracy of expansion.
Above-mentioned leak detection method further includes in one of the embodiments,:Receive input with the second virtual firewall Corresponding rule configuration-direct;Advanced detected rule corresponding with regular configuration-direct is chosen from service rule base;It will be advanced Detected rule is added in the second virtual firewall.
Specifically, regular configuration-direct is the instruction for the advanced detected rule in the second virtual firewall to be configured, should Instruction can be sent out by the user for renting the second virtual firewall.Service rule base is then provided in cloud platform, is used In storing the advanced detected rule in cloud platform, when user needs to configure the advanced detected rule in the second virtual firewall, Cloud platform can recommend from service rule base to user.
Wherein, the advanced detected rule in the high level vulnerability feature database in above-mentioned second virtual firewall can be by applying What the user of server was configured.Such as cloud platform can provide a service rule base, be stored in service rule base a large amount of Detected rule, user can by cloud platform provide human-computer interaction interface be chosen from service rule base it is advanced detection advise Then, and by selected advanced detected rule it stores into the second virtual firewall.
In practical applications, when user needs to configure the second virtual firewall corresponding with application server, then user First logging into the account registered in cloud platform, cloud platform provides human-computer interaction interface in order to the advanced detected rule of user configuration, User can be operated on human-computer interaction interface to choose required advanced detected rule from service rule base, and cloud platform connects After the advanced detected rule for receiving user's selection, which is added in corresponding second virtual firewall, i.e., Added in the corresponding high level vulnerability feature database of the second virtual firewall, so as to virtually prevent fires when positioned at the second of software operation layer When wall application data access request is judged, it can be judged according to the advanced detected rule of user configuration, be improved Specific aim.Optionally, in user configuration advanced detected rule corresponding with the second virtual firewall, cloud platform can according to should Recommend available service regulation to user with the function of server, to improve the allocative efficiency of user.Such as application can be obtained The function of server, the advanced detected rule in the name-matches service rule base that cloud platform passes through acquired function, and will The advanced detected rule of successful match is shown on human-computer interaction interface, the advanced detection that can recommend so as to user from cloud platform The advanced detected rule needed to application server is chosen in rule, so as to which the advanced detection that cloud platform can choose user is advised Then it is added in corresponding second virtual firewall.
In above-described embodiment, the advanced detected rule in the second virtual firewall of software operation layer can be by applying The user of server is configured, so that advanced detected rule in the second virtual firewall more has specific aim, It is adapted with the demand of user.
Above-mentioned leak detection method can also include in one of the embodiments,:Not intercepted application data are visited Ask that request is sent to application server corresponding with application identities, it should by the leak detection rule detection in the application server It whether there is loophole with data access request;When loophole is not present in application data access request, then obtains application server and return Return with the corresponding response data of application data access request, and response data is back to terminal.
Specifically, when cloud platform detects that loophole is not present in application data access request, then this will not be intercepted using number According to access request, i.e. the application data access not being intercepted request is forwarded to corresponding application server, answered by cloud platform With server receive the application data access request after, can the leak detection rule based on application server itself it is right again Application data access request is detected, which can be due to confidentiality reasons setting to local leakage Hole detected rule, application server is detected by the leak detection rule application data access request, when using data When loophole is not present in access request, then get with the corresponding response data of application data access request, and response data is returned Corresponding terminal is back to, so as to fulfill entire access process.
When application server detects application data access request there are during loophole, application server then refuses the application Data access request, i.e. application server can return to the prompting of unauthorized access to corresponding terminal, and refuse data access.
In above-described embodiment, after the double-deck Hole Detection by cloud platform, which asks by cloud platform Application server is sent to, application server asks the application data access to carry out Hole Detection, only application server again Confirm that application data access request there is no during loophole, just can ask corresponding terminal returning response number to application data access According to further improving the safety of application server.
Above-mentioned leak detection method can also include in one of the embodiments,:Receive the leakage that application server is sent Hole detected rule, and leak detection rule is stored into corresponding second virtual firewall and service rule base.
Specifically, in order to realize the expansion of the corresponding high level vulnerability feature database of the second virtual firewall, cloud platform can connect The leak detection rule that application server is sent is received, so as to fulfill the expansion of high level vulnerability feature database.
Specifically, in practical applications, since the quantity of the advanced detected rule in the service rule base in cloud platform has It limits, there are the required advanced detected rule of the corresponding user of application server there is no in the service rule base of cloud platform, is It realizes and is detected by the advanced detected rule application data access request in cloud platform, user can select advanced Detected rule, and indicate that the advanced detected rule is committed to cloud platform by application server, cloud platform is thus by the advanced detection Rule is stored into the corresponding high level vulnerability feature database of the second virtual firewall, and optionally, and cloud platform is being received using clothes During the advanced detected rule that business device is sent, safety detection can be carried out, such as encrypted mode may be used and transmit the advanced inspection Whether gauge then, by decryption successfully operates application service to carry out safety detection or judge by way of dynamic code Whether the user of device has security permission etc..
In practical applications, the advanced detected rule that cloud platform can also send application server is added to cloud platform In service rule base, to realize the expansion to service rule base, so as to be answered as the corresponding user of other application server in configuration During high level vulnerability feature database corresponding with server, the advanced detected rule can be chosen, realizes the service in cloud platform The expansion of rule base.Optionally, cloud platform can first determine whether the advanced detected rule that application server is sent allows it His user uses, if allowing to use, the advanced detected rule that can send application server is added to the clothes of cloud platform It is engaged in rule base, otherwise, cloud platform does not perform any operation, can ensure the safety of the advanced detected rule of user in this way.
In above-described embodiment, the advanced detected rule that cloud platform can send application server is added to the clothes of cloud platform It is engaged in rule base and the second virtual firewall so that the advanced leakage in service rule base and the second virtual firewall in cloud platform Hole feature database is more perfect.
It should be understood that although each step in the flow chart of Fig. 2-3 is shown successively according to the instruction of arrow, These steps are not that the inevitable sequence indicated according to arrow performs successively.Unless it expressly states otherwise herein, these steps Execution there is no stringent sequences to limit, these steps can perform in other order.Moreover, at least one in Fig. 2-3 Part steps can include multiple sub-steps, and either these sub-steps of multiple stages or stage are not necessarily in synchronization Completion is performed, but can be performed at different times, the execution sequence in these sub-steps or stage is also not necessarily successively It carries out, but can either the sub-step of other steps or at least part in stage be in turn or alternately with other steps It performs.
In one embodiment, as shown in figure 4, providing a kind of Hole Detection device, including:First receiving module 100, Mark module 200 chooses module 300, detection module 400 and blocking module 500, wherein:
First receiving module 100, for receiving the application data access request of terminal transmission, application data access request is taken With application identities.
Mark module 200, for the first virtual firewall application data access request by being located at infrastructure layer Basic detection is carried out, and the application data access request that detection springs a leak is marked.
First chooses module 300, for selection and application identities from positioned at the second virtual firewall of software operation layer Corresponding third virtual firewall.
Detection module 400, for by selected third virtual firewall to by the first virtual firewall detection after Application data access request carry out advanced detection.
Blocking module 500 detects that the application data access by label asks to exist for working as third virtual firewall During loophole, then to passing through marking and being detected as asking to carry out there are the application data access of loophole by third virtual firewall It intercepts.
Mark module 200 can be also used for obtaining default in application data access request in one of the embodiments, Position, and be marked by default position application data access request.
Described device can also include:Recovery module, for by selected third virtual firewall to passing through Before application data access request after the detection of one virtual firewall carries out advanced detection, restore to visit by the application data of label Ask request.
The device can also include in one of the embodiments,:
First acquisition module, for obtaining the first virtual firewall and the corresponding configuration information of the second virtual firewall and fortune Row daily record.
First memory module, for storing the corresponding configuration information of the first virtual firewall and running log to the first void Intend corresponding first physics fire wall of fire wall;The corresponding configuration information of second virtual firewall and running log are stored to Corresponding second physics fire wall of two virtual firewalls.
The device can also include in one of the embodiments,:
Sort module, for obtaining the running log stored in second physics fire wall, and by the running log Classified to obtain running log set according to second virtual firewall;
Statistical module for obtaining the corresponding advanced detected rule of running log in the running log set, and is united Count the first quantity of the corresponding running log of the identical advanced detected rule;
Counting module, for when first quantity is more than the first preset value, then it is pre- more than first to obtain the first quantity If the corresponding advanced detected rule of the running log of value, and increase corresponding second number of the advanced detected rule Amount;
First add module, for when second quantity be more than the second preset value when, then by the advanced detected rule Added in first virtual firewall.
The device can also include in one of the embodiments,:
Second receiving module, for receiving the regular configuration-direct corresponding with the second virtual firewall of input.
Second chooses module, for choosing advanced detected rule corresponding with regular configuration-direct from service rule base.
Second add module, for advanced detected rule to be added in the second virtual firewall.
The device can also include in one of the embodiments,:
Local detection module 400, it is corresponding with application identities for being sent to not intercepted application data access request Application server, application data access request is detected with the presence or absence of leakage by leak detection rule in the application server Hole.
Respond module, for when application data access request there is no loophole when, then obtain application server return with Application data access asks corresponding response data, and response data is back to terminal.
The device can also include in one of the embodiments,:
Second memory module for receiving the leak detection rule of application server transmission, and leak detection rule is deposited In storage to corresponding second virtual firewall and service rule base.
Specific restriction about Hole Detection device may refer to the restriction above for leak detection method, herein not It repeats again.Modules in above-mentioned Hole Detection device can be realized fully or partially through software, hardware and combinations thereof.On Stating each module can be embedded in or independently of in the processor in computer equipment, can also store in a software form in the form of hardware In memory in computer equipment, the corresponding operation of more than modules is performed in order to which processor calls.
In one embodiment, a kind of computer equipment is provided, which can be server, internal junction Composition can be as shown in Figure 5.The computer equipment include the processor connected by system bus, memory, network interface and Database.Wherein, the processor of the computer equipment is for offer calculating and control ability.The memory packet of the computer equipment Include non-volatile memory medium, built-in storage.The non-volatile memory medium is stored with operating system, computer program and data Library.The built-in storage provides environment for the operating system in non-volatile memory medium and the operation of computer program.The calculating The database of machine equipment is used for storage configuration information and running log.The network interface of the computer equipment is used for and external end End is communicated by network connection.To realize a kind of leak detection method when the computer program is executed by processor.
It will be understood by those skilled in the art that the structure shown in Fig. 5, only part knot relevant with application scheme The block diagram of structure does not form the restriction for the computer equipment being applied thereon to application scheme, specific computer equipment It can include either combining certain components than components more or fewer shown in figure or be arranged with different components.
In one embodiment, a kind of computer equipment is provided, including memory and processor, which is stored with Computer program, the processor realize following steps when performing computer program:The application data access that terminal is sent is received to ask It asks, application data access request carries application identities;By being located at the first virtual firewall of infrastructure layer to applying number Basic detection is carried out, and the application data access request that detection springs a leak is marked according to access request;It is transported from positioned at software It seeks and third virtual firewall corresponding with application identities is chosen in the second virtual firewall of layer;It is virtual by selected third Fire wall carries out advanced detection to the application data access request after the detection of the first virtual firewall;When third is virtually prevented fires Wall detects the application data access request by label there are during loophole, then marked to process and process third is virtually prevented fires Wall is detected as asking to be intercepted there are the application data access of loophole.
In one embodiment, that is realized when computer program is executed by processor to visit there are the application data of loophole It asks that request is marked, can include:The default position in application data access request is obtained, and passes through default position application data Access request is marked;Realized when computer program is executed by processor by selected third virtual firewall pair Before application data access request after the detection of the first virtual firewall carries out advanced detection, it can include:Restore to pass through The application data access request of label.
In one embodiment, following steps are also realized when processor performs computer program:Obtain the first virtually fire prevention Wall and the corresponding configuration information of the second virtual firewall and running log;By the corresponding configuration information of the first virtual firewall and fortune Row daily record stores the first physics fire wall corresponding to the first virtual firewall;By the corresponding configuration information of the second virtual firewall The second physics fire wall corresponding to the second virtual firewall is stored with running log.
In one embodiment, following steps are also realized when processor performs computer program:Obtain the fire prevention of the second physics The running log stored in wall, and running log classified according to the second virtual firewall to obtain running log set;It obtains The corresponding advanced detected rule of the running log in running log set is taken, and counts the identical corresponding fortune of advanced detected rule First quantity of row daily record;When the first quantity is more than the first preset value, then the fortune that the first quantity is more than the first preset value is obtained The corresponding advanced detected rule of row daily record, and increase corresponding second quantity of advanced detected rule;When the second quantity is more than second During preset value, then advanced detected rule is added in the first virtual firewall.
In one embodiment, following steps are also realized when processor performs computer program:Receive input with second The corresponding regular configuration-direct of virtual firewall;Advanced detection corresponding with regular configuration-direct is chosen from service rule base to advise Then;Advanced detected rule is added in the second virtual firewall.
In one embodiment, following steps are also realized when processor performs computer program:By not intercepted application Data access request is sent to application server corresponding with application identities, passes through the leak detection rule in the application server Application data access request is detected with the presence or absence of loophole;When application data access request, there is no during loophole, then obtain to apply to take Be engaged in that device returns with the corresponding response data of application data access request, and response data is back to terminal.
In one embodiment, following steps are also realized when processor performs computer program:Receive application server hair The leak detection rule sent, and leak detection rule is stored into corresponding second virtual firewall and service rule base.
In one embodiment, a kind of computer readable storage medium is provided, is stored thereon with computer program, is calculated Machine program realizes following steps when being executed by processor:Receive the application data access request that terminal is sent, application data access Request carries application identities;Base is carried out by the first virtual firewall application data access request for being located at infrastructure layer Plinth detects, and the application data access request that detection springs a leak is marked;Virtually prevent from positioned at the second of software operation layer Third virtual firewall corresponding with application identities is chosen in wall with flues;By selected third virtual firewall to passing through first Application data access request after virtual firewall detection carries out advanced detection;When third virtual firewall is detected by label Application data access request there are during loophole, then to by label and be detected as by third virtual firewall that there are loopholes Application data access request intercepted.
In one embodiment, that is realized when computer program is executed by processor to visit there are the application data of loophole It asks that request is marked, can include:The default position in application data access request is obtained, and passes through default position application data Access request is marked;By selected third virtual firewall to passing through first when computer program is executed by processor Before application data access request after virtual firewall detection carries out advanced detection, it can include:Restore answering by label Use data access request.
In one embodiment, following steps are also realized when computer program is executed by processor:It is virtually anti-to obtain first Wall with flues and the corresponding configuration information of the second virtual firewall and running log;By the corresponding configuration information of the first virtual firewall and Running log stores the first physics fire wall corresponding to the first virtual firewall;Second virtual firewall is corresponding with confidence Breath stores the second physics fire wall corresponding to the second virtual firewall with running log.
In one embodiment, following steps are also realized when computer program is executed by processor:The second physics is obtained to prevent The running log stored in wall with flues, and running log classified according to the second virtual firewall to obtain running log set; The corresponding advanced detected rule of running log in running log set is obtained, and it is corresponding to count identical advanced detected rule First quantity of running log;When the first quantity is more than the first preset value, then the first quantity is obtained more than the first preset value The corresponding advanced detected rule of running log, and increase corresponding second quantity of advanced detected rule;When the second quantity is more than the During two preset values, then advanced detected rule is added in the first virtual firewall.
In one embodiment, following steps are also realized when computer program is executed by processor:Receive input with the The corresponding regular configuration-direct of two virtual firewalls;Advanced detection corresponding with regular configuration-direct is chosen from service rule base Rule;Advanced detected rule is added in the second virtual firewall.
In one embodiment, following steps are also realized when computer program is executed by processor:It should by not intercepted Application server corresponding with application identities is sent to data access request, is advised by the Hole Detection in the application server Application data access request is then detected with the presence or absence of loophole;When loophole is not present in application data access request, then application is obtained Server return with the corresponding response data of application data access request, and response data is back to terminal.
In one embodiment, following steps are also realized when computer program is executed by processor:Receive application server The leak detection rule of transmission, and leak detection rule is stored into corresponding second virtual firewall and service rule base.
One of ordinary skill in the art will appreciate that realizing all or part of flow in above-described embodiment method, being can be with Relevant hardware is instructed to complete by computer program, the computer program can be stored in a non-volatile computer In read/write memory medium, the computer program is when being executed, it may include such as the flow of the embodiment of above-mentioned each method.Wherein, Any reference to memory, storage, database or other media used in each embodiment provided herein, Including non-volatile and/or volatile memory.Nonvolatile memory may include read-only memory (ROM), programming ROM (PROM), electrically programmable ROM (EPROM), electrically erasable ROM (EEPROM) or flash memory.Volatile memory may include Random access memory (RAM) or external cache.By way of illustration and not limitation, RAM is available in many forms, Such as static state RAM (SRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double data rate sdram (DDRSDRAM), enhancing Type SDRAM (ESDRAM), synchronization link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic ram (DRDRAM) and memory bus dynamic ram (RDRAM) etc..
Each technical characteristic of above example can be combined arbitrarily, to make description succinct, not to above-described embodiment In each technical characteristic it is all possible combination be all described, as long as however, the combination of these technical characteristics be not present lance Shield is all considered to be the range of this specification record.
Embodiment described above only expresses the several embodiments of the application, and description is more specific and detailed, but simultaneously It cannot therefore be construed as limiting the scope of the patent.It should be pointed out that those of ordinary skill in the art are come It says, under the premise of the application design is not departed from, various modifications and improvements can be made, these belong to the protection of the application Range.Therefore, the protection domain of the application patent should be determined by the appended claims.

Claims (10)

1. a kind of leak detection method, the method includes:
The application data access request that terminal is sent is received, the application data access request carries application identities;
The application data access is asked to carry out basic detection, and right by the first virtual firewall for being located at infrastructure layer The application data access request to spring a leak is detected to be marked;
Third virtual firewall corresponding with the application identities is chosen from positioned at the second virtual firewall of software operation layer;
The application data after first virtual firewall detection are visited by selected third virtual firewall Ask that request carries out advanced detection;
When the third virtual firewall detects the application data access request by label there are during loophole, then to warp It crosses marking and is detected as asking to be intercepted there are the application data access of loophole by the third virtual firewall.
2. the according to the method described in claim 1, it is characterized in that, described pair of application data access request there are loophole It is marked, including:
The default position in the application data access request is obtained, and the application data access is asked by the default position It is marked;
It is described by selected third virtual firewall to by first virtual firewall detection after the application number Before advanced detection being carried out according to access request, including:
Restore the application data access request by label.
3. according to the method described in claim 1, it is characterized in that, the method further includes:
Obtain first virtual firewall and the corresponding configuration information of second virtual firewall and running log;
The corresponding configuration information of first virtual firewall and the running log are stored to described first and virtually prevented Corresponding first physics fire wall of wall with flues;
The corresponding configuration information of second virtual firewall and the running log are stored to described second and virtually prevented Corresponding second physics fire wall of wall with flues.
4. according to the method described in claims 1 to 3 any one, which is characterized in that the method further includes:
The running log stored in second physics fire wall is obtained, and the running log is virtual anti-according to described second Wall with flues is classified to obtain running log set;
The corresponding advanced detected rule of running log in the running log set is obtained, and counts the identical advanced inspection First quantity of gauge then corresponding running log;
When first quantity is more than the first preset value, then the running log that the first quantity is more than the first preset value is obtained The corresponding advanced detected rule, and increase corresponding second quantity of the advanced detected rule;
When second quantity is more than the second preset value, then the advanced detected rule is added to the described first virtual fire prevention In wall.
5. according to the method described in claims 1 to 3 any one, which is characterized in that the method further includes:
Receive the regular configuration-direct corresponding with second virtual firewall of input;
Advanced detected rule corresponding with the rule configuration-direct is chosen from service rule base;
The advanced detected rule is added in second virtual firewall.
6. according to the method described in claim 5, it is characterized in that, the method further includes:
Not intercepted application data access request is sent to application server corresponding with the application identities, is passed through Leak detection rule in the application server detects the application data access request with the presence or absence of loophole;
When application data access request is returning with the application number there is no the application server during loophole, is then obtained The terminal is back to according to the corresponding response data of access request, and by the response data.
7. according to the method described in claim 6, it is characterized in that, the method further includes:
The leak detection rule that the application server is sent is received, and the leak detection rule is stored to corresponding second In virtual firewall and the service rule base.
8. a kind of Hole Detection device, which is characterized in that described device includes:
First receiving module, for receiving the application data access request of terminal transmission, the application data access request carries There are application identities;
Mark module, for asking to carry out to the application data access by the first virtual firewall for being located at infrastructure layer Basis detection, and the application data access request that detection springs a leak is marked;
First chooses module, corresponding with the application identities for being chosen from positioned at the second virtual firewall of software operation layer Third virtual firewall;
Detection module, for by selected third virtual firewall to by first virtual firewall detection after institute It states application data access request and carries out advanced detection;
Blocking module detects that the application data access by label asks to exist for working as the third virtual firewall During loophole, then marked to the process and process third virtual firewall is detected as the application data access there are loophole Request is intercepted.
9. a kind of computer equipment, including memory and processor, the memory is stored with computer program, and feature exists In when the processor performs the computer program the step of any one of realization claim 1 to 7 the method.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program The step of method described in any one of claim 1 to 7 is realized when being executed by processor.
CN201810254334.XA 2018-03-26 2018-03-26 Vulnerability detection method and device, computer equipment and storage medium Active CN108259514B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201810254334.XA CN108259514B (en) 2018-03-26 2018-03-26 Vulnerability detection method and device, computer equipment and storage medium
PCT/CN2018/095221 WO2019184137A1 (en) 2018-03-26 2018-07-11 Loophole detection method, device, computer apparatus, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810254334.XA CN108259514B (en) 2018-03-26 2018-03-26 Vulnerability detection method and device, computer equipment and storage medium

Publications (2)

Publication Number Publication Date
CN108259514A true CN108259514A (en) 2018-07-06
CN108259514B CN108259514B (en) 2020-11-24

Family

ID=62747347

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810254334.XA Active CN108259514B (en) 2018-03-26 2018-03-26 Vulnerability detection method and device, computer equipment and storage medium

Country Status (2)

Country Link
CN (1) CN108259514B (en)
WO (1) WO2019184137A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109040119A (en) * 2018-09-11 2018-12-18 腾讯科技(深圳)有限公司 A kind of leak detection method and device of intelligent building network
CN110290153A (en) * 2019-07-19 2019-09-27 国网安徽省电力有限公司信息通信分公司 A kind of automatic delivery method of Port Management strategy and device of firewall
WO2019184137A1 (en) * 2018-03-26 2019-10-03 平安科技(深圳)有限公司 Loophole detection method, device, computer apparatus, and storage medium
CN110661804A (en) * 2019-09-29 2020-01-07 南京邮电大学 Stain analysis vulnerability detection method for firewall
CN110674506A (en) * 2019-09-10 2020-01-10 深圳开源互联网安全技术有限公司 Method and system for rapidly verifying vulnerability state of application program
CN111651773A (en) * 2020-08-05 2020-09-11 成都无糖信息技术有限公司 Automatic binary security vulnerability mining method
CN112217773A (en) * 2019-07-11 2021-01-12 中移(苏州)软件技术有限公司 Firewall rule processing method, device and storage medium

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11503054B2 (en) * 2020-03-05 2022-11-15 Aetna Inc. Systems and methods for identifying access anomalies using network graphs

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110072517A1 (en) * 2009-09-22 2011-03-24 International Business Machines Corporation Detecting Security Vulnerabilities Relating to Cryptographically-Sensitive Information Carriers when Testing Computer Software
CN104363236A (en) * 2014-11-21 2015-02-18 西安邮电大学 Automatic vulnerability validation method
CN204906437U (en) * 2015-08-28 2015-12-23 深圳市华傲数据技术有限公司 Big data storage application network framework
CN107094094A (en) * 2017-04-13 2017-08-25 北京小米移动软件有限公司 Networking methods, device and the terminal of application program
US20170339165A1 (en) * 2013-04-22 2017-11-23 Imperva, Inc. Automatic generation of attribute values for rules of a web application layer attack detector
CN107682302A (en) * 2016-08-02 2018-02-09 中国电信股份有限公司 Cross-site scripting attack detection method and device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2013299720B2 (en) * 2012-08-06 2019-07-18 Intralinks, Inc. Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment
CN104092665A (en) * 2014-06-19 2014-10-08 小米科技有限责任公司 Access request filtering method, device and facility
CN104363253B (en) * 2014-12-12 2016-10-26 北京奇虎科技有限公司 Website security detection method and device
CN107835179B (en) * 2017-11-14 2021-05-04 超越科技股份有限公司 Application program protection method and device based on virtualization container
CN108259514B (en) * 2018-03-26 2020-11-24 平安科技(深圳)有限公司 Vulnerability detection method and device, computer equipment and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110072517A1 (en) * 2009-09-22 2011-03-24 International Business Machines Corporation Detecting Security Vulnerabilities Relating to Cryptographically-Sensitive Information Carriers when Testing Computer Software
US20170339165A1 (en) * 2013-04-22 2017-11-23 Imperva, Inc. Automatic generation of attribute values for rules of a web application layer attack detector
CN104363236A (en) * 2014-11-21 2015-02-18 西安邮电大学 Automatic vulnerability validation method
CN204906437U (en) * 2015-08-28 2015-12-23 深圳市华傲数据技术有限公司 Big data storage application network framework
CN107682302A (en) * 2016-08-02 2018-02-09 中国电信股份有限公司 Cross-site scripting attack detection method and device
CN107094094A (en) * 2017-04-13 2017-08-25 北京小米移动软件有限公司 Networking methods, device and the terminal of application program

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
洪军,黄志英: ""虚拟防火墙在云计算环境中的应用研究"", 《计算机与网络》 *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019184137A1 (en) * 2018-03-26 2019-10-03 平安科技(深圳)有限公司 Loophole detection method, device, computer apparatus, and storage medium
CN109040119A (en) * 2018-09-11 2018-12-18 腾讯科技(深圳)有限公司 A kind of leak detection method and device of intelligent building network
CN109040119B (en) * 2018-09-11 2020-09-29 腾讯科技(深圳)有限公司 Vulnerability detection method and device for intelligent building network
CN112217773A (en) * 2019-07-11 2021-01-12 中移(苏州)软件技术有限公司 Firewall rule processing method, device and storage medium
CN112217773B (en) * 2019-07-11 2022-07-01 中移(苏州)软件技术有限公司 Firewall rule processing method, device and storage medium
CN110290153A (en) * 2019-07-19 2019-09-27 国网安徽省电力有限公司信息通信分公司 A kind of automatic delivery method of Port Management strategy and device of firewall
CN110674506A (en) * 2019-09-10 2020-01-10 深圳开源互联网安全技术有限公司 Method and system for rapidly verifying vulnerability state of application program
CN110661804A (en) * 2019-09-29 2020-01-07 南京邮电大学 Stain analysis vulnerability detection method for firewall
CN110661804B (en) * 2019-09-29 2021-12-31 南京邮电大学 Stain analysis vulnerability detection method for firewall
CN111651773A (en) * 2020-08-05 2020-09-11 成都无糖信息技术有限公司 Automatic binary security vulnerability mining method

Also Published As

Publication number Publication date
WO2019184137A1 (en) 2019-10-03
CN108259514B (en) 2020-11-24

Similar Documents

Publication Publication Date Title
CN108259514A (en) Leak detection method, device, computer equipment and storage medium
US11283827B2 (en) Lateral movement strategy during penetration testing of a networked system
CN103607385B (en) Method and apparatus for security detection based on browser
US11196746B2 (en) Whitelisting of trusted accessors to restricted web pages
CN111294345B (en) Vulnerability detection method, device and equipment
US20190182286A1 (en) Identifying communicating network nodes in the presence of Network Address Translation
US7703127B2 (en) System for verifying a client request
US11206281B2 (en) Validating the use of user credentials in a penetration testing campaign
CN108769041A (en) Login method, system, computer equipment and storage medium
EP3224984A1 (en) Determine vulnerability using runtime agent and network sniffer
Giani et al. Data exfiltration and covert channels
CN105430011A (en) Method and device for detecting distributed denial of service attack
CN107241292B (en) Vulnerability detection method and device
CN110245505A (en) Tables of data access method, device, computer equipment and storage medium
US11503072B2 (en) Identifying, reporting and mitigating unauthorized use of web code
CN109547426B (en) Service response method and server
CN112131564A (en) Encrypted data communication method, apparatus, device, and medium
CN110880983A (en) Penetration testing method and device based on scene, storage medium and electronic device
CN104683327A (en) Method for detecting safety of user login interface of Android software
CN106250761B (en) Equipment, device and method for identifying web automation tool
CN109660552A (en) A kind of Web defence method combining address jump and WAF technology
Jajula et al. Review of Detection of Packets Inspection and Attacks in Network Security
CN114285626B (en) Honeypot attack chain construction method and honeypot system
Hajiali et al. Preventing phishing attacks using text and image watermarking
CN111314370A (en) Method and device for detecting service vulnerability attack behavior

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant