CN112615848A - Vulnerability repair state detection method and system - Google Patents

Vulnerability repair state detection method and system Download PDF

Info

Publication number
CN112615848A
CN112615848A CN202011471346.1A CN202011471346A CN112615848A CN 112615848 A CN112615848 A CN 112615848A CN 202011471346 A CN202011471346 A CN 202011471346A CN 112615848 A CN112615848 A CN 112615848A
Authority
CN
China
Prior art keywords
vulnerability
detected
equipment
component information
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011471346.1A
Other languages
Chinese (zh)
Other versions
CN112615848B (en
Inventor
周延平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Dajia Internet Information Technology Co Ltd
Original Assignee
Beijing Dajia Internet Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Dajia Internet Information Technology Co Ltd filed Critical Beijing Dajia Internet Information Technology Co Ltd
Priority to CN202011471346.1A priority Critical patent/CN112615848B/en
Publication of CN112615848A publication Critical patent/CN112615848A/en
Application granted granted Critical
Publication of CN112615848B publication Critical patent/CN112615848B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The disclosure relates to a vulnerability repair state detection method and a system, wherein the method comprises the steps of carrying out vulnerability detection on equipment to be detected, determining a current vulnerability identification corresponding to a vulnerability under the condition that the equipment to be detected has the vulnerability, and executing vulnerability repair corresponding to the current vulnerability identification on the equipment to be detected; monitoring a vulnerability exploiting program publishing platform and acquiring latest vulnerability exploiting program information; the latest information of the vulnerability exploiting program comprises a plurality of vulnerability exploiting programs and a plurality of corresponding vulnerability identifications, wherein the vulnerability exploiting programs are used for attacking to-be-detected equipment by utilizing system vulnerabilities; judging whether a current vulnerability identification exists in the plurality of vulnerability identifications; and if so, determining the vulnerability program corresponding to the current vulnerability identification from the plurality of vulnerability programs, detecting the equipment to be detected by using the vulnerability program and obtaining the repair state of the equipment to be detected. The method and the device can truly and accurately determine the true repair state of the equipment to be detected.

Description

Vulnerability repair state detection method and system
Technical Field
The present disclosure relates to the field of network information security technologies, and in particular, to a vulnerability repair state detection method and system.
Background
In the field of network security, vulnerabilities have three stages from discovery to resolution: a 0DAY stage, a 1DAY stage, and a 2DAY stage. In the related technology, at the 1DAY stage and the 2DAY stage, some hackers attack the equipment to be detected based on the bug, and the bug detection server performs bug detection, bug early warning and bug fixing on the equipment to be detected so as to ensure that the equipment to be detected can resist the attack and normally operate.
At present, for a bug, after a bug detection server performs bug fixing on a device to be detected, the bug fixing of the device to be detected is considered to be successful, that is, the device to be detected can resist the attack of a hacker on the bug. However, after the bug is repaired successfully, the device to be detected may not be able to resist the attack of hackers on the bug.
In the related art, the vulnerability detection server theoretically determines that the vulnerability of the device to be detected is successfully repaired, but the vulnerability detection server cannot indicate the real repairing state of the device to be detected, namely, the repairing state of the device to be detected cannot be accurately obtained in the prior art.
Disclosure of Invention
The disclosure provides a vulnerability repair state detection method and system, which at least solve the problem that the repair state of a device to be detected cannot be accurately obtained in the related technology. The technical scheme of the disclosure is as follows:
according to a first aspect of the embodiments of the present disclosure, a method for detecting a bug fix state is provided, including:
detecting a leak of equipment to be detected, determining a current leak identifier corresponding to the leak under the condition that the equipment to be detected has the leak, and performing leak repairing corresponding to the current leak identifier on the equipment to be detected;
monitoring a vulnerability exploiting program publishing platform and acquiring latest vulnerability exploiting program information; the latest information of the vulnerability exploiting program comprises a plurality of vulnerability exploiting programs and a plurality of corresponding vulnerability identifications, wherein the vulnerability exploiting programs are used for attacking the to-be-detected equipment by utilizing system vulnerabilities;
judging whether the current vulnerability identification exists in the plurality of vulnerability identifications;
and if so, determining the vulnerability utilization program corresponding to the current vulnerability identification from the vulnerability utilization programs, and detecting the equipment to be detected and obtaining the repair state of the equipment to be detected by using the vulnerability utilization program.
Wherein, treat that the check out test set carries out leak detection treat check out test set confirm under having the condition of leak the current vulnerability identification that the leak corresponds includes:
monitoring a vulnerability publishing platform and acquiring latest vulnerability information; the latest vulnerability information comprises component information corresponding to a component with the latest vulnerability;
acquiring a component information set of the equipment to be detected;
if the component information set and the latest vulnerability information have the same component information, determining that the equipment to be detected has a vulnerability;
and determining the current vulnerability identification of the vulnerability corresponding to the same component information.
The method for verifying the equipment to be detected and obtaining the repair state of the equipment to be detected by utilizing the vulnerability utilizing program comprises the following steps:
sending the IP address and the port number corresponding to the same component information in the equipment to be detected to the vulnerability exploiting program;
after the vulnerability exploiting program initiates attacks to the IP address and the port number of the equipment to be detected, receiving a feedback result sent by the equipment to be detected;
under the condition that the feedback result is the first feedback result, determining that the repair state of the device to be detected is not successfully repaired;
and under the condition that the feedback result is a second feedback result, determining that the repair state of the equipment to be detected is the repair success.
Wherein the component information set includes:
a plurality of non-standard component information, a plurality of standard component information, and a plurality of service component information;
the nonstandard component is a component which is not installed under the specified installation path of the equipment to be detected;
the standard component is a component arranged under the appointed installation path of the equipment to be detected;
the service component is a service component which is deployed in a server connected with the equipment to be detected and provides service for the equipment to be detected.
Wherein, the obtaining of the component information set of the device to be detected comprises: acquiring a component information set of equipment to be detected from a database server;
wherein the database server is configured to:
receiving a plurality of standard component information of the equipment to be detected obtained by the first server by utilizing the executable command, and obtaining a plurality of non-standard component information of the equipment to be detected under the installation directory of the non-standard components; and the number of the first and second groups,
receiving information of a plurality of service components, which are opened to the outside, of the equipment to be detected, which is obtained by a second server through an external program scanning mode;
and performing a deduplication operation on the plurality of service component information, the plurality of standard component information and the plurality of non-standard component information, and storing the plurality of service component information, the plurality of standard component information and the plurality of non-standard component information after the deduplication operation.
According to a second aspect of the embodiments of the present disclosure, there is provided a bug fix state detection system, which includes: the system comprises one or more devices to be detected, a vulnerability exploiting program publishing platform and a vulnerability detecting server;
the vulnerability exploiting program publishing platform is configured to acquire and store latest vulnerability exploiting program information; the latest information of the vulnerability exploiting program comprises a plurality of vulnerability exploiting programs and a plurality of corresponding vulnerability identifications, wherein the vulnerability exploiting programs are used for attacking the to-be-detected equipment by utilizing system vulnerabilities;
the vulnerability detection server is configured to detect vulnerabilities of equipment to be detected, determine a current vulnerability identification corresponding to the vulnerability under the condition that the equipment to be detected has the vulnerability, and perform vulnerability repair corresponding to the current vulnerability identification on the equipment to be detected; monitoring a vulnerability exploiting program publishing platform and acquiring latest vulnerability exploiting program information; judging whether the current vulnerability identification exists in the plurality of vulnerability identifications; and if so, determining the vulnerability utilization program corresponding to the current vulnerability identification from the vulnerability utilization programs, and detecting the equipment to be detected and obtaining the repair state of the equipment to be detected by using the vulnerability utilization program.
Wherein the system further comprises:
the vulnerability publishing platform is used for acquiring and storing latest vulnerability information; the latest vulnerability information comprises component information corresponding to a component with the latest vulnerability;
the vulnerability detection server carries out vulnerability detection on the to-be-detected equipment, determines the current vulnerability identification corresponding to the vulnerability under the condition that the to-be-detected equipment has the vulnerability, and specifically comprises the following steps:
the vulnerability detection server is configured to monitor a vulnerability publishing platform and obtain latest vulnerability information; acquiring a component information set of the equipment to be detected; if the component information set and the latest vulnerability information have the same component information, determining that the equipment to be detected has a vulnerability; and determining the current vulnerability identification of the vulnerability corresponding to the same component information.
Wherein the vulnerability detection server utilizes the vulnerability utilization program to verify the equipment to be detected and obtain the repair state of the equipment to be detected, and the vulnerability detection server specifically comprises:
the vulnerability detection server sends the IP address and the port number corresponding to the same component information in the equipment to be detected to the vulnerability utilization program; after the vulnerability exploiting program initiates attacks to the IP address and the port number of the equipment to be detected, receiving a feedback result sent by the equipment to be detected; under the condition that the feedback result is the first feedback result, determining that the repair state of the device to be detected is not successfully repaired; and under the condition that the feedback result is a second feedback result, determining that the repair state of the equipment to be detected is the repair success.
Wherein the component information set includes:
a plurality of non-standard component information, a plurality of standard component information, and a plurality of service component information;
the nonstandard component is a component which is not installed under the specified installation path of the equipment to be detected;
the standard component is a component arranged under the appointed installation path of the equipment to be detected;
the service component is a service component which is deployed in a server connected with the equipment to be detected and provides service for the equipment to be detected.
Wherein the system further comprises:
the first server is connected with the one or more devices to be detected;
the second server is connected with the one or more devices to be detected;
a database server connected to the first server and the second server;
the system comprises one or more devices to be detected, a server and a server, wherein the one or more devices to be detected are provided with clients, and the first server is provided with the server;
the client side of the device to be detected is configured to utilize the plurality of standard component information acquired by the executable command and the plurality of non-standard component information acquired under the installation directory of the non-standard components, and send the plurality of standard component information and the plurality of non-standard component information to the first server;
a first server configured to forward the plurality of standard component information and the plurality of non-standard component information to a database server;
the second server is configured to acquire a plurality of pieces of service component information, which is open to the outside, of the equipment to be detected in an external program scanning mode, and send the plurality of pieces of service component information to the database server;
a database server configured to perform a deduplication operation on the plurality of service component information, the plurality of standard component information, and the plurality of non-standard component information, and store the plurality of service component information, the plurality of standard component information, and the plurality of non-standard component information after the deduplication operation;
the vulnerability detection server is configured to acquire the component information set of the equipment to be detected from the database server.
According to a third aspect of the embodiments of the present disclosure, there is provided a server, including:
a processor;
a memory for storing the processor-executable instructions;
wherein the processor is configured to execute the instructions to implement the bug fix state detection method of the first aspect.
According to a fourth aspect of embodiments of the present disclosure, there is provided a storage medium including:
the instructions in the storage medium, when executed by a processor of a server, enable the server to perform the bug fix state detection method of the first aspect.
According to a fifth aspect of the embodiments of the present disclosure, there is provided a computer program product, and instructions of the computer program product, when executed by a processor of a server, enable the server to execute the bug fix state detection method according to the first aspect.
The technical scheme provided by the embodiment of the disclosure at least brings the following beneficial effects:
the method and the device can detect the vulnerability of the equipment to be detected, determine the current vulnerability identification corresponding to the vulnerability under the condition that the equipment to be detected has the vulnerability, and execute the vulnerability repair corresponding to the current vulnerability identification on the equipment to be detected.
The vulnerability detection server monitors a vulnerability exploitation program publishing platform and acquires latest vulnerability exploitation program information; the latest information of the vulnerability exploiting program comprises a plurality of vulnerability exploiting programs and a plurality of corresponding vulnerability identifications.
The vulnerability detection server judges whether the current vulnerability identification exists in the plurality of vulnerability identifications; if the current vulnerability identification exists, the vulnerability utilization program which utilizes the vulnerability of the equipment to be detected is indicated to be present, so that the vulnerability utilization program corresponding to the current vulnerability identification is determined from the plurality of vulnerability utilization programs.
And then, the vulnerability utilization program is utilized to truly detect the equipment to be detected and obtain the repair state of the equipment to be detected. That is, according to the vulnerability detection method and the vulnerability detection server, after the vulnerability of the equipment to be detected is theoretically confirmed to be successfully repaired, the vulnerability utilization program is truly utilized to attack the equipment to be detected so as to verify the actual repairing state of the equipment to be detected.
Therefore, the method and the device can truly and accurately determine the true repair state of the device to be detected.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and, together with the description, serve to explain the principles of the disclosure and are not to be construed as limiting the disclosure.
Fig. 1 is a flowchart illustrating a first embodiment of a vulnerability fix state detection method according to an exemplary embodiment;
FIG. 2 is a flow diagram illustrating yet another embodiment of a vulnerability fix state detection method, according to an example embodiment;
FIG. 3 is a block diagram illustrating a vulnerability fix state detection system, according to an example embodiment;
fig. 4 is a flowchart illustrating a second embodiment of a vulnerability fix state detection method according to an exemplary embodiment;
FIG. 5 is a block diagram illustrating a server in accordance with an example embodiment.
Detailed Description
In order to make the technical solutions of the present disclosure better understood by those of ordinary skill in the art, the technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings.
It should be noted that the terms "first," "second," and the like in the description and claims of the present disclosure and in the above-described drawings are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the disclosure described herein are capable of operation in sequences other than those illustrated or otherwise described herein. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
Fig. 1 is a flowchart illustrating a first embodiment of a vulnerability repair state detection method according to an exemplary embodiment, where the vulnerability repair state detection method is applied to a vulnerability detection server and includes the following steps.
In step S101, the vulnerability detection server performs vulnerability detection on a device to be detected, determines a current vulnerability identification corresponding to the vulnerability when the device to be detected has a vulnerability, and performs vulnerability repair corresponding to the current vulnerability identification on the device to be detected.
Referring to fig. 2, this step can be implemented by the following steps:
in step S201, the monitoring vulnerability publishing platform obtains the latest vulnerability information; the latest vulnerability information comprises a plurality of latest vulnerability identifications and a plurality of component information sets corresponding to the latest vulnerability identifications, and each component information set comprises component information to which a component with a vulnerability corresponding to the vulnerability identification belongs.
The vulnerability publishing platform is one or more platforms special for collecting vulnerabilities, wherein vulnerabilities can appear in the Internet at irregular intervals, and the vulnerabilities can be collected by the vulnerability publishing platform. In order to distinguish different vulnerabilities, the vulnerability publishing platform sets a unique identifier for each vulnerability.
The component may be hacked due to the existence of the vulnerability, so that the component is paralyzed or abnormal, and therefore, the vulnerability publishing platform further analyzes and determines a component information set corresponding to each vulnerability, wherein each component information set comprises component information of the component with the vulnerability corresponding to the vulnerability identification.
For a vulnerability, the vulnerability publishing platform analyzes and determines a plurality of components affected by the vulnerability, namely, a plurality of components with the vulnerability may be attacked by hackers. Then, a plurality of component information corresponding to the plurality of components may be respectively determined, each component information may include information such as a component name, a component identifier, and a component version, and the plurality of component information constitutes a component information set of the vulnerability.
A time difference exists between the time when a bug appears and the time when the latest bug information containing the bug is collected by the bug publishing platform, so that the bug detecting server can continuously monitor the bug publishing platform and obtain the latest bug information. Therefore, the vulnerability detection server can be ensured to acquire the latest vulnerability information in time, and effectiveness and accuracy are improved.
In step S202, the vulnerability detection server obtains a component information set of the device to be detected.
The vulnerability detection server can acquire all component information sets of the equipment to be detected, and the all component information sets of the equipment to be detected comprise:
a plurality of non-standard component information, a plurality of standard component information, and a plurality of service component information;
the standard component is a component which is arranged under the appointed installation path of the equipment to be detected; the standard component information includes component identification, component version identification, component address information, and maintenance personnel information.
The non-standard component is a component which is not installed under the appointed installation path of the equipment to be detected; the non-standard component information includes component identification, component version identification, component address information, and maintenance personnel information.
The service component is deployed in a server connected with the equipment to be detected and provides service for the equipment to be detected, and the service component information comprises component identification, component version identification, component address information and maintenance personnel information.
In practical application, a vulnerability detection server acquires a component information set of equipment to be detected from a database server; the database server is configured to:
receiving a plurality of standard component information of the equipment to be detected obtained by the first server by utilizing the executable command, and obtaining a plurality of non-standard component information of the equipment to be detected under the installation directory of the non-standard components; and the number of the first and second groups,
receiving information of a plurality of service components, which are opened to the outside, of the equipment to be detected, which is obtained by a second server through an external program scanning mode;
and performing a deduplication operation on the plurality of service component information, the plurality of standard component information and the plurality of non-standard component information, and storing the plurality of service component information, the plurality of standard component information and the plurality of non-standard component information after the deduplication operation.
The component information set in the disclosure has the component information of the standard component and the component information of the non-standard component, so that the component information set of the equipment to be detected is more comprehensive, the equipment to be detected can be more comprehensively monitored for leaks, and the comprehensiveness of leak monitoring is improved. In addition, the service component information is added to the component information set, and the comprehensiveness of vulnerability detection can be further improved.
This step will be described in detail in the embodiment shown in fig. 4, and will not be described again here.
In step S203, the vulnerability detection server determines whether the latest vulnerability information and the component information set of the device to be detected have the same component information.
The latest vulnerability information is acquired by the vulnerability detection server from the vulnerability publishing platform, the latest vulnerability information comprises a plurality of latest vulnerability identifications and a plurality of component information sets corresponding to the latest vulnerability identifications, and each component information set comprises component information to which a component with a vulnerability corresponding to the vulnerability identification belongs. The component information set of the device to be detected is all the component information of the device to be detected. The vulnerability detection server judges whether the latest vulnerability information and the component information set of the equipment to be detected have the same component information, namely judges whether the latest vulnerability information and the component information set of the equipment to be detected have intersection, and if the latest vulnerability information and the component information set of the equipment to be detected have the intersection, the vulnerability detection server indicates that the equipment to be detected has a vulnerability and the possibility of being attacked by the latest vulnerability exists.
And if the component information set and the latest vulnerability information have the same component information, determining that the equipment to be detected has the vulnerability, and entering step S204, otherwise determining that the equipment to be detected does not have the vulnerability, and entering step S201.
In step S204, the vulnerability detection server determines a current vulnerability identification of the vulnerability corresponding to the same component information.
One vulnerability corresponds to one vulnerability identification, and one vulnerability corresponds to one component information set. And the vulnerability detection server determines vulnerability identification of the corresponding vulnerability of the same component information and takes the vulnerability identification as the current vulnerability identification.
In step S205, the maintainer information corresponding to the same component information is determined, and a prompt message is sent to the maintainer based on the maintainer information.
If the component in the equipment to be detected has a leak, in order to repair the component in the equipment to be detected as soon as possible, maintainer information in the same component information can be determined, and a prompt message is sent to maintainers based on the maintainer information.
The maintainer information may include phone number, instant messaging software number, mailbox, etc. information to synchronize the component information affected by the vulnerability to the corresponding maintainer, and the synchronization may include, but is not limited to, mail, instant messaging software, short message, telephone, etc. Step S206: and the vulnerability detection server executes vulnerability repair corresponding to the current vulnerability identification on the equipment to be detected.
The vulnerability detection server can determine a patch program corresponding to the current vulnerability identification under the control of maintenance personnel or automatically execute an existing repairing program, and then execute the patch program on the equipment to be detected so as to carry out vulnerability repairing on the equipment to be detected.
Step S101 is executed, step S102 is executed, the vulnerability detection server monitors a vulnerability exploitation program publishing platform, and latest vulnerability exploitation program information is obtained; the latest information of the vulnerability exploiting program comprises a plurality of vulnerability exploiting programs and a plurality of corresponding vulnerability identifications, wherein the vulnerability exploiting programs are used for attacking the to-be-detected equipment by utilizing system vulnerabilities.
The vulnerability exploiting program publishing platform is one or more platforms which are specially used for collecting vulnerability exploiting programs, after a vulnerability occurs, the vulnerability exploiting programs which exploit the vulnerability gradually appear in the Internet, and the vulnerability exploiting programs are used for attacking the to-be-detected equipment by using system vulnerabilities.
The vulnerability exploiting program publishing platform collects the vulnerability exploiting programs and stores the vulnerability exploiting programs and vulnerability identifications corresponding to the vulnerabilities in an associated mode. That is, one vulnerability corresponds to one vulnerability identification, corresponds to one component information set, and corresponds to one or more vulnerability exploiting programs.
The vulnerability exploiting program publishing platform can continuously acquire and store latest vulnerability exploiting program information, wherein the latest vulnerability program information comprises a plurality of vulnerability exploiting programs and a plurality of corresponding vulnerability identifications.
In step S103, the vulnerability detection server determines whether the current vulnerability identification exists in the plurality of vulnerability identifications. If the signal exists, the process proceeds to step S104, and if the signal does not exist, the process proceeds to step S102.
Because the vulnerability appears first in the internet and then the vulnerability exploiting program for exploiting the vulnerability appears gradually, time difference exists, and therefore the latest vulnerability program information in the vulnerability exploiting program publishing platform does not necessarily have the vulnerability program corresponding to the current vulnerability identification.
Therefore, the vulnerability detection server will determine whether the current vulnerability identification exists in the plurality of vulnerability identifications in the latest vulnerability exploiting program information, and if so, the step S104 is executed; if not, the process goes to step S102, and the latest information of the exploit program is continuously obtained from the exploit program publishing platform.
In step S104, if the detected device is detected, determining a vulnerability utilization program corresponding to the current vulnerability identification from the vulnerability utilization programs, and detecting the device to be detected and obtaining a repair state of the device to be detected by using the vulnerability utilization program.
And if the current vulnerability identification exists in the plurality of vulnerability identifications in the latest vulnerability program information, determining the vulnerability program corresponding to the current vulnerability identification from the plurality of vulnerability programs in the latest vulnerability program information.
The method comprises the steps that the equipment to be detected is provided with a vulnerability corresponding to a current vulnerability identification, the vulnerability utilization program is a vulnerability utilization program utilizing the vulnerability corresponding to the current vulnerability identification, and then the vulnerability utilization program is utilized to detect the equipment to be detected and obtain the repair state of the equipment to be detected.
The detection of the equipment to be detected and the acquisition of the repair state of the equipment to be detected by utilizing the loophole utilization program can be realized by adopting the following modes:
the vulnerability detection server determines the IP address and the port number which are needed to be used by the same component information in the equipment to be detected, and then sends the IP address and the port number corresponding to the same component information in the equipment to be detected to the vulnerability utilization program.
And then the vulnerability exploiting program can initiate an attack to the IP address and the port number of the equipment to be detected, namely the vulnerability exploiting program sends the attack to the equipment to be detected, and then the vulnerability exploiting program can receive a feedback result sent by the equipment to be detected.
And under the condition that the feedback result is the first feedback result, determining that the repair state of the equipment to be detected is not successfully repaired. And under the condition that the feedback result is a second feedback result, determining that the repair state of the equipment to be detected is the repair success. The first feedback result is a preset result used for indicating that the equipment to be detected is attacked, and the second feedback result is a preset result used for indicating that the equipment to be detected is not attacked.
The technical scheme provided by the embodiment of the disclosure at least brings the following beneficial effects:
the method and the device can detect the vulnerability of the equipment to be detected, determine the current vulnerability identification corresponding to the vulnerability under the condition that the equipment to be detected has the vulnerability, and execute the vulnerability repair corresponding to the current vulnerability identification on the equipment to be detected.
In order to truly obtain the vulnerability exploitation program which utilizes the existing vulnerability of the equipment to be detected, the vulnerability detection server monitors a vulnerability exploitation program publishing platform and obtains the latest vulnerability exploitation program information; the latest information of the vulnerability exploiting program comprises a plurality of vulnerability exploiting programs and a plurality of corresponding vulnerability identifications.
The vulnerability detection server judges whether the current vulnerability identification exists in the plurality of vulnerability identifications; if the detected vulnerability exists, the vulnerability utilization program which utilizes the existing vulnerability of the equipment to be detected is indicated to be present, so that the vulnerability utilization program corresponding to the current vulnerability identification is determined from the plurality of vulnerability utilization programs, then the vulnerability utilization program is utilized to detect the equipment to be detected and the repairing state of the equipment to be detected is obtained.
The vulnerability utilization program can utilize the system vulnerability to attack the equipment to be detected so as to truly detect the equipment to be detected after vulnerability repair. It can be understood that the equipment to be detected can resist the attack of the exploit program, if so, the repair state is good, and the equipment to be detected cannot resist the attack of the exploit program, and if so, the repair state is not good.
The method and the device can truly and accurately determine the true repair state of the equipment to be detected.
Fig. 3 is a schematic structural diagram illustrating a vulnerability fix state detection system according to an exemplary embodiment. Referring to fig. 3, the vulnerability repair status detection system includes:
one or more devices 100 to be tested (three devices to be tested are used as an example in the illustration);
a first server 200 connected to the one or more devices under test 100;
a second server 300 connected to the one or more devices to be detected 100;
a database server 400 connected to the first server and the second server.
The client is installed in one or more devices to be detected 100, and the server is installed in the first server.
A vulnerability detection server 500 connected to the database server 400;
a vulnerability publishing platform 600 connected to the vulnerability detection server 500;
and the vulnerability exploiting program publishing platform 700 is connected with the vulnerability detecting server 500.
The client of the device 100 to be detected is configured to send the standard component information and the non-standard component information to the first server by using the standard component information and the non-standard component information acquired in the installation directory of the non-standard component;
a first server 200 configured to forward a plurality of standard component information and a plurality of non-standard component information to a database server;
the second server 300 is configured to acquire a plurality of pieces of service component information, which is open to the outside, of the device to be detected in an external program scanning manner, and send the plurality of pieces of service component information to the database server;
a database server 400 configured to perform a deduplication operation on the plurality of service component information, the plurality of standard component information, and the plurality of non-standard component information, and store the plurality of service component information, the plurality of standard component information, and the plurality of non-standard component information after the deduplication operation;
the vulnerability detection server 500 is configured to obtain the component information set of the device to be detected from the database server.
The vulnerability detection server 500 is further configured to perform vulnerability detection on the device to be detected, determine a current vulnerability identification corresponding to the vulnerability under the condition that the device to be detected has the vulnerability, and perform vulnerability repair corresponding to the current vulnerability identification on the device to be detected; monitoring a vulnerability exploiting program publishing platform and acquiring latest vulnerability exploiting program information; judging whether the current vulnerability identification exists in the plurality of vulnerability identifications; and if so, determining the vulnerability utilization program corresponding to the current vulnerability identification from the vulnerability utilization programs, and detecting the equipment to be detected and obtaining the repair state of the equipment to be detected by using the vulnerability utilization program.
The vulnerability publishing platform 600 is one or more platforms specially used for collecting vulnerabilities, and can collect vulnerabilities at irregular intervals in the internet. In order to distinguish different vulnerabilities, the vulnerability publishing platform sets a unique identifier for each vulnerability.
The component may be hacked due to the existence of the vulnerability, so that the component is paralyzed or abnormal, and therefore, the vulnerability publishing platform further analyzes and determines a component information set corresponding to each vulnerability, wherein each component information set comprises component information of the component with the vulnerability corresponding to the vulnerability identification.
For a vulnerability, the vulnerability publishing platform analyzes and determines a plurality of components affected by the vulnerability, namely, a plurality of components with the vulnerability may be attacked by hackers. Then, a plurality of component information corresponding to the plurality of components may be respectively determined, each component information may include information such as a component name, a component identifier, and a component version, and the plurality of component information constitutes a component information set of the vulnerability.
Wherein, the exploit program publishing platform 700 is configured to obtain and store the latest exploit program information; the latest information of the vulnerability exploiting program comprises a plurality of vulnerability exploiting programs and a plurality of corresponding vulnerability identifications, wherein the vulnerability exploiting programs are used for attacking the to-be-detected equipment by utilizing system vulnerabilities.
The exploit program publishing platform 700 is one or more platforms specially used for collecting exploit programs, and after a vulnerability occurs, an exploit program using the vulnerability gradually appears in the internet, and the exploit program is used for attacking the device to be detected by using a system vulnerability.
The vulnerability exploiting program publishing platform collects the vulnerability exploiting programs and stores the vulnerability exploiting programs and vulnerability identifications corresponding to the vulnerabilities in an associated mode. That is, one vulnerability corresponds to one vulnerability identification, corresponds to one component information set, and corresponds to one or more vulnerability exploiting programs.
The vulnerability exploiting program publishing platform can continuously acquire and store latest vulnerability exploiting program information, wherein the latest vulnerability program information comprises a plurality of vulnerability exploiting programs and a plurality of corresponding vulnerability identifications.
The detailed implementation process of the bug fix state detection system is described in detail in the embodiment shown in fig. 4.
Fig. 4 is a flowchart illustrating a second embodiment of a vulnerability fix state detection method according to an exemplary embodiment, which includes the following steps.
In step S401, the client of the device to be tested obtains a plurality of standard component information by using the executable command, and a plurality of non-standard component information obtained under the installation directory of the non-standard component.
The client can periodically execute the following two operations:
a first operation: the client can acquire the information of the plurality of standard components of the equipment to be detected through the executable command, namely the client does not need to know the installation catalog of the standard components, and the information of the plurality of standard components can be acquired through the executable command at one time, so that the method is simple and quick.
A second operation: an installation catalog of the non-standard component is stored in the client in advance. Non-standard component information may also be obtained for more comprehensive obtaining of component information. The client can directly acquire a plurality of pieces of information of the non-standard components under the installation directory of the non-standard components. The installation catalog of the non-standard component can be one or more, and one or more pieces of non-standard component information can be obtained under the installation catalog of each non-standard component.
In step S402, the client sends the standard component information and the non-standard component information to the first server, and the first server forwards the standard component information and the non-standard component information to the database server.
It is understood that different components are responsible for different maintenance personnel, so that the maintenance personnel information can be obtained together with the component information. The standard component information comprises a component identifier, a component version identifier, component address information and maintainer information; the non-standard component information includes component identification, component version identification, component address information, and maintenance personnel information.
The client communicates with a server in the first server to send standard component information and non-standard component information to the first server.
In step S403, the second server obtains information of a plurality of service components, which are open to the outside, of the device to be detected in an external program scanning manner.
Besides standard components and non-standard components, the device to be detected also has service components which are open to the outside. For example, taking a service component as a WEB application as an example, the WEB application is deployed on the device to be detected in a source code manner, so that the WEB application cannot be acquired through an executable command, and the acquisition is inconvenient through a directory installation manner.
For the service components of the equipment to be detected, which are open to the outside, the second server can start an external program scanning mode to scan the external programs of one or more equipment to be detected, so as to obtain information of a plurality of service components of the one or more equipment to be detected, which are open to the outside.
The service component information includes a component identifier, a component version identifier, component address information, and maintenance personnel information.
In step S404, the second server sends the plurality of service component information to the database server.
In step S405, the database server performs a deduplication operation on the plurality of service component information, the plurality of standard component information, and the plurality of non-standard component information, and stores the plurality of service component information, the plurality of standard component information, and the plurality of non-standard component information after the deduplication operation.
Some service components also belong to standard components or non-standard components, so that the service components and the standard components or the non-standard components are overlapped, and in order to avoid repetition, the host information, the component identification and the component version identification can be used as main keys to perform deduplication operation on the plurality of service component information, the plurality of standard component information and the plurality of non-standard component information.
In this embodiment, except for more comprehensively obtaining the component information of the device to be detected and improving the comprehensiveness, the duplicate removal operation can be performed on the component information obtained in multiple ways, and redundancy is avoided.
In step S406, the vulnerability detection server acquires and stores the component information set of the device to be detected from the database server; the component information set comprises a plurality of standard component information acquired by using an executable command, a plurality of non-standard component information acquired under an installation directory of a non-standard component, and a plurality of service component information which is open to the outside of the equipment to be detected and acquired in an external program scanning mode.
In step S407, the vulnerability detection server performs vulnerability detection on the device to be detected, determines a current vulnerability identification corresponding to the vulnerability under the condition that the device to be detected has a vulnerability, and performs vulnerability repair corresponding to the current vulnerability identification on the device to be detected.
In step S408, the vulnerability detection server monitors the vulnerability exploitation program publishing platform to obtain the latest vulnerability exploitation program information; the latest information of the vulnerability exploiting program comprises a plurality of vulnerability exploiting programs and a plurality of corresponding vulnerability identifications, wherein the vulnerability exploiting programs are used for attacking the to-be-detected equipment by utilizing system vulnerabilities.
In step S409, the vulnerability detection server determines whether the current vulnerability identification exists in the plurality of vulnerability identifications. If the signal exists, the process proceeds to step S410, and if the signal does not exist, the process proceeds to step S408.
In step S410, if the detected device is detected, determining a bug exploitation program corresponding to the current bug identification from the multiple bug exploitation programs, and detecting the device to be detected and obtaining a repair state of the device to be detected by using the bug exploitation program.
For the steps S407 to 410, refer to the steps S101 to 104, which are not described herein again.
Through the technical characteristics, the application has the following beneficial effects:
the method can store the component information set of the device to be detected, the component information set is provided with a plurality of standard component information acquired through an executable command mode, a plurality of non-standard components acquired under the installation directory of the non-standard components and a service component opened to the outside.
The component information set in the disclosure has the component information of the standard component and the component information of the non-standard component and has the service component which is open to the outside, so that the component information set of the equipment to be detected is more comprehensive, the equipment to be detected can be more comprehensively detected to monitor the loopholes, and the comprehensiveness of loophole monitoring is improved.
In addition, the method and the device can detect the vulnerability of the equipment to be detected, determine the current vulnerability identification corresponding to the vulnerability under the condition that the equipment to be detected has the vulnerability, and execute the vulnerability repair corresponding to the current vulnerability identification on the equipment to be detected.
In order to truly obtain the vulnerability exploitation program which utilizes the existing vulnerability of the equipment to be detected, the vulnerability detection server monitors a vulnerability exploitation program publishing platform and obtains the latest vulnerability exploitation program information; the latest information of the vulnerability exploiting program comprises a plurality of vulnerability exploiting programs and a plurality of corresponding vulnerability identifications.
The vulnerability detection server judges whether the current vulnerability identification exists in the plurality of vulnerability identifications; if the detected vulnerability exists, the vulnerability utilization program which utilizes the existing vulnerability of the equipment to be detected is indicated to be present, so that the vulnerability utilization program corresponding to the current vulnerability identification is determined from the plurality of vulnerability utilization programs, then the vulnerability utilization program is utilized to detect the equipment to be detected and the repairing state of the equipment to be detected is obtained.
The vulnerability utilization program can utilize the system vulnerability to attack the equipment to be detected so as to truly detect the equipment to be detected after vulnerability repair. It can be understood that the equipment to be detected can resist the attack of the exploit program, if so, the repair state is good, and the equipment to be detected cannot resist the attack of the exploit program, and if so, the repair state is not good.
The method and the device can truly and accurately determine the true repair state of the equipment to be detected.
Fig. 5 is a block diagram illustrating an apparatus 500 for a vulnerability fix state detection method according to an example embodiment. For example, the apparatus 500 may be provided as a server. Referring to fig. 5, the apparatus 500 includes a processing component 522 that further includes one or more processors and memory resources, represented by memory 532, for storing instructions, such as applications, that are executable by the processing component 522. The application programs stored in memory 532 may include one or more modules that each correspond to a set of instructions. Further, the processing component 522 is configured to execute instructions to perform the bug fix state detection method described above. The apparatus 500 may also include a power component 526 configured to perform power management of the apparatus 500, a wired or wireless network interface 550 configured to connect the apparatus 500 to a network, and an input/output (I/O) interface 558. The apparatus 500 may operate based on an operating system stored in the memory 532, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, or the like.
For details, the method for detecting the bug fix state may be detailed in the embodiments shown in fig. 1 and fig. 4, and is not described herein again.
In an exemplary embodiment, a storage medium comprising instructions, such as a memory comprising instructions, executable by the processing component 522 of the apparatus 500 to perform the bug fix status detection method described above is also provided. Alternatively, the storage medium may be a non-transitory computer readable storage medium, which may be, for example, a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
For details, the method for detecting the bug fix state may be detailed in the embodiments shown in fig. 1 and fig. 4, and is not described herein again.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

Claims (10)

1. A vulnerability repair state detection method is characterized by comprising the following steps:
detecting a leak of equipment to be detected, determining a current leak identifier corresponding to the leak under the condition that the equipment to be detected has the leak, and performing leak repairing corresponding to the current leak identifier on the equipment to be detected;
monitoring a vulnerability exploiting program publishing platform and acquiring latest vulnerability exploiting program information; the latest information of the vulnerability exploiting program comprises a plurality of vulnerability exploiting programs and a plurality of corresponding vulnerability identifications, wherein the vulnerability exploiting programs are used for attacking the to-be-detected equipment by utilizing system vulnerabilities;
judging whether the current vulnerability identification exists in the plurality of vulnerability identifications;
and if so, determining the vulnerability utilization program corresponding to the current vulnerability identification from the vulnerability utilization programs, and detecting the equipment to be detected and obtaining the repair state of the equipment to be detected by using the vulnerability utilization program.
2. The method for detecting the vulnerability repair state according to claim 1, wherein the detecting the vulnerability of the device to be detected and determining the current vulnerability identification corresponding to the vulnerability under the condition that the device to be detected has the vulnerability comprises:
monitoring a vulnerability publishing platform and acquiring latest vulnerability information; the latest vulnerability information comprises a plurality of latest vulnerability identifications and a plurality of component information sets corresponding to the latest vulnerability identifications, and each component information set comprises component information to which a component with a vulnerability corresponding to the vulnerability identification belongs;
acquiring a component information set of the equipment to be detected;
if the component information set of the equipment to be detected and the latest vulnerability information have the same component information, determining that the equipment to be detected has a vulnerability;
and determining the current vulnerability identification of the vulnerability corresponding to the same component information.
3. The method for detecting the bug fix state according to claim 2, wherein the verifying the device to be detected and obtaining the fix state of the device to be detected by using the bug fixing program comprises:
sending the IP address and the port number corresponding to the same component information in the equipment to be detected to the vulnerability exploiting program;
after the vulnerability exploiting program initiates attacks to the IP address and the port number of the equipment to be detected, receiving a feedback result sent by the equipment to be detected;
under the condition that the feedback result is the first feedback result, determining that the repair state of the device to be detected is not successfully repaired;
and under the condition that the feedback result is a second feedback result, determining that the repair state of the equipment to be detected is the repair success.
4. The vulnerability fix state detection method of claim 2, wherein the component information set of the device under test comprises:
a plurality of non-standard component information, a plurality of standard component information, and a plurality of service component information;
the nonstandard component is a component which is not installed under the specified installation path of the equipment to be detected;
the standard component is a component arranged under the appointed installation path of the equipment to be detected;
the service component is a service component which is deployed in a server connected with the equipment to be detected and provides service for the equipment to be detected.
5. The bug fix state detection method of claim 4, wherein the obtaining the component information set of the device to be detected comprises: acquiring a component information set of equipment to be detected from a database server;
wherein the database server is configured to:
receiving a plurality of standard component information of the equipment to be detected obtained by the first server by utilizing the executable command, and obtaining a plurality of non-standard component information of the equipment to be detected under the installation directory of the non-standard components; and the number of the first and second groups,
receiving information of a plurality of service components, which are opened to the outside, of the equipment to be detected, which is obtained by a second server through an external program scanning mode;
and performing a deduplication operation on the plurality of service component information, the plurality of standard component information and the plurality of non-standard component information, and storing the plurality of service component information, the plurality of standard component information and the plurality of non-standard component information after the deduplication operation.
6. A vulnerability fix state detection system, comprising: the system comprises one or more devices to be detected, a vulnerability exploiting program publishing platform and a vulnerability detecting server;
the vulnerability exploiting program publishing platform is configured to acquire and store latest vulnerability exploiting program information; the latest information of the vulnerability exploiting program comprises a plurality of vulnerability exploiting programs and a plurality of corresponding vulnerability identifications, wherein the vulnerability exploiting programs are used for attacking the to-be-detected equipment by utilizing system vulnerabilities;
the vulnerability detection server is configured to detect vulnerabilities of equipment to be detected, determine a current vulnerability identification corresponding to the vulnerability under the condition that the equipment to be detected has the vulnerability, and perform vulnerability repair corresponding to the current vulnerability identification on the equipment to be detected; monitoring a vulnerability exploiting program publishing platform and acquiring latest vulnerability exploiting program information; judging whether the current vulnerability identification exists in the plurality of vulnerability identifications; and if so, determining the vulnerability utilization program corresponding to the current vulnerability identification from the vulnerability utilization programs, and detecting the equipment to be detected and obtaining the repair state of the equipment to be detected by using the vulnerability utilization program.
7. The vulnerability fix state detection system of claim 6, further comprising:
the vulnerability publishing platform is used for acquiring and storing latest vulnerability information; the latest vulnerability information comprises component information corresponding to a component with the latest vulnerability;
the vulnerability detection server carries out vulnerability detection on the to-be-detected equipment, determines the current vulnerability identification corresponding to the vulnerability under the condition that the to-be-detected equipment has the vulnerability, and specifically comprises the following steps:
the vulnerability detection server is configured to monitor a vulnerability publishing platform and obtain latest vulnerability information; acquiring a component information set of the equipment to be detected; if the component information set and the latest vulnerability information have the same component information, determining that the equipment to be detected has a vulnerability; and determining the current vulnerability identification of the vulnerability corresponding to the same component information.
8. The vulnerability fix state detection system of claim 7, wherein the vulnerability detection server utilizes the vulnerability exploiting program to verify the device to be detected and obtain the fix state of the device to be detected, specifically comprising:
the vulnerability detection server is configured to send the IP address and the port number corresponding to the same component information in the device to be detected to the vulnerability utilization program; after the vulnerability exploiting program initiates attacks to the IP address and the port number of the equipment to be detected, receiving a feedback result sent by the equipment to be detected; under the condition that the feedback result is the first feedback result, determining that the repair state of the device to be detected is not successfully repaired; and under the condition that the feedback result is a second feedback result, determining that the repair state of the equipment to be detected is the repair success.
9. The vulnerability fix state detection system of claim 7, wherein the set of component information of the device under test includes:
a plurality of non-standard component information, a plurality of standard component information, and a plurality of service component information;
the nonstandard component is a component which is not installed under the specified installation path of the equipment to be detected;
the standard component is a component arranged under the appointed installation path of the equipment to be detected;
the service component is a service component which is deployed in a server connected with the equipment to be detected and provides service for the equipment to be detected.
10. The vulnerability fix state detection system of claim 9, further comprising:
the first server is connected with the one or more devices to be detected;
the second server is connected with the one or more devices to be detected;
a database server connected to the first server and the second server;
the system comprises one or more devices to be detected, a server and a server, wherein the one or more devices to be detected are provided with clients, and the first server is provided with the server;
the client side of the device to be detected is configured to utilize the plurality of standard component information acquired by the executable command and the plurality of non-standard component information acquired under the installation directory of the non-standard components, and send the plurality of standard component information and the plurality of non-standard component information to the first server;
a first server configured to forward the plurality of standard component information and the plurality of non-standard component information to a database server;
the second server is configured to acquire a plurality of pieces of service component information, which is open to the outside, of the equipment to be detected in an external program scanning mode, and send the plurality of pieces of service component information to the database server;
a database server configured to perform a deduplication operation on the plurality of service component information, the plurality of standard component information, and the plurality of non-standard component information, and store the plurality of service component information, the plurality of standard component information, and the plurality of non-standard component information after the deduplication operation;
the vulnerability detection server is configured to acquire the component information set of the equipment to be detected from the database server.
CN202011471346.1A 2020-12-14 2020-12-14 Vulnerability repair state detection method and system Active CN112615848B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011471346.1A CN112615848B (en) 2020-12-14 2020-12-14 Vulnerability repair state detection method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011471346.1A CN112615848B (en) 2020-12-14 2020-12-14 Vulnerability repair state detection method and system

Publications (2)

Publication Number Publication Date
CN112615848A true CN112615848A (en) 2021-04-06
CN112615848B CN112615848B (en) 2023-03-14

Family

ID=75233908

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011471346.1A Active CN112615848B (en) 2020-12-14 2020-12-14 Vulnerability repair state detection method and system

Country Status (1)

Country Link
CN (1) CN112615848B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114143110A (en) * 2021-12-08 2022-03-04 湖北天融信网络安全技术有限公司 Vulnerability processing method, device and system of mimicry equipment
CN116204891A (en) * 2023-04-28 2023-06-02 清华大学 Vulnerability exploitation analysis method, device and storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170220808A1 (en) * 2014-10-31 2017-08-03 Hewlett Packard Enterprise Development Lp System and method for vulnerability remediation verification
CN107896219A (en) * 2017-11-29 2018-04-10 深信服科技股份有限公司 A kind of detection method, system and the relevant apparatus of website fragility
US20180359278A1 (en) * 2016-03-18 2018-12-13 AO Kaspersky Lab System and method for repairing vulnerabilities of devices connected to a data network
CN110348220A (en) * 2019-06-28 2019-10-18 北京威努特技术有限公司 A kind of bug excavation method, loophole repair verification method, device and electronic equipment
CN110460571A (en) * 2019-07-05 2019-11-15 深圳壹账通智能科技有限公司 Operation system loophole processing method, device, computer equipment and storage medium
CN111931187A (en) * 2020-08-13 2020-11-13 深信服科技股份有限公司 Component vulnerability detection method, device, equipment and readable storage medium
CN112035843A (en) * 2020-08-20 2020-12-04 深信服科技股份有限公司 Vulnerability processing method and device, electronic equipment and storage medium

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170220808A1 (en) * 2014-10-31 2017-08-03 Hewlett Packard Enterprise Development Lp System and method for vulnerability remediation verification
US20180359278A1 (en) * 2016-03-18 2018-12-13 AO Kaspersky Lab System and method for repairing vulnerabilities of devices connected to a data network
CN107896219A (en) * 2017-11-29 2018-04-10 深信服科技股份有限公司 A kind of detection method, system and the relevant apparatus of website fragility
CN110348220A (en) * 2019-06-28 2019-10-18 北京威努特技术有限公司 A kind of bug excavation method, loophole repair verification method, device and electronic equipment
CN110460571A (en) * 2019-07-05 2019-11-15 深圳壹账通智能科技有限公司 Operation system loophole processing method, device, computer equipment and storage medium
CN111931187A (en) * 2020-08-13 2020-11-13 深信服科技股份有限公司 Component vulnerability detection method, device, equipment and readable storage medium
CN112035843A (en) * 2020-08-20 2020-12-04 深信服科技股份有限公司 Vulnerability processing method and device, electronic equipment and storage medium

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114143110A (en) * 2021-12-08 2022-03-04 湖北天融信网络安全技术有限公司 Vulnerability processing method, device and system of mimicry equipment
CN114143110B (en) * 2021-12-08 2024-04-26 湖北天融信网络安全技术有限公司 Vulnerability processing method, device and system of mimicry equipment
CN116204891A (en) * 2023-04-28 2023-06-02 清华大学 Vulnerability exploitation analysis method, device and storage medium
CN116204891B (en) * 2023-04-28 2023-07-14 清华大学 Vulnerability exploitation analysis method, device and storage medium

Also Published As

Publication number Publication date
CN112615848B (en) 2023-03-14

Similar Documents

Publication Publication Date Title
CN104468267B (en) A kind of electrical power distribution automatization system information security penetration testing method
CN107370763B (en) Asset safety early warning method and device based on external threat information analysis
US10873594B2 (en) Test system and method for identifying security vulnerabilities of a device under test
CN107566394B (en) Method for newly adding automatic discovery and rapid vulnerability scanning of cloud platform instance host
CN112615848B (en) Vulnerability repair state detection method and system
CN109684155B (en) Monitoring configuration method, device, equipment and readable storage medium
CN105306445A (en) System and method for detecting vulnerability of server
CN109033813B (en) Linux operation log auditing system and method
CN105095769A (en) Information service software vulnerability detection method
CN112906010A (en) Automatic attack testing method and automatic safety testing method based on same
CN106534172A (en) Intranet remote scanning system and method thereof for scanning intranet
CN106911510B (en) Usability monitoring system and method for network access system
CN112150306B (en) Power data network security test method and equipment
CN116010254A (en) Performance detection method and system in system research and development stage
CN113835954A (en) Dynamic network security monitoring method, device and equipment
CN112464249A (en) Asset equipment attack vulnerability repairing method, device, equipment and storage medium
CN107864057B (en) Online automatic checking and alarming method based on networking state
CN107861842B (en) Metadata damage detection method, system, equipment and storage medium
CN112422501A (en) Forward and reverse tunnel protection method, device, equipment and storage medium
CN111814138A (en) Software security management system based on cloud platform
CN113127856A (en) Network security operation and maintenance management method and device, computing equipment and storage medium
CN111224841B (en) Operation and maintenance method and system for government affair cloud platform website application
US20230140706A1 (en) Pipelined Malware Infrastructure Identification
CN113395235B (en) IoT system remote testing method, system and equipment
CN114048098A (en) Monitoring method and device for abnormal service instance

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant