CN109214192B - Application system-oriented risk processing method and device - Google Patents

Application system-oriented risk processing method and device Download PDF

Info

Publication number
CN109214192B
CN109214192B CN201811244378.0A CN201811244378A CN109214192B CN 109214192 B CN109214192 B CN 109214192B CN 201811244378 A CN201811244378 A CN 201811244378A CN 109214192 B CN109214192 B CN 109214192B
Authority
CN
China
Prior art keywords
risk
value
vulnerability
determining
application system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811244378.0A
Other languages
Chinese (zh)
Other versions
CN109214192A (en
Inventor
王照文
邹帮山
秦旭果
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jilin Yillion Bank Co ltd
Original Assignee
Jilin Yillion Bank Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jilin Yillion Bank Co ltd filed Critical Jilin Yillion Bank Co ltd
Priority to CN201811244378.0A priority Critical patent/CN109214192B/en
Publication of CN109214192A publication Critical patent/CN109214192A/en
Application granted granted Critical
Publication of CN109214192B publication Critical patent/CN109214192B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application discloses a risk processing determining method and device for an application system, which can perform multi-dimensional safety detection on the application system by adopting various types of safety tools according to the asset condition of the application system, dynamically and comprehensively evaluate the current risk value of the application system, and determine a risk processing type according to the current risk value. By the application system-oriented risk processing and determining method and device, multi-dimensional security detection and unified risk processing can be achieved at the application system level, application system security problem discovery, correction and tracking are integrated in the process, and requirements of enterprise development on safety vulnerability management comprehensiveness, integrity and process are met.

Description

Application system-oriented risk processing method and device
Technical Field
The invention relates to the technical field of information security, in particular to a risk processing method and device for an application system.
Background
With the continuous development of internet technology, various security threats on the network are also endless, and how enterprises effectively discover and dispose of known vulnerabilities is always an important research topic in the field of network security.
The current network security products are generally security products with targeted fields, for example, basic environment vulnerability scanning products, source code security detection products, WEB security scanning products, APP security scanning products, etc. in the security detection field, the security field and direction of each product are different. Currently, there is no technology capable of performing all-around and multi-dimensional security detection and risk handling at the application system level.
Disclosure of Invention
In view of this, the present invention provides a risk processing method and apparatus for an application system, so as to perform multi-dimensional security detection and unified risk processing at an application system level.
In order to achieve the purpose, the invention provides the following technical scheme:
an application system-oriented risk processing determination method comprises the following steps:
determining a safety detection project based on asset information of an application system, and executing safety detection corresponding to the safety detection project;
generating system specification risk information based on the asset information and a detection result of the security detection;
determining an actual security vulnerability, the actual security vulnerability being determined based on the system specification risk information;
carrying out vulnerability reinforcement on the determined actual security vulnerability;
if the reinforcement is successful, returning to the step of determining a safety detection project based on the asset information and executing safety detection corresponding to the safety detection project;
if the reinforcement fails or no reinforcement exists, calculating the current risk value of the application system;
and determining a risk processing type according to the current risk value and a preset rule.
Optionally, the determining, based on the asset information of the application system, a security detection item, and performing security detection corresponding to the security detection item includes:
determining a safety detection project based on asset information of an application system, and executing safety detection corresponding to the safety detection project by adopting a plurality of safety tools;
which comprises the following steps: adopting different types of safety tools to carry out safety detection on the same safety detection project;
then the determining an actual security vulnerability includes:
and determining the same security vulnerability detected by at least 2 security tools as an actual security vulnerability.
Optionally, the determining an actual security vulnerability includes:
and determining the security vulnerability detected by only one security tool as an actual security vulnerability according to the determination information input by the user.
Optionally, the calculating the current risk value of the application system includes:
calculating the residual risk of the application system according to the risk level of the actual security vulnerability, the vulnerability object carrier value, the security level of the application system and the like;
and calculating and determining the current risk value of the application system according to the residual risk and the risk adjustment factor.
Optionally, the calculating the residual risk of the application system according to the risk level of the actual security vulnerability, the vulnerability object carrier value, the protection level of the application system, and the like includes:
and summing the risk values of the actual security vulnerabilities to obtain the residual risk of the application system, wherein the risk value is (vulnerability risk level, vulnerability object carrier value, application system protection level and the like).
Optionally, the calculating and determining the current risk value of the application system according to the residual risk and the risk adjustment factor includes:
calculating and determining the current risk value of the application system according to a formula risk value (residual risk) risk regulating factor;
the determining of the risk adjustment factor comprises:
determining the average value and the standard deviation value of the number of the vulnerabilities of each historical responsibility development company;
determining the current vulnerability number of a responsibility development company to which the application system belongs;
calculating a current vulnerability difference value, wherein the current vulnerability difference value is equal to (the current vulnerability number-the vulnerability number average value);
determining an adjusting value 1 according to the ratio of the current vulnerability difference value to the standard difference value of the vulnerability number;
respectively determining the average value and the standard deviation value of the rectification time of high risk, medium risk and low risk loophole of each historical responsibility development company;
respectively determining the current rectification time of high risk, medium risk and low risk loophole of a responsibility development company to which the application system belongs;
calculating current modification time difference values of high risk, medium risk and low risk respectively, wherein the current modification time difference value is (the current modification time-the average value of the modification time);
determining adjusting values 2 of different risk levels according to the ratio of the current modification time difference value of different risk levels to the standard difference value of the modification time of the corresponding risk level and the adjusting value 1, wherein the adjusting values 2 are a high risk adjusting value 2, a medium risk adjusting value 2 and a low risk adjusting value 2;
and determining a risk adjustment factor according to the high risk adjustment value 2, the medium risk adjustment value 2 and the low risk adjustment value 2 and a preset algorithm.
Optionally, the determining a risk processing type according to the current risk value and a preset rule includes:
and determining the risk processing type to be risk avoidance, risk reduction, risk transfer or risk acceptance according to the comparison result of the current risk value and a preset threshold value.
An application-oriented risk processing determination apparatus comprising:
the safety detection module is used for determining a safety detection project based on the asset information of the application system and executing safety detection corresponding to the safety detection project;
the information generation module is used for generating system specification risk information based on the asset information and the detection result of the safety detection;
the vulnerability determining module is used for determining an actual security vulnerability, and the actual security vulnerability is determined based on the system specification risk information;
the vulnerability reinforcing module is used for reinforcing the vulnerability of the determined actual security vulnerability;
the risk value calculation module is used for calculating the current risk value of the application system after the reinforcing of the vulnerability reinforcing module fails or when the actual security vulnerability is not reinforced;
and the processing determining module is used for determining the risk processing type according to the current risk value and a preset rule.
A computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, implements any of the application-system-oriented risk processing determination methods described above.
An electronic device, comprising:
a processor; and
a memory for storing executable instructions of the processor;
wherein the processor is configured to perform any of the application system oriented risk processing determination methods described above via execution of the executable instructions.
Compared with the prior art, the embodiment of the invention discloses a risk processing determining method and device for an application system, which can perform multi-dimensional safety monitoring on the application system by adopting various types of safety tools according to the asset condition of the application system, dynamically and comprehensively evaluate the current risk value of the application system, and determine the risk processing type according to the current risk value. By the application system-oriented risk processing determining method and device, multi-dimensional safety detection and unified risk processing can be achieved at the application system level, safety problems of the application system are found, rectified and tracked in the process, and requirements of enterprise development on safety detection comprehensiveness, integrity and process are met.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a risk processing determination method for an application system according to an embodiment of the present invention;
FIG. 2 is a flowchart of a method for calculating a current risk value according to an embodiment of the present invention;
FIG. 3 is a flowchart of determining a risk adjustment factor according to an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of an application system oriented risk processing determining apparatus according to an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of a risk value calculation module disclosed in the embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a flowchart of a risk processing determining method for an application system according to an embodiment of the present invention, and referring to fig. 1, the risk processing determining method for an application system may include:
step 101: and determining a safety detection project based on the asset information of the application system, and executing safety detection corresponding to the safety detection project.
In this step, the asset information of the application system may be collected first, and specifically, the asset information may be collected from the dimension of the application system in a manual entry manner or by linking with an existing asset management system. The asset information may include, but is not limited to, subject information such as asset ip, source code, operating system, middleware, database, open source component, application system access address/application system app, and information associated with the system, such as application developer, operating system administrator, database administrator, middleware administrator, and the like.
After the asset information of the application system is collected, different detection requirement values can be output according to the internal security management requirements of the enterprise and the attribute change of the application system, and a main body outputs whether to carry out security check scheduling of which dimensions. The security detection items are determined through conditions such as self-adaptive attributes (if app is not needed, app security detection selection is not needed, web security detection is not needed if web pages are not needed, source code security detection is not needed to be developed if passive codes are used), system level protection levels (such as detection of which dimensions need to be developed above 3 levels), whether services are provided for the internet (such as detection of app or web development, detection of only basic environment and source codes and the like which are not developed for the internet) and the like, namely, which security detection items need to be performed are determined. And then calling a corresponding security tool engine to execute a security detection process.
The security detection may include, but is not limited to, source code security detection, basic environment vulnerability scanning, basic environment security configuration checking, component security detection, web security detection, APP security detection, business logic testing, and the like.
In an illustrative example, the determining a security inspection item based on the asset information of the application system and performing a security inspection corresponding to the security inspection item may include: determining a safety detection project based on asset information of an application system, and executing safety detection corresponding to the safety detection project by adopting a plurality of safety tools. Which comprises the following steps: and adopting different types of safety tools to carry out safety detection on the same safety detection project. The safety detection method has the advantages that different types of safety tools are adopted to carry out safety detection on the same safety detection project, detection results of all the safety tools are comprehensively considered, safety detection results can be reduced or corrected, and the reliability of the detection results is integrally improved.
Step 102: and generating system specification risk information based on the asset information and the detection result of the safety detection.
In this embodiment, the fusion of the multi-vendor security detection tool system can be realized through the abstraction of the functions and the interfaces. But because the use scenes and input and output items of all the dimension detection functions are different, the detection tools (such as a web layer) of each dimension need to be separately subjected to normalized integration. Specifically, system specification risk information may be implemented by abstracting common interface capabilities and entries and input report (report) values. The system specification risk information can also comprise some asset information besides the detection results of the normalized safety detections. The system specification risk information may include information such as a system name, a vulnerability class, vulnerability detection time, a vulnerability point location, a rectification suggestion, and the like.
Step 103: and determining an actual security vulnerability, wherein the actual security vulnerability is determined based on the system specification risk information.
In an actual situation, due to the problem of different standards or accuracy of the security detection technology, a security hole detected by the security tool may not exist in the actual situation, and therefore, before the security hole is processed, the actual security hole needs to be determined.
Determining the actual security vulnerability may have different implementation manners, for example, on the premise that different types of security tools are used in the foregoing content to perform security detection on the same security detection item, determining the actual security vulnerability may include: and determining the same security vulnerability detected by at least 2 security tools as an actual security vulnerability. If at least two security tools determine the same security vulnerability, the possibility that the security vulnerability really exists is high.
In other implementations, determining the actual security breach can determine the actual security breach based on user input. Specifically, it may be: and determining the security vulnerability detected by only one security tool as an actual security vulnerability according to the determination information input by the user. In some cases, after a certain security hole is detected by the security tool, the related staff can determine that the security hole really exists according to the type of the security hole and the own experience, and determine that the security hole is an actual security hole through related input.
Step 104: and (3) reinforcing the determined actual security loophole, if reinforcement is successful, entering the step 101, and if reinforcement is failed or reinforcement is not performed, entering the step 105.
In this embodiment, for a determined actual security vulnerability, vulnerability reinforcement needs to be performed automatically/manually one by one, and if reinforcement is successful, the method returns to step 101, security detection is performed again, and new system specification risk information is output. If the reinforcement fails or is not reinforced, calculating the risk value of the application system is needed, and determining the subsequent processing according to the calculation result.
Step 105: calculating a current risk value of the application system.
The current risk value can be calculated and determined according to a preset algorithm according to the current actual security vulnerability condition of the application system.
Step 106: and determining a risk processing type according to the current risk value and a preset rule.
Several risk processing types may be divided according to the actual needs of the enterprise. In one implementation, the determining a risk processing type according to the current risk value and a preset rule may include: and determining the risk processing type to be risk avoidance, risk reduction, risk transfer or risk acceptance according to the comparison result of the current risk value and a preset threshold value. In this implementation, the risk processing types are divided into 4 types of avoiding risk, reducing risk, transferring risk and accepting risk, and then the corresponding preset threshold may include a threshold 1, a threshold 2 and a threshold 3, and when the current risk value is greater than or equal to the threshold 1, the risk processing type is determined to be an avoiding risk; determining a risk processing type as risk reduction when the current risk value is less than a threshold 1 and greater than or equal to a threshold 2; when the current risk value is smaller than a threshold value 2 and larger than or equal to a threshold value 3, determining that the risk processing type is a transfer risk; and when the current risk value is less than a threshold value 3, determining the risk processing type as a receiving risk.
In this embodiment, the application system-oriented risk processing determining method can implement multi-dimensional security detection and unified risk processing at an application system level, integrate discovery, rectification and tracking of security problems of an application system in the process, and meet requirements of enterprise development on comprehensiveness, integrity and process of security detection.
Fig. 2 is a flowchart of calculating a current risk value according to an embodiment of the present invention, and as shown in fig. 2, calculating the current risk value may include:
step 201: and calculating the residual risk of the application system according to the risk level of the actual security vulnerability, the vulnerability object carrier value, the security level of the application system and the like.
Specifically, calculating the residual risk of the application system may include: and summing the risk values of the actual security vulnerabilities to obtain the residual risk of the application system, wherein the risk value is (vulnerability risk level, vulnerability object carrier value, application system protection level and the like). E.g., vulnerability risk level: the scores for high risk, medium risk and low risk are 4, 2, 1, respectively; vulnerability object carrier: the service application, the basic environment and the code program are respectively 3, 2 and 1; the scores of 4 grades, 3 grades and 2 grades of the equal security grade of the application system are respectively 3, 2 and 1; if the risk level of an actual security vulnerability is medium, the vulnerability object carrier is a business application, and the security level of an application system is 2, the risk value is 2 × 3 × 1 ═ 6.
Step 202: and calculating and determining the current risk value of the application system according to the residual risk and the risk adjustment factor.
Specifically, the current risk value of the application system may be determined by calculation according to a formula risk value (residual risk) risk adjustment factor.
Fig. 3 is a flowchart of determining a risk adjustment factor according to an embodiment of the present invention, and as shown in fig. 3, the determining of the risk adjustment factor may include:
step 301: and determining the average value and the standard deviation value sigma of the vulnerability number of each historical responsibility development company.
Step 302: and determining the current vulnerability number of the responsibility development company to which the application system belongs.
Step 303: and calculating a current vulnerability difference value, wherein the current vulnerability difference value is equal to (the current vulnerability number-the average value of the vulnerability number).
Step 304: and determining an adjusting value 1 according to the ratio of the current vulnerability difference value to the standard difference value of the vulnerability quantity.
For example, if within the 1 σ interval, the adjusted value 1 ═ initial value ═ 1.5 (which may be adjusted according to intra-enterprise security management requirements);
if in the 2 σ interval, the adjustment value 1-initial value-2.5 (can be adjusted according to the safety management requirement in the enterprise);
if the range is 3 sigma and above, adjusting the value 1-4 (which can be adjusted according to the safety management requirement in the enterprise);
if in the-1 sigma interval, the regulated value 1-0.6 (can be regulated according to the safety management requirement in the enterprise);
if in the-2 sigma interval, adjusting value 1-initial value 0.4 (can be adjusted according to the safety management requirement in the enterprise);
if the range is-3 sigma and below, the adjusting value 1 is 0.25 (can be adjusted according to the safety management requirement in the enterprise).
Step 305: and respectively determining the average value and the standard deviation value of the rectification time of high risk, medium risk and low risk loophole of each historical responsibility development company.
Step 306: and respectively determining the current rectification time of high-risk, medium-risk and low-risk vulnerabilities of the responsibility development company to which the application system belongs.
Step 307: the current modification time difference values of high risk, medium risk and low risk are calculated, respectively, which are (current modification time-average of modification times).
Step 308: and determining the adjusting values 2 of different risk levels according to the ratio of the current modification time difference value of different risk levels to the standard difference value of the modification time of the corresponding risk level and the adjusting value 1, wherein the adjusting values 2 are respectively a high risk adjusting value 2, a medium risk adjusting value 2 and a low risk adjusting value 2.
Wherein, the adjustment value 2 is the adjustment value 1X (X may be adjusted according to the requirement of security management in an enterprise), and when the ratio of the current modification time difference to the standard difference of the modification time is in the standard difference σ interval of different modification times, the value of X is different, see the description of the adjustment value 1 introduced in the above.
Step 309: and determining a risk adjustment factor according to the high risk adjustment value 2, the medium risk adjustment value 2 and the low risk adjustment value 2 and a preset algorithm.
The risk adjustment factor is high risk adjustment value 2 × 0.6+ medium risk adjustment value 2 × 0.3+ low risk adjustment value 2 × 0.1, and of course, 0.6, 0.3, 0.1, etc. may be implemented differently, such as 0.7, 0.2, 0.1, or 0.5, 0.3, 0.2, specifically, may be adjusted according to the needs of the enterprise, and only the sum of 3 values needs to be ensured to be 1, and the proportion parameter multiplied by high risk adjustment value 2 is the largest, and the proportion parameter multiplied by low risk adjustment value 2 is the smallest.
In the embodiment, the risk adjustment factor is determined by combining the real-time dynamic current number of vulnerabilities and the dynamic change of the current truing time based on the vulnerability condition and the truing time of a historical responsibility development company, and has comprehensive evaluation. The risk regulation factor can be published to related responsibility development companies, which is beneficial to urging the responsibility development companies to reduce the number of vulnerabilities and timely amend, and the security maturity of enterprises is integrally improved.
While, for purposes of simplicity of explanation, the foregoing method embodiments have been described as a series of acts or combination of acts, it will be appreciated by those skilled in the art that the present invention is not limited by the illustrated ordering of acts, as some steps may occur in other orders or concurrently with other steps in accordance with the invention. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required by the invention.
The method is described in detail in the embodiments disclosed above, and the method of the present invention can be implemented by various types of apparatuses, so that the present invention also discloses an apparatus, and the following detailed description will be given of specific embodiments.
Fig. 4 is a schematic structural diagram of an application-oriented risk processing determining apparatus according to an embodiment of the present invention, and referring to fig. 4, an application-oriented risk processing determining apparatus 40 may include:
and the security detection module 401 is configured to determine a security detection item based on the asset information of the application system, and perform security detection corresponding to the security detection item.
In this embodiment, the asset information of the application system may be collected first, and specifically, the asset information may be collected from the dimension of the application system in a manual entry manner or by linking with an existing asset management system. The asset information may include, but is not limited to, subject information such as asset ip, source code, operating system, middleware, database, open source component, application system access address/application system app, and information associated with the system, such as application developer, operating system administrator, database administrator, middleware administrator, and the like.
After the asset information of the application system is collected, different detection requirement values can be output according to the internal security management requirements of the enterprise and the attribute change of the application system, and a main body outputs whether to carry out security check scheduling of which dimensions. The security detection items are determined through conditions such as self-adaptive attributes (if app is not needed, app security detection selection is not needed, web security detection is not needed if web pages are not needed, source code security detection is not needed to be developed if passive codes are used), system level protection levels (such as detection of which dimensions need to be developed above 3 levels), whether services are provided for the internet (such as detection of app or web development, detection of only basic environment and source codes and the like which are not developed for the internet) and the like, namely, which security detection items need to be performed are determined. And then calling a corresponding security tool engine to execute a security detection process.
The security detection may include, but is not limited to, source code security detection, basic environment vulnerability scanning, basic environment security configuration checking, component security detection, web security detection, APP security detection, business logic testing, and the like.
In an illustrative example, the security detection module 401 may be specifically configured to: determining a safety detection project based on asset information of an application system, and executing safety detection corresponding to the safety detection project by adopting a plurality of safety tools. Which comprises the following steps: and adopting different types of safety tools to carry out safety detection on the same safety detection project. The safety detection method has the advantages that different types of safety tools are adopted to carry out safety detection on the same safety detection project, detection results of all the safety tools are comprehensively considered, safety detection results can be reduced or corrected, and the reliability of the detection results is integrally improved.
An information generating module 402, configured to generate system specification risk information based on the asset information and the detection result of the security detection.
In this embodiment, the fusion of the multi-vendor security detection tool system can be realized through the abstraction of the functions and the interfaces. But because the use scenes and input and output items of all the dimension detection functions are different, the detection tools (such as a web layer) of each dimension need to be separately subjected to normalized integration. Specifically, system specification risk information may be implemented by abstracting common interface capabilities and entries and input report (report) values. The system specification risk information can also comprise some asset information besides the detection results of the normalized safety detections. The system specification risk information may include information such as a system name, a vulnerability class, vulnerability detection time, a vulnerability point location, a rectification suggestion, and the like.
A vulnerability determining module 403, configured to determine an actual security vulnerability, where the actual security vulnerability is determined based on the system specification risk information.
In an actual situation, due to the problem of different standards or accuracy of the security detection technology, a security hole detected by the security tool may not exist in the actual situation, and therefore, before the security hole is processed, the actual security hole needs to be determined.
The actual security vulnerability may be determined in different implementation manners, for example, on the premise that different types of security tools are used in the foregoing content to perform security detection on the same security detection item, the vulnerability determination module 403 may be specifically configured to: and determining the same security vulnerability detected by at least 2 security tools as an actual security vulnerability. If at least two security tools determine the same security vulnerability, the possibility that the security vulnerability really exists is high.
In other implementations, determining the actual security breach can determine the actual security breach based on user input. Specifically, it may be: and determining the security vulnerability detected by only one security tool as an actual security vulnerability according to the determination information input by the user. In some cases, after a certain security hole is detected by the security tool, the related staff can determine that the security hole really exists according to the type of the security hole and the own experience, and determine that the security hole is an actual security hole through related input.
And a vulnerability reinforcing module 404, configured to perform vulnerability reinforcement on the determined actual security vulnerability.
In this embodiment, for a determined actual security vulnerability, vulnerability reinforcement needs to be performed automatically/manually one by one, and if reinforcement is successful, the security detection module 401 is returned, security detection is performed again, and new system specification risk information is output. If the reinforcement fails or is not reinforced, calculating the risk value of the application system is needed, and determining the subsequent processing according to the calculation result.
And the risk value calculation module 405 is configured to calculate a current risk value of the application system after the vulnerability reinforcing module fails to reinforce or when an actual security vulnerability is not reinforced.
The current risk value can be calculated and determined according to a preset algorithm according to the current actual security vulnerability condition of the application system.
And a processing determining module 406, configured to determine a risk processing type according to the current risk value and a preset rule.
Several risk processing types may be divided according to the actual needs of the enterprise. In one implementation, the processing determination module 406 is specifically configured to: and determining the risk processing type to be risk avoidance, risk reduction, risk transfer or risk acceptance according to the comparison result of the current risk value and a preset threshold value. In this implementation, the risk processing types are divided into 4 types of avoiding risk, reducing risk, transferring risk and accepting risk, and then the corresponding preset threshold may include a threshold 1, a threshold 2 and a threshold 3, and when the current risk value is greater than or equal to the threshold 1, the risk processing type is determined to be an avoiding risk; determining a risk processing type as risk reduction when the current risk value is less than a threshold 1 and greater than or equal to a threshold 2; when the current risk value is smaller than a threshold value 2 and larger than or equal to a threshold value 3, determining that the risk processing type is a transfer risk; and when the current risk value is less than a threshold value 3, determining the risk processing type as a receiving risk.
In this embodiment, the risk processing and determining device for the application system can implement multi-dimensional security detection and unified risk processing at the application system level, integrate discovery, rectification and tracking of the security problems of the application system in the process, and meet the requirements of enterprise development on comprehensiveness, integrity and process of security detection.
Fig. 5 is a schematic structural diagram of a risk value calculation module disclosed in the embodiment of the present invention, and as shown in fig. 5, the risk value calculation module 405 may include:
and the residual risk calculation module 501 is configured to calculate the residual risk of the application system according to the risk level of the actual security vulnerability, the vulnerability object carrier value, the security level of the application system, and the like.
Specifically, calculating the residual risk of the application system may include: and summing the risk values of the actual security vulnerabilities to obtain the residual risk of the application system, wherein the risk value is (vulnerability risk level, vulnerability object carrier value, application system protection level and the like). E.g., vulnerability risk level: the scores for high risk, medium risk and low risk are 4, 2, 1, respectively; vulnerability object carrier: the service application, the basic environment and the code program are respectively 3, 2 and 1; the scores of 4 grades, 3 grades and 2 grades of the equal security grade of the application system are respectively 3, 2 and 1; if the risk level of an actual security vulnerability is medium, the vulnerability object carrier is a business application, and the security level of an application system is 2, the risk value is 2 × 3 × 1 ═ 6.
And a risk value calculation operator module 502, configured to calculate and determine a current risk value of the application system according to the residual risk and the risk adjustment factor.
Specifically, the current risk value of the application system may be determined by calculation according to a formula risk value (residual risk) risk adjustment factor.
In the embodiment, the risk adjustment factor is determined by combining the real-time dynamic current number of vulnerabilities and the dynamic change of the current truing time based on the vulnerability condition and the truing time of a historical responsibility development company, and has comprehensive evaluation. The risk regulation factor can be published to related responsibility development companies, which is beneficial to urging the responsibility development companies to reduce the number of vulnerabilities and timely amend, and the security maturity of enterprises is integrally improved.
The risk processing and determining device for any application system in the above embodiments includes a processor and a memory, where the security detection module, the information generation module, the vulnerability determination module, the vulnerability reinforcement module, the risk value calculation module, the processing and determining module, and the like in the above embodiments are all stored in the memory as program modules, and the processor executes the program modules stored in the memory to implement corresponding functions.
The processor comprises a kernel, and the kernel calls the corresponding program module from the memory. The kernel can be provided with one or more, and the processing of the return visit data is realized by adjusting the kernel parameters.
The memory may include volatile memory in a computer readable medium, Random Access Memory (RAM) and/or nonvolatile memory such as Read Only Memory (ROM) or flash memory (flash RAM), and the memory includes at least one memory chip.
An embodiment of the present invention provides a storage medium, on which a program is stored, where the program, when executed by a processor, implements the risk processing determination method for an application system described in the above embodiments.
The embodiment of the invention provides a processor, wherein the processor is used for running a program, and the risk processing determining method for an application system in the embodiment is executed when the program runs.
Further, the present embodiment provides an electronic device, which includes a processor and a memory. Wherein the memory is used for storing executable instructions of the processor, and the processor is configured to execute the risk processing determination method for the application system described in the above embodiments via executing the executable instructions.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
It is further noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (9)

1. An application-oriented risk processing determination method is characterized by comprising the following steps:
determining a safety detection project based on asset information of an application system, and executing safety detection corresponding to the safety detection project;
generating system specification risk information based on the asset information and a detection result of the security detection;
determining an actual security vulnerability, the actual security vulnerability being determined based on the system specification risk information;
carrying out vulnerability reinforcement on the determined actual security vulnerability;
if the reinforcement is successful, returning to the step of determining a safety detection project based on the asset information and executing safety detection corresponding to the safety detection project;
if the reinforcement fails or is not reinforced, calculating the residual risk of the application system according to the risk level of the actual security vulnerability, the vulnerability object carrier value, the protection level of the application system and the like, wherein the vulnerability object carrier comprises a business application, a basic environment and a code program;
calculating and determining a current risk value of the application system according to the residual risk and a risk adjustment factor, wherein the determination of the risk adjustment factor comprises: determining the average value and the standard deviation value of the number of the vulnerabilities of each historical responsibility development company; determining the current vulnerability number of a responsibility development company to which the application system belongs; calculating a current vulnerability difference value, wherein the current vulnerability difference value is equal to (the current vulnerability number-the vulnerability number average value); determining an adjusting value 1 according to the ratio of the current vulnerability difference value to the standard difference value of the vulnerability number; respectively determining the average value and the standard deviation value of the rectification time of high risk, medium risk and low risk loophole of each historical responsibility development company; respectively determining the current rectification time of high risk, medium risk and low risk loophole of a responsibility development company to which the application system belongs; calculating current modification time difference values of high risk, medium risk and low risk respectively, wherein the current modification time difference value is (the current modification time-the average value of the modification time); determining adjusting values 2 of different risk levels according to the ratio of the current modification time difference value of different risk levels to the standard difference value of the modification time of the corresponding risk level and the adjusting value 1, wherein the adjusting values 2 are a high risk adjusting value 2, a medium risk adjusting value 2 and a low risk adjusting value 2; determining a risk adjustment factor according to the high risk adjustment value 2, the medium risk adjustment value 2, the low risk adjustment value 2 and a preset algorithm;
and determining a risk processing type according to the current risk value and a preset rule.
2. The application-system-oriented risk processing determination method according to claim 1, wherein determining a security detection item based on asset information of an application system and performing security detection corresponding to the security detection item includes:
determining a safety detection project based on asset information of an application system, and executing safety detection corresponding to the safety detection project by adopting a plurality of safety tools;
which comprises the following steps: adopting different types of safety tools to carry out safety detection on the same safety detection project;
then the determining an actual security vulnerability includes:
and determining the same security vulnerability detected by at least 2 security tools as an actual security vulnerability.
3. The application-system-oriented risk processing determination method according to claim 1, wherein the determining an actual security vulnerability includes:
and determining the security vulnerability detected by only one security tool as an actual security vulnerability according to the determination information input by the user.
4. The application-system-oriented risk processing determination method according to claim 1, wherein the calculating of the residual risk of the application system according to the risk level of the actual security vulnerability, the vulnerability object carrier value, and the security level of the application system comprises:
and summing the risk values of the actual security vulnerabilities to obtain the residual risk of the application system, wherein the risk value is (vulnerability risk level, vulnerability object carrier value, application system protection level and the like).
5. The method for determining risk processing facing an application system according to claim 1, wherein the calculating and determining the current risk value of the application system according to the residual risk and the risk adjustment factor comprises:
and calculating and determining the current risk value of the application system according to a formula risk value (residual risk) risk regulating factor.
6. The method for determining risk processing oriented to an application system according to claim 1, wherein the determining a risk processing type according to the current risk value and a preset rule includes:
and determining the risk processing type to be risk avoidance, risk reduction, risk transfer or risk acceptance according to the comparison result of the current risk value and a preset threshold value.
7. An application-oriented risk processing determination apparatus, comprising:
the safety detection module is used for determining a safety detection project based on the asset information of the application system and executing safety detection corresponding to the safety detection project;
the information generation module is used for generating system specification risk information based on the asset information and the detection result of the safety detection;
the vulnerability determining module is used for determining an actual security vulnerability, and the actual security vulnerability is determined based on the system specification risk information;
the vulnerability reinforcing module is used for reinforcing the vulnerability of the determined actual security vulnerability;
the risk value calculation module is used for calculating the residual risk of the application system according to the risk level of the actual security vulnerability, the vulnerability object carrier value, the protection level of the application system and the like after the vulnerability reinforcing module fails to reinforce or when the actual security vulnerability is not reinforced, and calculating and determining the current risk value of the application system according to the residual risk and the risk adjustment factor, wherein the vulnerability object carrier comprises a business application, a basic environment and a code program, and the determination of the risk adjustment factor comprises the following steps: determining the average value and the standard deviation value of the number of the vulnerabilities of each historical responsibility development company; determining the current vulnerability number of a responsibility development company to which the application system belongs; calculating a current vulnerability difference value, wherein the current vulnerability difference value is equal to (the current vulnerability number-the vulnerability number average value); determining an adjusting value 1 according to the ratio of the current vulnerability difference value to the standard difference value of the vulnerability number; respectively determining the average value and the standard deviation value of the rectification time of high risk, medium risk and low risk loophole of each historical responsibility development company; respectively determining the current rectification time of high risk, medium risk and low risk loophole of a responsibility development company to which the application system belongs; calculating current modification time difference values of high risk, medium risk and low risk respectively, wherein the current modification time difference value is (the current modification time-the average value of the modification time); determining adjusting values 2 of different risk levels according to the ratio of the current modification time difference value of different risk levels to the standard difference value of the modification time of the corresponding risk level and the adjusting value 1, wherein the adjusting values 2 are a high risk adjusting value 2, a medium risk adjusting value 2 and a low risk adjusting value 2; determining a risk adjustment factor according to the high risk adjustment value 2, the medium risk adjustment value 2, the low risk adjustment value 2 and a preset algorithm;
and the processing determining module is used for determining the risk processing type according to the current risk value and a preset rule.
8. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, implements the application system oriented risk processing determination method according to any one of claims 1 to 6.
9. An electronic device, comprising:
a processor; and
a memory for storing executable instructions of the processor;
wherein the processor is configured to perform the application system oriented risk processing determination method of any of claims 1-6 via execution of the executable instructions.
CN201811244378.0A 2018-10-24 2018-10-24 Application system-oriented risk processing method and device Active CN109214192B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811244378.0A CN109214192B (en) 2018-10-24 2018-10-24 Application system-oriented risk processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811244378.0A CN109214192B (en) 2018-10-24 2018-10-24 Application system-oriented risk processing method and device

Publications (2)

Publication Number Publication Date
CN109214192A CN109214192A (en) 2019-01-15
CN109214192B true CN109214192B (en) 2021-01-29

Family

ID=64996544

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811244378.0A Active CN109214192B (en) 2018-10-24 2018-10-24 Application system-oriented risk processing method and device

Country Status (1)

Country Link
CN (1) CN109214192B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112699090B (en) * 2020-12-23 2024-05-14 北京北信源软件股份有限公司 Log auditing method and device, electronic equipment and storage medium
CN113037766A (en) * 2021-03-23 2021-06-25 中通服创发科技有限责任公司 Comprehensive evaluation method for asset safety and health degree under multiple scenes
CN113343243A (en) * 2021-04-29 2021-09-03 浙江乾冠信息安全研究院有限公司 Organization risk assessment method and device, electronic equipment and medium
CN116522350A (en) * 2023-07-05 2023-08-01 中电科新型智慧城市研究院有限公司 Application program detection method, device, terminal equipment and readable storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107122664A (en) * 2016-02-24 2017-09-01 阿里巴巴集团控股有限公司 Safety protecting method and device
CN107766728A (en) * 2017-08-28 2018-03-06 国家电网公司 Mobile application security managing device, method and mobile operation safety protection system
CN108494727A (en) * 2018-02-06 2018-09-04 成都清华永新网络科技有限公司 A kind of security incident closed-loop process method for network security management

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104809404B (en) * 2015-04-17 2018-03-20 广东电网有限责任公司信息中心 A kind of data layer system of information security attack-defence platform
US10284589B2 (en) * 2016-10-31 2019-05-07 Acentium Inc. Methods and systems for ranking, filtering and patching detected vulnerabilities in a networked system
CN106598842A (en) * 2016-11-10 2017-04-26 乐视控股(北京)有限公司 Code detection method and device and electronic equipment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107122664A (en) * 2016-02-24 2017-09-01 阿里巴巴集团控股有限公司 Safety protecting method and device
CN107766728A (en) * 2017-08-28 2018-03-06 国家电网公司 Mobile application security managing device, method and mobile operation safety protection system
CN108494727A (en) * 2018-02-06 2018-09-04 成都清华永新网络科技有限公司 A kind of security incident closed-loop process method for network security management

Also Published As

Publication number Publication date
CN109214192A (en) 2019-01-15

Similar Documents

Publication Publication Date Title
CN109214192B (en) Application system-oriented risk processing method and device
CN109472005B (en) Data credibility assessment method, device, equipment and storage medium
US20120259753A1 (en) System and method for managing collaborative financial fraud detection logic
US8997256B1 (en) Systems and methods for detecting copied computer code using fingerprints
US8108388B2 (en) Significant change search alerts
Prat et al. Measuring data believability: A provenance approach
CN103164331B (en) A kind of leak detection method of application program and device
CN108416665B (en) Data interaction method and device, computer equipment and storage medium
CN112559023B (en) Method, device and equipment for predicting change risk and readable storage medium
Schermann et al. Discovering loners and phantoms in commit and issue data
US9319420B1 (en) Cyber intelligence clearinghouse
US20220276860A1 (en) Methods and systems for automated open source software reuse scoring
CN111782456A (en) Anomaly detection method and device, computer equipment and storage medium
Pecchia et al. Assessing invariant mining techniques for cloud-based utility computing systems
Abe et al. Business monitoring framework for process discovery with real-life logs
Arima et al. A study on inappropriately partitioned commits: How much and what kinds of ip commits in java projects?
CN115511644A (en) Processing method for target policy, electronic device and readable storage medium
CN115018124A (en) Data prediction method, system, device and storage medium
CN114676027A (en) Data processing method and device, electronic equipment and storage medium
US9098613B2 (en) Logging of application messages
CN106161542A (en) A kind of data download method and device
CN111538491A (en) Data event processing method, device, equipment and storage medium
CN113141394B (en) Resource allocation method and device, electronic equipment and storage medium
Masmali et al. Code quality metrics derived from software design
US20080307395A1 (en) Providing Registration of a Communication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant