CN112565244B - Active risk monitoring method, system and equipment for website projects - Google Patents
Active risk monitoring method, system and equipment for website projects Download PDFInfo
- Publication number
- CN112565244B CN112565244B CN202011393767.7A CN202011393767A CN112565244B CN 112565244 B CN112565244 B CN 112565244B CN 202011393767 A CN202011393767 A CN 202011393767A CN 112565244 B CN112565244 B CN 112565244B
- Authority
- CN
- China
- Prior art keywords
- scanner
- port
- scanning
- active
- website
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Debugging And Monitoring (AREA)
Abstract
According to the active risk monitoring method, system and equipment for the website project, a safety monitoring system is built by using various vulnerability scanners, a task scheduling mode is used, safety scanning is placed on a cloud server, a passive scanner is assisted to make up the defect that an active scanner cannot scan an interface of the project, a safety port is added for scanning the safety of a port of a project server, the project is comprehensively and automatically monitored from the application to the interface and the server environment port, and related personnel can be timely notified of the detection, verification and repair of the discovered vulnerability.
Description
Technical Field
The invention relates to the technical field of network risk monitoring, in particular to an active risk monitoring method, system and device for website projects.
Background
With the development of computer networks, network applications are becoming more and more popular. Because the operating system and the application layer software of the network server where the network application is located inevitably have bugs, the network security form is increasingly severe, and the attack and defense upgrade is increasingly severe. Meanwhile, as the value of the service data is higher and higher, the security threats of enterprises are increased due to security problems such as data shackle, page tampering, black chain and the like.
At present, to the safety monitoring of various website projects, generally use traditional safety monitoring instrument, monitor manually, the time and the frequency of monitoring are influenced by the people, along with the increase of enterprise's project, the manual auditing can't guarantee in real time. In addition, the subjectivity of manual review is too strong, monitoring of security vulnerabilities may be omitted, and real-time security monitoring cannot be achieved.
Disclosure of Invention
In view of the above problems, an object of the present invention is to provide an active risk monitoring method, system and device for website projects, which can perform comprehensive and automatic security monitoring on projects applied to interfaces and server environment ports, and can notify relevant personnel of finding a bug in time to perform troubleshooting, verification and repair.
In order to achieve the purpose, the invention is realized by the following technical scheme: an active risk monitoring method facing website projects comprises the following steps:
s1: an active vulnerability scanner, a passive interface scanner and a port scanner are arranged on a cloud server and serve as preset scanners;
s2: adding a batch website to a preset scanner, and setting a timing task;
s3: the method comprises the steps that a preset scanner is started according to a timing task, an interface of a website is crawled after the preset scanner is started, and vulnerability monitoring is carried out on the interface;
s4: and generating a monitoring report after the monitoring is completed.
Further, the step S2 further includes:
using an awvs vulnerability scanner, a news vulnerability scanner and an appscan vulnerability scanner as active vulnerability scanners, calling interfaces of the scanners, and configuring a scanning task by a Django framework; and setting a timing task or an uninterrupted task by using a celery task scheduler, and carrying out safety scanning on the project in real time.
Further, the step S3 includes:
starting an active security vulnerability scanner to perform security scanning on the project; and opening a proxy port through the active security vulnerability scanner, using the proxy port to access the website, and monitoring the vulnerability of the interface after the active security vulnerability scanner receives the interface.
Further, the step S3 further includes:
starting a port scanner to judge whether the target server uses the waf and cdn services, trying to acquire an ip address of the target server, and scanning an open port of the target server;
and comparing the scanning result with a known developed port white list, and if port information of a non-white list is found, recording and storing and carrying out alarm prompt.
Further, the step S3 further includes:
calling a massscan port scanner and an nmap port scanner in an asynchronous request mode, scanning 1-65534 ports of the items, and collecting scanning results to generate an html format report.
Further, the step S4 includes:
if the html format report contains an abnormal record; the html format report is added to the monitoring report.
Further, the step S3 further includes:
and setting a proxy server of the browser as an address of the proxy server by using a passive interface scanner, and when the browser accesses the item address, receiving a request of the browser by the passive interface scanner and carrying out security scanning and statistics on a requested interface.
Correspondingly, the invention also discloses an active risk monitoring system facing the website project, which comprises: the system comprises a setting unit, a processing unit and a processing unit, wherein the setting unit is used for setting an active vulnerability scanner, a passive interface scanner and a port scanner on a cloud server as preset scanners;
the access unit is used for adding the batch websites to the preset scanner and starting the preset scanner to execute the monitoring task; the active vulnerability scanner is used for calling an interface of the scanner, configuring a scanning task by a Django framework, and setting a timing task or an uninterrupted task;
the passive interface scanner is used for setting a proxy server of the browser as an address of the proxy server, receiving a request of the browser when the browser accesses a project address, and performing security scanning and statistics on the requested interface;
the port scanner is used for judging whether the target server uses the waf and cdn services or not, trying to acquire the ip address of the target server and scanning the open port of the target server;
and the output unit is used for generating a monitoring report according to the monitoring result.
Correspondingly, the invention also discloses active risk monitoring equipment for website projects, which comprises:
a memory for storing a computer program;
a processor for implementing the steps of the active risk monitoring method for website-oriented projects as described in any one of the above when the computer program is executed.
Compared with the prior art, the invention has the beneficial effects that: the invention provides a website project-oriented active risk monitoring method, a website project-oriented active risk monitoring system and website project-oriented active risk monitoring equipment.
The invention adopts the active vulnerability scanner, the passive interface scanner and the port scanner as the preset scanner, and can perform vulnerability scanning test, interface safety test and port opening check on the added website items according to the actual application condition.
The active vulnerability scanner can realize comprehensive real-time safety monitoring through task scheduling and timed task setting, generates reports for the emerging risks and vulnerabilities, and informs related personnel to assist in vulnerability repair.
The invention calls the massscan port scanner and the nmap port scanner by using an asynchronous request mode, thereby greatly saving the scanning time.
Therefore, compared with the prior art, the invention has prominent substantive features and remarkable progress, and the beneficial effects of the implementation are also obvious.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a flow chart of the method of the present invention.
Fig. 2 is a system block diagram of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made with reference to the accompanying drawings.
As shown in fig. 1, an active risk monitoring method for website projects includes the following steps:
s1: an active vulnerability scanner, a passive interface scanner and a port scanner are arranged on the cloud server and serve as preset scanners.
S2: and adding the batch website to a preset scanner, and setting a timing task.
Specifically, the method comprises the following steps: using an awvs vulnerability scanner, a news vulnerability scanner and an appscan vulnerability scanner as active vulnerability scanners, calling interfaces of the scanners, and configuring a scanning task by a Django framework; and setting a timing task or an uninterrupted task by using a celery task scheduler, and carrying out safety scanning on the project in real time.
S3: the preset scanner is started according to the timing task, and after the preset scanner is started, an interface of a website is crawled, and vulnerability monitoring is carried out on the interface.
There are three types of scanners to monitor the interface for leaks:
1. active security vulnerability scanner:
in the process of safely scanning a project by the active security vulnerability scanner, the agent port is opened by the scanner, the active security scanner accesses a website by using the agent port, the scanner monitors vulnerabilities of the interface after receiving the interface, and a monitoring result is generated after monitoring is completed.
2. A port scanner:
through analysis of website/app projects, the port scanner can judge whether the target server uses the waf and cdn services, try to acquire the ip address of the target server, scan the open port of the target server, compare the open port with a known developed port white list, record and store port information of a non-white list, give an alarm and prompt if the port information of the non-white list is found, and generate a corresponding monitoring result.
And (3) scanning the items by using a massscan and nmap port scanning tool through 1-65534 ports, and collecting the results to generate a specific html format report as a monitoring result.
The conventional full-port scanning of items using massscan and nmap port scanning tools requires a long time, which may take about 20 min. Scanning multiple items is very time consuming. In this embodiment, the scanning tool of the masscan and nmap ports is called by using an asynchronous request mode, so that a large amount of scanning time can be saved.
3. Passive interface scanner:
and a passive interface scanner is used for assisting a safety tester, a proxy server of the browser is set as an address of the proxy server, and when the browser accesses the project, the passive interface scanner receives a request of the browser and carries out safety scanning and statistics on the requested interface. Helping the security tester to mine the request interface behind the page.
S4: and generating a monitoring report after the monitoring is completed.
Generating a monitoring report according to monitoring results generated by the active vulnerability scanner, the passive interface scanner and the port scanner; if the html format report contains an abnormal record; the html format report is added to the monitoring report.
And finally, pushing the monitoring report to related responsible personnel to enable the risk to be discovered at the first time, so that the investigation, the verification and the repair are facilitated.
Correspondingly, as shown in fig. 2, the present invention also discloses an active risk monitoring system for website projects, comprising:
the device comprises a setting unit, a communication unit and a control unit, wherein the setting unit is used for setting an active vulnerability scanner, a passive interface scanner and a port scanner on a cloud server as preset scanners.
And the access unit is used for adding the batch websites to the preset scanner and starting the preset scanner to execute the monitoring task.
And the active vulnerability scanner is used for calling an interface of the scanner, configuring a scanning task by using a Django framework, and setting a timing task or an uninterrupted task.
And the passive interface scanner is used for setting a proxy server of the browser as an address of the proxy server, receiving a request of the browser when the browser accesses the project address, and performing security scanning and statistics on the requested interface.
And the port scanner is used for judging whether the target server uses the waf and cdn services, trying to acquire the ip address of the target server and scanning the open port of the target server.
And the output unit is used for generating a monitoring report according to the monitoring result.
Correspondingly, the invention also discloses active risk monitoring equipment for the website project, which comprises:
a memory for storing a computer program;
a processor for implementing the steps of the active risk monitoring method for website-oriented projects as described in any one of the above when the computer program is executed.
Those skilled in the art will readily appreciate that the techniques of the embodiments of the present invention may be implemented as software plus a required general purpose hardware platform. Based on such understanding, the technical solutions in the embodiments of the present invention may be substantially or partially embodied in the form of a software product, the computer software product is stored in a storage medium, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and various media capable of storing program codes include several instructions for enabling a computer terminal (which may be a personal computer, a server, or a second terminal, a network terminal, etc.) to execute all or part of the steps of the method in the embodiments of the present invention. The same and similar parts in the various embodiments in this specification may be referred to each other. Especially, for the terminal embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and the relevant points can be referred to the description in the method embodiment.
In the embodiments provided by the present invention, it should be understood that the disclosed system, system and method can be implemented in other ways. For example, the above-described system embodiments are merely illustrative, and for example, the division of the units is only one logical functional division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, systems or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing unit, or each module may exist alone physically, or two or more modules are integrated into one unit.
Similarly, each processing unit in the embodiments of the present invention may be integrated into one functional module, or each processing unit may exist physically, or two or more processing units are integrated into one functional module.
The invention is further described with reference to the accompanying drawings and specific embodiments. It should be understood that these examples are for illustrative purposes only and are not intended to limit the scope of the present invention. Further, it should be understood that various changes or modifications of the present invention may be made by those skilled in the art after reading the teaching of the present invention, and these equivalents also fall within the scope of the present application.
Claims (6)
1. An active risk monitoring method facing website projects is characterized by comprising the following steps:
s1: an active vulnerability scanner, a passive interface scanner and a port scanner are arranged on a cloud server and serve as preset scanners;
s2: adding a batch website to a preset scanner, and setting a timing task;
s3: the preset scanner is started according to the timing task, and crawls an interface of a website after the preset scanner is started to monitor the vulnerability of the interface; s4: generating a monitoring report after the monitoring is finished;
the step S3 further includes:
starting an active security vulnerability scanner to perform security scanning on the project;
starting a port scanner to judge whether a target server uses the waf and cdn services, trying to acquire an ip address of the target server, and scanning an open port of the target server;
comparing the scanning result with a known developed port white list, and if port information of a non-white list is found, recording and storing and carrying out alarm prompt;
calling a massscan port scanner and an nmap port scanner in an asynchronous request mode, scanning 1-65534 ports of the items, and collecting scanning results to generate an html format report;
and setting a proxy server of the browser as an address of the proxy server by using a passive interface scanner, and when the browser accesses the item address, receiving a request of the browser by the passive interface scanner and carrying out security scanning and statistics on a requested interface.
2. The active risk monitoring method for website-oriented projects of claim 1,
the step S2 further includes:
using an awvs vulnerability scanner, a news vulnerability scanner and an appscan vulnerability scanner as active vulnerability scanners, calling interfaces of the scanners, and configuring a scanning task by a Django framework; and setting a timing task or an uninterrupted task by using a celery task scheduler, and carrying out safety scanning on the project in real time.
3. The active risk monitoring method for website item according to claim 1,
the step S3 includes:
and opening a proxy port through the active security vulnerability scanner, using the proxy port to access the website, and monitoring the vulnerability of the interface after the active security vulnerability scanner receives the interface.
4. The active risk monitoring method for website item according to claim 1,
the step S4 includes:
if the html format report contains an abnormal record; the html format report is added to the monitoring report.
5. An active risk monitoring system for a website project, comprising:
the system comprises a setting unit, a processing unit and a processing unit, wherein the setting unit is used for setting an active vulnerability scanner, a passive interface scanner and a port scanner on a cloud server as preset scanners;
the access unit is used for adding the batch websites to the preset scanner and starting the preset scanner to execute the monitoring task;
the active vulnerability scanner is used for calling an interface of the scanner, configuring a scanning task by a Django framework, and setting a timing task or an uninterrupted task;
the passive interface scanner is used for setting a proxy server of the browser as an address of the proxy server, receiving a request of the browser when the browser accesses a project address, and performing security scanning and statistics on the requested interface;
the port scanner is used for judging whether the target server uses the waf and cdn services or not, trying to acquire the ip address of the target server and scanning the open port of the target server; comparing the scanning result with a known developed port white list, and if port information of a non-white list is found, recording and storing and carrying out alarm prompt; calling a massscan port scanner and an nmap port scanner in an asynchronous request mode, scanning 1-65534 ports of the items, and collecting scanning results to generate an html format report;
and the output unit is used for generating a monitoring report according to the monitoring result.
6. An active risk monitoring device for website projects, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the active risk monitoring method for website-oriented projects according to any one of claims 1 to 4 when executing the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011393767.7A CN112565244B (en) | 2020-12-03 | 2020-12-03 | Active risk monitoring method, system and equipment for website projects |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011393767.7A CN112565244B (en) | 2020-12-03 | 2020-12-03 | Active risk monitoring method, system and equipment for website projects |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112565244A CN112565244A (en) | 2021-03-26 |
| CN112565244B true CN112565244B (en) | 2022-06-21 |
Family
ID=75047440
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011393767.7A Active CN112565244B (en) | 2020-12-03 | 2020-12-03 | Active risk monitoring method, system and equipment for website projects |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112565244B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114666104A (en) * | 2022-03-09 | 2022-06-24 | 国能信息技术有限公司 | Penetration testing method, system, computer equipment and storage medium |
| WO2024039354A1 (en) * | 2022-08-18 | 2024-02-22 | Istanbul Medipol Universitesi | A penetration testing method and system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106982194A (en) * | 2016-01-19 | 2017-07-25 | 中国移动通信集团河北有限公司 | Vulnerability scanning method and device |
| CN111291384A (en) * | 2020-04-28 | 2020-06-16 | 杭州海康威视数字技术股份有限公司 | Vulnerability scanning method and device and electronic equipment |
| CN112003864A (en) * | 2020-08-25 | 2020-11-27 | 上海聚水潭网络科技有限公司 | Website security detection system and method based on full flow |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9438634B1 (en) * | 2015-03-13 | 2016-09-06 | Varmour Networks, Inc. | Microsegmented networks that implement vulnerability scanning |
| CN111711613B (en) * | 2020-05-26 | 2022-05-13 | 微梦创科网络科技(中国)有限公司 | Network security vulnerability scanning method and system |
-
2020
- 2020-12-03 CN CN202011393767.7A patent/CN112565244B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106982194A (en) * | 2016-01-19 | 2017-07-25 | 中国移动通信集团河北有限公司 | Vulnerability scanning method and device |
| CN111291384A (en) * | 2020-04-28 | 2020-06-16 | 杭州海康威视数字技术股份有限公司 | Vulnerability scanning method and device and electronic equipment |
| CN112003864A (en) * | 2020-08-25 | 2020-11-27 | 上海聚水潭网络科技有限公司 | Website security detection system and method based on full flow |
Non-Patent Citations (1)
| Title |
|---|
| 基于端口扫描和插件的网络漏洞扫描系统的总体设计模型;韩冰;《黑龙江科技信息》;20090115(第02期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112565244A (en) | 2021-03-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111522922B (en) | Log information query method and device, storage medium and computer equipment | |
| Tien et al. | KubAnomaly: Anomaly detection for the Docker orchestration platform with neural network approaches | |
| CN108664793B (en) | Method and device for detecting vulnerability | |
| CN112565244B (en) | Active risk monitoring method, system and equipment for website projects | |
| CN105391729A (en) | Web loophole automatic mining method based on fuzzy test | |
| US20200184847A1 (en) | A system and method for on-premise cyber training | |
| CN108459850B (en) | Method, device and system for generating test script | |
| CN111767573A (en) | Database security management method and device, electronic equipment and readable storage medium | |
| CN114024764A (en) | Monitoring method, monitoring system, equipment and storage medium for abnormal access of database | |
| CN113868659B (en) | Vulnerability detection method and system | |
| CN114244564B (en) | Attack defense method, device, equipment and readable storage medium | |
| CN112948224B (en) | Data processing method, device, terminal and storage medium | |
| CN115396182A (en) | Industrial control safety automatic arrangement and response method and system | |
| CN115361203A (en) | Vulnerability analysis method based on distributed scanning engine | |
| US20080072321A1 (en) | System and method for automating network intrusion training | |
| CN113362173A (en) | Anti-duplication mechanism verification method, anti-duplication mechanism verification system, electronic equipment and storage medium | |
| CN113162937A (en) | Application safety automatic detection method, system, electronic equipment and storage medium | |
| CN112380478A (en) | Webpage screenshot method and device, computer equipment and computer-readable storage medium | |
| CN111125066A (en) | Method and device for detecting functions of database audit equipment | |
| CN115643044A (en) | Data processing method, device, server and storage medium | |
| CN112329021B (en) | Method and device for checking application loopholes, electronic device and storage medium | |
| CN115378655A (en) | Vulnerability detection method and device | |
| CN114462030A (en) | Privacy policy processing and evidence obtaining method, device, equipment and storage medium | |
| CN112487433A (en) | Vulnerability detection method and device and storage medium | |
| CN113569083A (en) | Intelligent sound box local end digital evidence obtaining system and method based on data traceability model |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PP01 | Preservation of patent right |
Effective date of registration: 20230704 Granted publication date: 20220621 |
|
| PP01 | Preservation of patent right |