CN111125708A - Vulnerability detection method and device - Google Patents

Vulnerability detection method and device Download PDF

Info

Publication number
CN111125708A
CN111125708A CN201911166068.6A CN201911166068A CN111125708A CN 111125708 A CN111125708 A CN 111125708A CN 201911166068 A CN201911166068 A CN 201911166068A CN 111125708 A CN111125708 A CN 111125708A
Authority
CN
China
Prior art keywords
security
vulnerability
information
test information
test
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911166068.6A
Other languages
Chinese (zh)
Other versions
CN111125708B (en
Inventor
秦旭果
韩秀文
王照文
邹帮山
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jilin Yillion Bank Co ltd
Original Assignee
Jilin Yillion Bank Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jilin Yillion Bank Co ltd filed Critical Jilin Yillion Bank Co ltd
Priority to CN201911166068.6A priority Critical patent/CN111125708B/en
Publication of CN111125708A publication Critical patent/CN111125708A/en
Application granted granted Critical
Publication of CN111125708B publication Critical patent/CN111125708B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention relates to the technical field of network security, and particularly provides a vulnerability detection method and a vulnerability detection device, wherein the method comprises the following steps: calling a preset IAST algorithm, and carrying out safety test on the application system to obtain first test information; calling a preset DAST algorithm, and carrying out attack verification on each security vulnerability in the first test information to obtain second test information; comparing each security vulnerability in the first test information with each security vulnerability verified as real in the second test information to obtain initial vulnerability detection information; calling a preset SAST algorithm, traversing all source codes of the application system, and obtaining third test information; and comparing all security vulnerabilities in the initial vulnerability detection information with all security vulnerabilities in the third test information to obtain final vulnerability detection information. On the basis of meeting the vulnerability detection coverage, the false alarm is reduced, enough vulnerability information is provided, and the vulnerability repair efficiency is improved.

Description

Vulnerability detection method and device
Technical Field
The invention relates to the technical field of network security, in particular to a vulnerability detection method and device.
Background
With the continuous development of science and technology, a plurality of emerging internet information technologies are continuously emerging, and various application systems are generated in order to facilitate the operation of various users. In the running process of an application system, some bugs often appear, and the bugs are defects existing in hardware, software, specific implementation of a protocol or system security strategies. An attacker can exploit these vulnerabilities to gain access to or destroy the system without authorization. Therefore, before the application system is put into use, various security detection technologies are generally required to be used to detect the vulnerability of the application system, so as to reduce the damage probability of an attacker to the system through the vulnerability and improve the security of the system.
The inventor researches and discovers that in the process of detecting the vulnerability by using the existing application program safety detection technology, the conditions of missing detection and false detection of some vulnerabilities exist, so that the vulnerability of the application system is not detected comprehensively or more false alarms exist, the application system has potential safety hazards after being put into use, and the safety performance is not high.
Disclosure of Invention
The invention aims to provide a vulnerability detection method, which is used for solving the problems of missing detection and false detection of security vulnerabilities existing in an application system due to the use of the existing security detection technology, improving vulnerability detection rate, obtaining more vulnerabilities and reducing vulnerability false alarm rate.
The invention also provides a vulnerability detection device for ensuring the realization and application of the method in practice.
A vulnerability detection method, comprising:
calling a preset IAST (interactive application program security test) algorithm to perform security test on an application system to obtain first test information, wherein the first test information comprises security holes generated in the running process of the application system;
calling a preset DAST algorithm for the security test of the dynamic application program, and carrying out attack verification on each security hole in the first test information to obtain second test information, wherein the second test information contains the security hole which is verified to be real;
comparing each security vulnerability in the first test information with each security vulnerability verified to be real in the second test information to obtain initial vulnerability detection information of the application system in the operation process, wherein the initial vulnerability detection information comprises the security vulnerabilities determined to be real in the first test information and the security vulnerabilities determined to be false alarms; the real security loophole is a security loophole which is in the first test information and is consistent with the second test information in comparison, and the security loophole which is determined to be false alarm is a security loophole which is not in the first test information and is consistent with the second test information in comparison;
calling a preset static application program security test SAST algorithm according to the initial vulnerability detection information, traversing all source codes of the application system, and obtaining third test information, wherein the third test information comprises security vulnerabilities obtained by analyzing the source codes;
comparing all security vulnerabilities in the initial vulnerability detection information with all security vulnerabilities in the third test information to obtain final vulnerability detection information of the application system in the operation process, wherein the final vulnerability detection information comprises the security vulnerabilities determined to be real in the initial vulnerability detection information, the security vulnerabilities determined to be false reports in the initial vulnerability detection information and the security vulnerabilities to be determined in the third test information.
Optionally, the invoking a preset dynamic application security test DAST algorithm to perform attack verification on each security vulnerability in the first test information includes:
acquiring vulnerability description information of each security vulnerability in the first test information;
and calling a preset DAST algorithm, and carrying out attack verification on each security vulnerability in the first test information according to vulnerability description information of each security vulnerability in the first test information.
Optionally, the method for obtaining initial vulnerability detection information of the application system in the operation process by comparing each security vulnerability in the first test information with each security vulnerability verified as true in the second test information includes:
respectively extracting first identification information of each security hole in the first test information and second identification information of each security hole verified to be real in the second test information;
calculating each piece of first identification information and each piece of second identification information by adopting a preset hash value algorithm to obtain a first hash value corresponding to each piece of first identification information and a second hash value corresponding to each piece of second identification information;
comparing each first hash value with each second hash value respectively;
determining the security vulnerability corresponding to the successfully compared first hash value as a real security vulnerability, and determining the security vulnerability corresponding to the unsuccessfully compared first hash value as a false-alarm security vulnerability;
and obtaining the initial vulnerability detection information according to the determined real security vulnerabilities and the determined false-alarm security vulnerabilities.
Optionally, in the method, the step of comparing all security vulnerabilities in the initial vulnerability detection information with each security vulnerability in the third test information to obtain final vulnerability detection information of the application system in the operation process includes:
acquiring first vulnerability identifications of all security vulnerabilities in the initial vulnerability detection information and second vulnerability identifications of all security vulnerabilities in the third test information;
comparing each first vulnerability identification with each second vulnerability identification;
when the security loophole corresponding to the successfully-compared first loophole identification is a real security loophole, determining the security loophole corresponding to the corresponding second loophole identification as a real security loophole, and when the security loophole corresponding to the successfully-compared first loophole identification is a false-reported security loophole, determining the security loophole corresponding to the corresponding second loophole identification as a false-reported security loophole;
determining the security vulnerabilities corresponding to the second vulnerability identifications which are not successfully compared as the security vulnerabilities to be determined;
and obtaining the final vulnerability detection information according to the determined real security vulnerabilities, the determined false-alarm security vulnerabilities and the determined to-be-determined security vulnerabilities.
The above method, optionally, further includes:
and determining and repairing the security vulnerability determined to be real in the final vulnerability detection information according to a preset repairing strategy, and sending the security vulnerability to be determined in the third test information to a client so as to enable the client to complete auditing.
A vulnerability detection apparatus, comprising:
the system comprises a first calling unit, a second calling unit and a third calling unit, wherein the first calling unit is used for calling a preset interactive application program safety test IAST algorithm, carrying out safety test on an application system and obtaining first test information, and the first test information comprises a safety hole generated in the running process of the application system;
a second calling unit, configured to call a preset dynamic application security test DAST algorithm, perform attack verification on each security vulnerability in the first test information, and obtain second test information, where the second test information includes a security vulnerability that has been verified to be true;
the first comparison unit is used for comparing each security vulnerability in the first test information with each security vulnerability verified as real in the second test information to obtain initial vulnerability detection information of the application system in the running process, wherein the initial vulnerability detection information comprises the security vulnerabilities determined as real in the first test information and the security vulnerabilities determined as false alarms; the real security loophole is a security loophole which is in the first test information and is consistent with the second test information in comparison, and the security loophole which is determined to be false alarm is a security loophole which is not in the first test information and is consistent with the second test information in comparison;
a third calling unit, configured to call a preset static application program security test (SAST) algorithm according to the initial vulnerability detection information, traverse all source codes of the application system, and obtain third test information, where the third test information includes a security vulnerability obtained by analyzing the source codes;
and the second comparison unit is used for comparing all security vulnerabilities in the initial vulnerability detection information with all security vulnerabilities in the third test information to obtain final vulnerability detection information of the application system in the operation process, wherein the final vulnerability detection information comprises the security vulnerabilities determined to be real in the initial vulnerability detection information, the security vulnerabilities determined to be false reports in the initial vulnerability detection information and the security vulnerabilities to be determined in the third test information.
Optionally, the above apparatus, where the second invoking unit includes:
the first obtaining subunit is configured to obtain vulnerability description information of each security vulnerability in the first test information;
and the attack subunit is used for calling the preset DAST algorithm and carrying out attack verification on each security vulnerability in the first test information according to the vulnerability description information of each security vulnerability in the first test information.
The above apparatus, optionally, the first comparing unit includes:
the extraction subunit is configured to extract first identification information of each security vulnerability in the first test information and second identification information of each security vulnerability verified as true in the second test information, respectively;
the calculating subunit is configured to calculate each piece of the first identification information and each piece of the second identification information by using a preset hash value algorithm, so as to obtain a first hash value corresponding to each piece of the first identification information and a second hash value corresponding to each piece of the second identification information;
the first comparison subunit is configured to compare each first hash value with each second hash value respectively;
and the first determining subunit is used for determining the security vulnerability corresponding to the first hash value which is successfully compared as a real security vulnerability, and determining the security vulnerability corresponding to the first hash value which is not successfully compared as a false-alarm security vulnerability.
The above apparatus, optionally, the second comparing unit includes:
the second obtaining subunit is configured to obtain first vulnerability identifications of all security vulnerabilities in the initial vulnerability detection information, and second vulnerability identifications of all security vulnerabilities in the third test information;
the second comparison subunit is used for comparing each first vulnerability identification with each second vulnerability identification respectively;
the second determining subunit is configured to determine, when the security vulnerability corresponding to the successfully-compared first vulnerability identifier is a real security vulnerability, the security vulnerability corresponding to the second vulnerability identifier corresponding to the successfully-compared first vulnerability identifier is a real security vulnerability, and when the security vulnerability corresponding to the successfully-compared first vulnerability identifier is a false-reported security vulnerability, determine, as a false-reported security vulnerability, the security vulnerability corresponding to the second vulnerability identifier corresponding to the successfully-compared first vulnerability identifier;
and the third determining subunit is used for determining the security vulnerabilities corresponding to the second vulnerability identifications which are not successfully compared as the security vulnerabilities to be determined.
The above apparatus, optionally, further comprises:
and the repairing unit is used for determining and repairing the security vulnerability determined to be real in the final vulnerability detection information according to a preset repairing strategy, and sending the security vulnerability to be determined in the third test information to a client so as to enable the client to finish auditing.
Compared with the prior art, the invention has the following advantages:
the invention provides a vulnerability detection method, which comprises the following steps: calling a preset IAST algorithm, and carrying out safety test on the application system to obtain first test information; calling a preset DAST algorithm, and carrying out attack verification on each security vulnerability in the first test information to obtain second test information; comparing each security vulnerability in the first test information with each security vulnerability verified as real in the second test information to obtain initial vulnerability detection information; calling a preset SAST algorithm, traversing all source codes of the application system, and obtaining third test information; and comparing all security vulnerabilities in the initial vulnerability detection information with all security vulnerabilities in the third test information to obtain final vulnerability detection information. By applying the method provided by the invention, on the basis of meeting the vulnerability detection coverage, the false alarm is reduced, and enough vulnerability information is provided so as to be convenient for repairing the vulnerability existing in the application system, thereby improving the vulnerability repairing efficiency.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a flowchart of a method for vulnerability detection provided by the present invention;
FIG. 2 is a flowchart of another method of a vulnerability detection method provided by the present invention;
fig. 3 is a schematic structural diagram of a vulnerability detection apparatus provided in the present invention;
fig. 4 is a schematic structural diagram of a safety testing assembly according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In this application, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The invention is operational with numerous general purpose or special purpose computing device environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet-type devices, multi-processor apparatus, distributed computing environments that include any of the above devices or equipment, and the like.
The embodiment of the invention provides a vulnerability detection method, which can be applied to various system platforms, wherein an execution main body of the vulnerability detection method can be a computer terminal or a processor of various mobile devices, and a flow chart of the method is shown in figure 1 and specifically comprises the following steps:
s101: calling a preset IAST (interactive application program security test) algorithm to perform security test on an application system to obtain first test information, wherein the first test information comprises security holes generated in the running process of the application system;
in the method provided by the embodiment of the invention, the processor is preset with an IAST algorithm, and request information, data stream or vulnerability file and code line number and the like can be obtained through the detection of the IAST algorithm. When the security vulnerability of the application system needs to be tested, the IAST algorithm can be applied to carry out security test on the application system.
In the method provided by the embodiment of the present invention, the first test information may include a real bug or a false bug. The false-alarm security hole may be caused by invoking a security component by an application system or being difficult to utilize at an application level.
S102: calling a preset DAST algorithm for the security test of the dynamic application program, and carrying out attack verification on each security hole in the first test information to obtain second test information, wherein the second test information contains the security hole which is verified to be real;
in the method provided by the embodiment of the invention, the processor is provided with the DAST algorithm in advance, and the DAST algorithm can utilize the view angle of an attacker to carry out attack verification on each security hole, so that the DAST algorithm has lower false alarm rate and can verify the false alarm security holes detected by other algorithms.
In the method provided by the embodiment of the present invention, when first test information is received, the DAST algorithm may be applied to sequentially attack each security hole in the first test information, so as to verify a real security hole in the first detection information.
In the method provided by the implementation of the present invention, optionally, the security vulnerability verified as true may be marked.
S103: comparing each security vulnerability in the first test information with each security vulnerability verified to be real in the second test information to obtain initial vulnerability detection information of the application system in the operation process, wherein the initial vulnerability detection information comprises the security vulnerabilities determined to be real in the first test information and the security vulnerabilities determined to be false alarms; the real security loophole is a security loophole which is in the first test information and is consistent with the second test information in comparison, and the security loophole which is determined to be false alarm is a security loophole which is not in the first test information and is consistent with the second test information in comparison;
in the method provided by the embodiment of the invention, each security hole in the first test information is compared with each security hole verified as real in the second test information to determine the real security hole and the false-reported security hole in the first test information, so as to obtain the initial hole detection information. The initial vulnerability detection information includes a security vulnerability determined to be true and a security vulnerability determined to be false positive in the first test information.
When the security vulnerability in the first test information is consistent with the security vulnerability verified as real in the second test information in comparison, the security vulnerability in the first test information can be determined as real security vulnerability; when the security vulnerability in the first test information is not compared with the security vulnerability verified as real in the second test information, it can be determined that the security vulnerability in the first test information is a false-reported security vulnerability.
Specifically, the security vulnerabilities in the first test information are compared with the security vulnerabilities verified as true in the second test information, and the vulnerability names can be compared or the corresponding hash values generated by the security vulnerabilities are respectively compared.
Optionally, after comparing each security vulnerability in the first test information with the security vulnerability verified as real in the second test information, a corresponding relationship table may be generated according to the determined real security vulnerability in the first test information and the determined false-reported security vulnerability and the location of the vulnerability, preferably, the location of the vulnerability may be the file and the code line number where the vulnerability is located.
S104: calling a preset static application program security test SAST algorithm according to the initial vulnerability detection information, traversing all source codes of the application system, and obtaining third test information, wherein the third test information comprises security vulnerabilities obtained by analyzing the source codes;
in the method provided by the embodiment of the invention, the processor is preset with a static application program security test SAST algorithm, and the SAST algorithm mainly scans the source code and can traverse all source code branches of the application system, so that security vulnerabilities caused by source code defects can be tested. It should be noted that the test coverage and vulnerability detection rate of the SAST algorithm are high, and almost all security vulnerabilities existing in the application system can be tested.
In the method provided by the embodiment of the present invention, when the initial vulnerability detection information is received, the SAST algorithm may be called, all source codes in the application system are traversed, and the source code defects are analyzed to obtain third test information. Optionally, a detection period may also be preset, each security vulnerability caused by a source code defect in the application system is detected, each detected security vulnerability is stored, and when the detection period is required for comparison and verification, the detection period is called.
Preferably, each security vulnerability detected according to a preset detection period can be sent to the client through a mail, so that technicians can repair each security vulnerability.
Specifically, the third test information includes a security vulnerability obtained by analyzing the source code.
S105: comparing all security vulnerabilities in the initial vulnerability detection information with all security vulnerabilities in the third test information to obtain final vulnerability detection information of the application system in the operation process, wherein the final vulnerability detection information comprises the security vulnerabilities determined to be real in the initial vulnerability detection information, the security vulnerabilities determined to be false reports in the initial vulnerability detection information and the security vulnerabilities to be determined in the third test information.
In the method provided by the embodiment of the present invention, all security vulnerabilities in the initial vulnerability detection need to be compared with each security vulnerability in the third test information to obtain final vulnerability detection information. It should be noted that, comparison may be performed through vulnerability name comparison or comparison may be performed through hash values generated by security vulnerabilities.
The final vulnerability detection information comprises the security vulnerability determined to be real in the initial vulnerability detection, the security vulnerability determined to be false alarm and the security vulnerability to be determined in the third test information.
Optionally, the security vulnerabilities determined to be true and the security vulnerabilities determined to be false can be marked. For example: and marking the security vulnerability determined to be real as successful verification, and marking the security vulnerability determined to be false alarm as ignored.
According to the vulnerability detection method provided by the embodiment of the invention, before the application system is put into use, each security vulnerability existing in the application system is tested, so that the vulnerability existing in the application system can be repaired before an attacker utilizes the security vulnerability to start attack. By applying the method provided by the embodiment of the invention, more security holes can be found, and attack verification is carried out on each security hole obtained by testing by utilizing the view angle of an attacker, so that the false alarm rate is reduced.
In the vulnerability detection method provided in the embodiment of the present invention, based on the implementation process, specifically, the invoking a preset dynamic application program security test DAST algorithm to perform attack verification on each security vulnerability in the first test information includes:
acquiring vulnerability description information of each security vulnerability in the first test information;
and calling a preset DAST algorithm, and carrying out attack verification on each security vulnerability in the first test information according to vulnerability description information of each security vulnerability in the first test information.
In the method provided by the embodiment of the present invention, the vulnerability description information may include vulnerability type, risk level, request information, and the like.
According to the method provided by the embodiment of the invention, attack attempt is carried out on each security vulnerability according to vulnerability description information of each security vulnerability, and then the security vulnerability condition is analyzed and verified. Optionally, the attacks may be performed on the security vulnerabilities simultaneously, or may be performed in sequence according to priorities of the security vulnerabilities in the first test information, where the priorities may be determined according to risk levels and vulnerability types of the security vulnerabilities.
According to the method provided by the embodiment of the invention, the found vulnerability is attacked by using the visual angle of an attacker, the internal logic structure of an application program does not need to be known, the implementation language of a test object is not distinguished, and the vulnerability is found and verified by using the attack characteristic library, so that most high-risk problems can be found, the false-reported security vulnerability can be effectively reduced, the vulnerability can be repaired in a targeted manner, the vulnerability repairing efficiency is improved, and the time for determining the real security vulnerability and the false-reported security vulnerability is reduced.
In the vulnerability detection method provided in the embodiment of the present invention, based on the implementation process, specifically, each security vulnerability in the first test information is compared with each security vulnerability verified as true in the second test information to obtain initial vulnerability detection information of the application system in the operation process, and a method flowchart of the method is shown in fig. 2, and specifically includes:
s201: respectively extracting first identification information of each security hole in the first test information and second identification information of each security hole verified to be real in the second test information;
in the method provided by the embodiment of the invention, each security hole in the first test information corresponds to one identification information, and each security hole in the second test information corresponds to one identification information. The identification information may include key information such as a vulnerability name, a data stream, and a vulnerability type.
S202: calculating each piece of first identification information and each piece of second identification information by adopting a preset hash value algorithm to obtain a first hash value corresponding to each piece of first identification information and a second hash value corresponding to each piece of second identification information;
in the method provided by the embodiment of the invention, a segment of longer identification information can be mapped into a segment of shorter data through a hash value algorithm, and the segment of shorter data is the hash value of the identification information. The hash value is unique, and once the identification information changes, the hash value corresponding to the identification information also changes.
Specifically, each first identification information and each second identification information are respectively calculated through a hash value algorithm, so that a first hash value corresponding to each first identification information and a second hash value corresponding to each second identification information can be obtained.
It should be noted that each security hole corresponds to one hash value.
S203: comparing each first hash value with each second hash value respectively;
in the method provided by the embodiment of the invention, each first hash value obtained by calculation is sequentially compared with each second hash value. It should be noted that the comparison may be performed in real time, or may be performed after all hash values are calculated.
Optionally, a first hash value successfully compared with the second hash value may be recorded, or a first hash value unsuccessfully compared with the second hash value may also be recorded.
S204: determining the security vulnerability corresponding to the successfully compared first hash value as a real security vulnerability, and determining the security vulnerability corresponding to the unsuccessfully compared first hash value as a false-alarm security vulnerability;
in the method provided by the embodiment of the invention, if the first hash value and the second hash value are successfully compared, the security vulnerability corresponding to the first hash value can be judged to be a real security vulnerability, and the remaining security vulnerabilities corresponding to the first hash values which are not successfully compared are judged to be false-reported security vulnerabilities.
S205: obtaining the initial vulnerability detection information according to the determined real security vulnerabilities and the determined false-alarm security vulnerabilities;
in the method provided by the embodiment of the invention, the initial vulnerability detection information can be obtained according to each determined real security vulnerability and each determined false-positive security vulnerability.
In the method provided by the embodiment of the invention, the comparison is carried out according to each first hash value and each second hash value, so that whether the security vulnerability corresponding to the first hash value and the security vulnerability corresponding to the second hash value are the same vulnerability can be determined, the false-reported security vulnerability in the first test information is eliminated, and the cost for manually determining the real security vulnerability is reduced.
In the vulnerability detection method provided in the embodiment of the present invention, on the basis of the implementation process, specifically, comparing all security vulnerabilities in the initial vulnerability detection information with each security vulnerability in the third test information to obtain final vulnerability detection information of the application system in the operation process includes:
acquiring first vulnerability identifications of all security vulnerabilities in the initial vulnerability detection information and second vulnerability identifications of all security vulnerabilities in the third test information;
comparing each first vulnerability identification with each second vulnerability identification;
when the security loophole corresponding to the successfully-compared first loophole identification is a real security loophole, determining the security loophole corresponding to the corresponding second loophole identification as a real security loophole, and when the security loophole corresponding to the successfully-compared first loophole identification is a false-reported security loophole, determining the security loophole corresponding to the corresponding second loophole identification as a false-reported security loophole;
determining the security vulnerabilities corresponding to the second vulnerability identifications which are not successfully compared as the security vulnerabilities to be determined;
and obtaining the final vulnerability detection information according to the determined real security vulnerabilities, the determined false-alarm security vulnerabilities and the determined to-be-determined security vulnerabilities.
In the method provided by the embodiment of the present invention, the first vulnerability identification may be a vulnerability name of the security vulnerability. And comparing the vulnerability name of each security vulnerability in the final vulnerability detection information with the vulnerability name of each security vulnerability in each third test information in a text manner, so as to determine whether the security vulnerability in the final vulnerability detection information and the security vulnerability in the third test information are the same vulnerability.
In the method provided by the embodiment of the invention, the final vulnerability detection information can be obtained through comparison. The final vulnerability detection information may include security vulnerabilities which are compared consistently or inconsistent in comparison, the security vulnerabilities which are compared consistently may be real existing security vulnerabilities or security vulnerabilities which are reported by mistake, and the security vulnerabilities which are compared inconsistently are security vulnerabilities to be determined.
In the method provided by the embodiment of the invention, by comparing each security vulnerability in the initial vulnerability detection information with each security vulnerability in the third test information, whether vulnerability missing detection exists can be further determined, and the condition that an attacker attacks the vulnerability by using the missing detection security vulnerability, so that the application system is paralyzed to cause loss is avoided.
In the vulnerability detection method provided in the embodiment of the present invention, on the basis of the implementation process, specifically, the method further includes:
and determining and repairing the security vulnerability determined to be real in the final vulnerability detection information according to a preset repairing strategy, and sending the security vulnerability to be determined in the third test information to a client so as to enable the client to complete auditing.
In the method provided by the embodiment of the invention, the actual and real security vulnerability is repaired through a preset repair strategy, the security vulnerability which is misinformed is ignored, then the security vulnerability to be determined in the third test information is sent to the client side for manual audit, and finally the vulnerability attribute of the security vulnerability to be determined is determined. Optionally, the vulnerability confirmed as false report in the initial vulnerability detection information may also be sent to the client for manual audit.
In the method provided by the embodiment of the invention, the security loopholes determined to be real are repaired, the security loopholes determined to be false alarm and the security loopholes to be determined are sent to the client for manual audit, and the security loopholes determined to be false alarm and the security loopholes to be determined are finally determined, so that technical personnel can repair each security loophole, and the loss caused by an attacker attacking an application system by using the security loopholes is reduced.
The above specific implementations and the derivation processes of the implementations are all within the scope of the present invention.
Corresponding to the method described in fig. 1, an embodiment of the present invention further provides a vulnerability detection apparatus, which is used for implementing the method in fig. 1 specifically, the vulnerability detection apparatus provided in the embodiment of the present invention may be applied to a computer terminal or various mobile devices, and a schematic structural diagram of the vulnerability detection apparatus is shown in fig. 3, and specifically includes:
the first calling unit 301 is configured to call a preset interactive application program security test iatt algorithm, perform security test on an application system, and obtain first test information, where the first test information includes a security hole generated in an operation process of the application system;
a second invoking unit 302, configured to invoke a preset dynamic application security test DAST algorithm, perform attack verification on each security vulnerability in the first test information, and obtain second test information, where the second test information includes a security vulnerability that has been verified as being true;
a first comparing unit 303, configured to compare each security hole in the first test information with each security hole in the second test information that has been verified to be true, to obtain initial vulnerability detection information of the application system in an operation process, where the initial vulnerability detection information includes a security hole determined to be true in the first test information and a security hole determined to be false alarm; the real security loophole is a security loophole which is in the first test information and is consistent with the second test information in comparison, and the security loophole which is determined to be false alarm is a security loophole which is not in the first test information and is consistent with the second test information in comparison;
a third invoking unit 304, configured to invoke a preset Static Application Security Test (SAST) algorithm according to the initial vulnerability detection information, traverse all source codes of the application system, and obtain third test information, where the third test information includes a security vulnerability obtained by analyzing the source codes;
a second comparing unit 305, configured to compare all security vulnerabilities in the initial vulnerability detection information with each security vulnerability in the third test information, and obtain final vulnerability detection information of the application system in an operation process, where the final vulnerability detection information includes a security vulnerability determined to be real in the initial vulnerability detection information, a security vulnerability determined to be misreported in the initial vulnerability detection information, and a security vulnerability to be determined in the third test information.
Based on the above implementation process, the vulnerability detection apparatus provided in the embodiment of the present invention includes:
the first obtaining subunit is configured to obtain vulnerability description information of each security vulnerability in the first test information;
and the attack subunit is used for calling the preset DAST algorithm and carrying out attack verification on each security vulnerability in the first test information according to the vulnerability description information of each security vulnerability in the first test information.
Based on the above implementation process, the vulnerability detection apparatus provided in the embodiment of the present invention includes:
the extraction subunit is configured to extract first identification information of each security vulnerability in the first test information and second identification information of each security vulnerability verified as true in the second test information, respectively;
the calculating subunit is configured to calculate each piece of the first identification information and each piece of the second identification information by using a preset hash value algorithm, so as to obtain a first hash value corresponding to each piece of the first identification information and a second hash value corresponding to each piece of the second identification information;
the first comparison subunit is configured to compare each first hash value with each second hash value respectively;
and the first determining subunit is used for determining the security vulnerability corresponding to the first hash value which is successfully compared as a real security vulnerability, and determining the security vulnerability corresponding to the first hash value which is not successfully compared as a false-alarm security vulnerability.
Based on the above implementation process, the vulnerability detection apparatus provided in the embodiment of the present invention includes:
the second obtaining subunit is configured to obtain first vulnerability identifications of all security vulnerabilities in the initial vulnerability detection information, and second vulnerability identifications of all security vulnerabilities in the third test information;
the second comparison subunit is used for comparing each first vulnerability identification with each second vulnerability identification respectively;
the second determining subunit is configured to determine, when the security vulnerability corresponding to the successfully-compared first vulnerability identifier is a real security vulnerability, the security vulnerability corresponding to the second vulnerability identifier corresponding to the successfully-compared first vulnerability identifier is a real security vulnerability, and when the security vulnerability corresponding to the successfully-compared first vulnerability identifier is a false-reported security vulnerability, determine, as a false-reported security vulnerability, the security vulnerability corresponding to the second vulnerability identifier corresponding to the successfully-compared first vulnerability identifier;
and the third determining subunit is used for determining the security vulnerabilities corresponding to the second vulnerability identifications which are not successfully compared as the security vulnerabilities to be determined.
The vulnerability detection device provided by the embodiment of the invention is based on the implementation process, and further comprises:
and the repairing unit is used for determining and repairing the security vulnerability determined to be real in the final vulnerability detection information according to a preset repairing strategy, and sending the security vulnerability to be determined in the third test information to a client so as to enable the client to finish auditing.
The device provided by the invention can be applied to various fields, in particular to a server, the server is provided with a safety test component, the safety test component can run on a safety test management platform, the structural schematic diagram of the safety test component is shown in figure 4, and the device specifically comprises:
an IAST and DAST integration module, an SAST and IAST integration module and a security vulnerability analysis module;
the IAST and DAST integration module comprises an IAST test result analysis module and a DAST test result analysis module, the IAST and DAST integration module can integrate an IAST tool and a DAST tool through an IAST and DAST interface, when the safety test is needed, an IAST algorithm in an IAST tool is called to test the application system to obtain a test result, an IAST test result analysis module is called to analyze the test result to obtain first test information, the first test information contains security holes generated in the running process of the application system, and then the first test information is sent to the DAST tool through the interface, triggering a DAST tool to call a DAST algorithm to carry out attack verification on each security vulnerability in the first test information to obtain a verification result, and then analyzing the verification result by using a DAST test result analysis module to obtain second test information, wherein the second test information comprises each security vulnerability verified to be real.
The SAST and IAST integrated module comprises an SAST test result analysis module, the SAST and IAST integrated module can integrate an SAST tool and an IAST tool through an SAST and IAST interface, each security vulnerability in first test information is compared with each security vulnerability in second test information through the IAST test result analysis module to obtain initial vulnerability detection information in the running process of an application system, then the initial vulnerability detection information is sent to the SAST tool to trigger the SAST tool to call an SAST algorithm to traverse all source codes of the application system, the security vulnerabilities of the application system caused by code defects are tested to obtain third test information, the third test information comprises the security vulnerabilities obtained by analyzing the source codes, then the SAST test result analysis tool is used for analyzing the test results, the SAST tool compares each security vulnerability in the third test information with each security vulnerability in the initial vulnerability detection information, to obtain the final vulnerability detection information.
And the security vulnerability analysis and reporting module can determine and repair the real security vulnerabilities in the initial vulnerability detection information contained in the final vulnerability detection information through a preset repair strategy, and sends each security vulnerability determined as false alarm and the security vulnerability to be determined to a project group through mails for manual audit so as to repair the security vulnerabilities.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, the system or system embodiments are substantially similar to the method embodiments and therefore are described in a relatively simple manner, and reference may be made to some of the descriptions of the method embodiments for related points. The above-described system and system embodiments are only illustrative, wherein the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A vulnerability detection method is characterized by comprising the following steps:
calling a preset IAST (interactive application program security test) algorithm to perform security test on an application system to obtain first test information, wherein the first test information comprises security holes generated in the running process of the application system;
calling a preset DAST algorithm for the security test of the dynamic application program, and carrying out attack verification on each security hole in the first test information to obtain second test information, wherein the second test information contains the security hole which is verified to be real;
comparing each security vulnerability in the first test information with each security vulnerability verified to be real in the second test information to obtain initial vulnerability detection information of the application system in the operation process, wherein the initial vulnerability detection information comprises the security vulnerabilities determined to be real in the first test information and the security vulnerabilities determined to be false alarms; the real security loophole is a security loophole which is in the first test information and is consistent with the second test information in comparison, and the security loophole which is determined to be false alarm is a security loophole which is not in the first test information and is consistent with the second test information in comparison;
calling a preset static application program security test SAST algorithm according to the initial vulnerability detection information, traversing all source codes of the application system, and obtaining third test information, wherein the third test information comprises security vulnerabilities obtained by analyzing the source codes;
comparing all security vulnerabilities in the initial vulnerability detection information with all security vulnerabilities in the third test information to obtain final vulnerability detection information of the application system in the operation process, wherein the final vulnerability detection information comprises the security vulnerabilities determined to be real in the initial vulnerability detection information, the security vulnerabilities determined to be false reports in the initial vulnerability detection information and the security vulnerabilities to be determined in the third test information.
2. The method according to claim 1, wherein the invoking a preset dynamic application security test DAST algorithm to perform attack verification on each security vulnerability in the first test information includes:
acquiring vulnerability description information of each security vulnerability in the first test information;
and calling a preset DAST algorithm, and carrying out attack verification on each security vulnerability in the first test information according to vulnerability description information of each security vulnerability in the first test information.
3. The method according to claim 1, wherein comparing each security vulnerability in the first test information with each security vulnerability verified as true in the second test information to obtain initial vulnerability detection information of the application system in the running process comprises:
respectively extracting first identification information of each security hole in the first test information and second identification information of each security hole verified to be real in the second test information;
calculating each piece of first identification information and each piece of second identification information by adopting a preset hash value algorithm to obtain a first hash value corresponding to each piece of first identification information and a second hash value corresponding to each piece of second identification information;
comparing each first hash value with each second hash value respectively;
determining the security vulnerability corresponding to the successfully compared first hash value as a real security vulnerability, and determining the security vulnerability corresponding to the unsuccessfully compared first hash value as a false-alarm security vulnerability;
and obtaining the initial vulnerability detection information according to the determined real security vulnerabilities and the determined false-alarm security vulnerabilities.
4. The method according to claim 1, wherein comparing all security vulnerabilities in the initial vulnerability detection information with each security vulnerability in the third test information to obtain final vulnerability detection information of the application system in a running process comprises:
acquiring first vulnerability identifications of all security vulnerabilities in the initial vulnerability detection information and second vulnerability identifications of all security vulnerabilities in the third test information;
comparing each first vulnerability identification with each second vulnerability identification;
when the security loophole corresponding to the successfully-compared first loophole identification is a real security loophole, determining the security loophole corresponding to the corresponding second loophole identification as a real security loophole, and when the security loophole corresponding to the successfully-compared first loophole identification is a false-reported security loophole, determining the security loophole corresponding to the corresponding second loophole identification as a false-reported security loophole;
determining the security vulnerability corresponding to the second vulnerability identification which is not successfully compared as the security vulnerability to be determined;
and obtaining the final vulnerability detection information according to the determined real security vulnerabilities, the determined false-alarm security vulnerabilities and the determined to-be-determined security vulnerabilities.
5. The method of claim 1, further comprising:
and determining and repairing the security vulnerability determined to be real in the final vulnerability detection information according to a preset repairing strategy, and sending the security vulnerability to be determined in the third test information to a client so as to enable the client to complete auditing.
6. A vulnerability detection apparatus, comprising:
the system comprises a first calling unit, a second calling unit and a third calling unit, wherein the first calling unit is used for calling a preset interactive application program safety test IAST algorithm, carrying out safety test on an application system and obtaining first test information, and the first test information comprises a safety hole generated in the running process of the application system;
a second calling unit, configured to call a preset dynamic application security test DAST algorithm, perform attack verification on each security vulnerability in the first test information, and obtain second test information, where the second test information includes a security vulnerability that has been verified to be true;
the first comparison unit is used for comparing each security vulnerability in the first test information with each security vulnerability verified as real in the second test information to obtain initial vulnerability detection information of the application system in the running process, wherein the initial vulnerability detection information comprises the security vulnerabilities determined as real in the first test information and the security vulnerabilities determined as false alarms; the real security loophole is a security loophole which is in the first test information and is consistent with the second test information in comparison, and the security loophole which is determined to be false alarm is a security loophole which is not in the first test information and is consistent with the second test information in comparison;
a third calling unit, configured to call a preset static application program security test (SAST) algorithm according to the initial vulnerability detection information, traverse all source codes of the application system, and obtain third test information, where the third test information includes a security vulnerability obtained by analyzing the source codes;
and the second comparison unit is used for comparing all security vulnerabilities in the initial vulnerability detection information with all security vulnerabilities in the third test information to obtain final vulnerability detection information of the application system in the operation process, wherein the final vulnerability detection information comprises the security vulnerabilities determined to be real in the initial vulnerability detection information, the security vulnerabilities determined to be false reports in the initial vulnerability detection information and the security vulnerabilities to be determined in the third test information.
7. The apparatus of claim 6, wherein the second call unit comprises:
the first obtaining subunit is configured to obtain vulnerability description information of each security vulnerability in the first test information;
and the attack subunit is used for calling the preset DAST algorithm and carrying out attack verification on each security vulnerability in the first test information according to the vulnerability description information of each security vulnerability in the first test information.
8. The apparatus of claim 6, wherein the first comparison unit comprises:
the extraction subunit is configured to extract first identification information of each security vulnerability in the first test information and second identification information of each security vulnerability verified as true in the second test information, respectively;
the calculating subunit is configured to calculate each piece of the first identification information and each piece of the second identification information by using a preset hash value algorithm, so as to obtain a first hash value corresponding to each piece of the first identification information and a second hash value corresponding to each piece of the second identification information;
the first comparison subunit is configured to compare each first hash value with each second hash value respectively;
and the first determining subunit is used for determining the security vulnerability corresponding to the first hash value which is successfully compared as a real security vulnerability, and determining the security vulnerability corresponding to the first hash value which is not successfully compared as a false-alarm security vulnerability.
9. The apparatus of claim 6, wherein the second alignment unit comprises:
the second obtaining subunit is configured to obtain first vulnerability identifications of all security vulnerabilities in the initial vulnerability detection information, and second vulnerability identifications of all security vulnerabilities in the third test information;
the second comparison subunit is used for comparing each first vulnerability identification with each second vulnerability identification respectively;
the second determining subunit is configured to determine, when the security vulnerability corresponding to the successfully-compared first vulnerability identifier is a real security vulnerability, the security vulnerability corresponding to the second vulnerability identifier corresponding to the successfully-compared first vulnerability identifier is a real security vulnerability, and when the security vulnerability corresponding to the successfully-compared first vulnerability identifier is a false-reported security vulnerability, determine, as a false-reported security vulnerability, the security vulnerability corresponding to the second vulnerability identifier corresponding to the successfully-compared first vulnerability identifier;
and the third determining subunit is used for determining the security vulnerabilities corresponding to the second vulnerability identifications which are not successfully compared as the security vulnerabilities to be determined.
10. The apparatus of claim 6, further comprising:
and the repairing unit is used for determining and repairing the security vulnerability determined to be real in the final vulnerability detection information according to a preset repairing strategy, and sending the security vulnerability to be determined in the third test information to a client so as to enable the client to finish auditing.
CN201911166068.6A 2019-11-25 2019-11-25 Vulnerability detection method and device Active CN111125708B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911166068.6A CN111125708B (en) 2019-11-25 2019-11-25 Vulnerability detection method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911166068.6A CN111125708B (en) 2019-11-25 2019-11-25 Vulnerability detection method and device

Publications (2)

Publication Number Publication Date
CN111125708A true CN111125708A (en) 2020-05-08
CN111125708B CN111125708B (en) 2021-12-03

Family

ID=70496595

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911166068.6A Active CN111125708B (en) 2019-11-25 2019-11-25 Vulnerability detection method and device

Country Status (1)

Country Link
CN (1) CN111125708B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112055009A (en) * 2020-08-31 2020-12-08 北京天融信网络安全技术有限公司 Vulnerability data comparison method and device, electronic equipment and storage medium
CN115952503A (en) * 2023-01-30 2023-04-11 深圳海云安网络安全技术有限公司 Application safety testing method and system integrating black, white and gray safety detection technology
CN117061222A (en) * 2023-09-12 2023-11-14 北京安全共识科技有限公司 Vulnerability data acquisition method and vulnerability verification method

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102468985A (en) * 2010-11-01 2012-05-23 北京神州绿盟信息安全科技股份有限公司 Method and system for carrying out penetration test on network safety equipment
CN104462981A (en) * 2013-09-12 2015-03-25 深圳市腾讯计算机系统有限公司 Detecting method and device for vulnerabilities
CN104537309A (en) * 2015-01-23 2015-04-22 北京奇虎科技有限公司 Application program bug detection method, application program bug detection device and server
US20150227746A1 (en) * 2014-02-07 2015-08-13 Northwestern University System and Method for Privacy Leakage Detection and Prevention System without Operating System Modification
US20180025154A1 (en) * 2015-01-30 2018-01-25 Denim Group, Ltd. Method of Correlating Static and Dynamic Application Security Testing Results for a Web and Mobile Application
US20180176245A1 (en) * 2016-12-21 2018-06-21 Denim Group, Ltd. Method of Detecting Shared Vulnerable Code
US20180330102A1 (en) * 2017-05-10 2018-11-15 Checkmarx Ltd. Using the Same Query Language for Static and Dynamic Application Security Testing Tools
US10395041B1 (en) * 2018-10-31 2019-08-27 Capital One Services, Llc Methods and systems for reducing false positive findings

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102468985A (en) * 2010-11-01 2012-05-23 北京神州绿盟信息安全科技股份有限公司 Method and system for carrying out penetration test on network safety equipment
CN104462981A (en) * 2013-09-12 2015-03-25 深圳市腾讯计算机系统有限公司 Detecting method and device for vulnerabilities
US20150227746A1 (en) * 2014-02-07 2015-08-13 Northwestern University System and Method for Privacy Leakage Detection and Prevention System without Operating System Modification
CN104537309A (en) * 2015-01-23 2015-04-22 北京奇虎科技有限公司 Application program bug detection method, application program bug detection device and server
US20180025154A1 (en) * 2015-01-30 2018-01-25 Denim Group, Ltd. Method of Correlating Static and Dynamic Application Security Testing Results for a Web and Mobile Application
US20180176245A1 (en) * 2016-12-21 2018-06-21 Denim Group, Ltd. Method of Detecting Shared Vulnerable Code
US20180330102A1 (en) * 2017-05-10 2018-11-15 Checkmarx Ltd. Using the Same Query Language for Static and Dynamic Application Security Testing Tools
US10395041B1 (en) * 2018-10-31 2019-08-27 Capital One Services, Llc Methods and systems for reducing false positive findings

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
YUAN YUANPAN: "Interactive Application Security Testing", 《IEEE》 *
卜宋博: "互动式应用程序安全测试", 《通信技术》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112055009A (en) * 2020-08-31 2020-12-08 北京天融信网络安全技术有限公司 Vulnerability data comparison method and device, electronic equipment and storage medium
CN115952503A (en) * 2023-01-30 2023-04-11 深圳海云安网络安全技术有限公司 Application safety testing method and system integrating black, white and gray safety detection technology
CN117061222A (en) * 2023-09-12 2023-11-14 北京安全共识科技有限公司 Vulnerability data acquisition method and vulnerability verification method
CN117061222B (en) * 2023-09-12 2024-05-07 北京基调网络股份有限公司 Vulnerability data acquisition method and vulnerability verification method

Also Published As

Publication number Publication date
CN111125708B (en) 2021-12-03

Similar Documents

Publication Publication Date Title
CN111125708B (en) Vulnerability detection method and device
CN110324310B (en) Network asset fingerprint identification method, system and equipment
CN108683687B (en) Network attack identification method and system
CN108471429B (en) Network attack warning method and system
CN108881263B (en) Network attack result detection method and system
CN110581827B (en) Detection method and device for brute force cracking
CN107294953B (en) Attack operation detection method and device
KR100894331B1 (en) Anomaly Detection System and Method of Web Application Attacks using Web Log Correlation
CN111984975B (en) Vulnerability attack detection system, method and medium based on mimicry defense mechanism
CN110929264B (en) Vulnerability detection method and device, electronic equipment and readable storage medium
CN102664876A (en) Method and system for detecting network security
CN108399336B (en) Detection method and device for malicious behaviors of android application
CN108200095B (en) Method and device for determining vulnerability of Internet boundary security policy
CN111884989B (en) Vulnerability detection method and system for electric power web system
CN112953917B (en) Network attack source identification method and device, computer equipment and storage medium
CN110336835A (en) Detection method, user equipment, storage medium and the device of malicious act
CN116628705A (en) Data security processing method, system, electronic equipment and storage medium
CN114050937B (en) Mailbox service unavailability processing method and device, electronic equipment and storage medium
KR20160090566A (en) Apparatus and method for detecting APK malware filter using valid market data
CN107888576B (en) Anti-collision library safety risk control method using big data and equipment fingerprints
CN113806736B (en) Vulnerability detection method, system and storage medium based on mimicry intrusion
CN111355688A (en) Core method and device for automatic infiltration and analysis based on AI technology
CN114417350A (en) Hidden danger troubleshooting method and device based on industrial equipment system
CN109388951B (en) Illegal information processing method, device and equipment and readable storage medium
CN113301019B (en) Verification code vulnerability detection method and device, electronic device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant