CN112765611A - Unauthorized vulnerability detection method, device, equipment and storage medium - Google Patents
Unauthorized vulnerability detection method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN112765611A CN112765611A CN202110068645.9A CN202110068645A CN112765611A CN 112765611 A CN112765611 A CN 112765611A CN 202110068645 A CN202110068645 A CN 202110068645A CN 112765611 A CN112765611 A CN 112765611A
- Authority
- CN
- China
- Prior art keywords
- detection
- mode
- detected
- unauthorized vulnerability
- unauthorized
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Abstract
The application discloses an unauthorized vulnerability detection method, device, equipment and storage medium, comprising the following steps: receiving a detection instruction, and determining a corresponding target detection mode according to the detection instruction; the target detection mode is an agent mode configured for an IAST environment in advance, an instrumentation mode or a mixed mode combining the agent mode and the instrumentation mode; carrying out unauthorized vulnerability detection on the system to be detected by utilizing the target detection mode; and determining the unauthorized vulnerability of the system to be detected based on the detection result of the target detection mode. The method and the device flexibly select different detection modes according to different detection instructions to carry out all-around and automatic detection on the unauthorized loophole of the system to be detected, can reduce the workload of safety testers to a greater extent, and improve the detection efficiency and the identification precision of the unauthorized loophole.
Description
Technical Field
The invention relates to the technical field of information security, in particular to an unauthorized vulnerability detection method, device, equipment and storage medium.
Background
In the direction of security testing in the field of information security, security testers are often faced with a wide variety of logic vulnerabilities, the most common of which is an unauthorized vulnerability. In an OWASP Top10 vulnerability formulated by a security authority OWASP, an unauthorized vulnerability is active in a list for a long time, on one hand, the vulnerability is generally large due to the unauthorized vulnerability, such as unauthorized acquisition of sensitive information of a user, unauthorized deletion of orders created by others, unauthorized modification of an account of an administrator, and the like, and on the other hand, compared with other common vulnerabilities such as SQL injection vulnerability, cross Site Scripting attack (XSS), and the like, the unauthorized vulnerability is difficult to detect comprehensively. Currently, the mainstream Web application security testing technologies are mainly classified into three categories: DAST Dynamic Application Security Testing (Dynamic Application Security Testing), SAST Static Application Security Testing (Static Application Security Testing), and IAST Interactive Application Security Testing (Interactive Application Security Testing). DAST dynamic application program test is a black box test technology, which is the most widely and simply used Web application safety test technology at present; the SAST static application program safety testing technology is a technology for carrying out safety testing on a source code in a development stage, has the advantages of high code visibility, rich detection problem types and the like, has a large number of false alarms, and cannot confirm the availability of a vulnerability; the IAST interactive application program safety test technology is listed as one of Top10 in the network safety field by Gartner consulting company, integrates the advantages of DAST and SAST, has high vulnerability detection rate and low false alarm rate, and can be positioned to an API (application program interface) and a code segment.
Currently, detection of unauthorized vulnerabilities in the prior art is limited to manual detection or single vulnerability detection modes to detect unauthorized vulnerabilities, and diversified autonomous detection modes cannot be provided according to user demands. On one hand, the account data are acquired manually, and operations such as modification and deletion are performed one-step by one-step for detection, so that a large amount of time and labor cost are consumed, the increase speed of safety testers cannot catch up with the increase speed of safety test requirements, and the service publishing efficiency is seriously influenced; on the other hand, the DAST dynamic application program testing technology is used for detecting the unauthorized vulnerability by using the proxy mode, the detection method has limited coverage range, cannot locate the specific position of the vulnerability, cannot accurately judge the unauthorized vulnerability, and the detection rate of the vulnerability cannot meet the ever-increasing security requirements of enterprises. In summary, the prior art at least has the technical problems of single detection mode, low detection efficiency, low identification precision and the like for the unauthorized vulnerability.
Disclosure of Invention
In view of the above, the present invention provides an unauthorized vulnerability detection method, apparatus, device and storage medium, which flexibly select different detection modes according to different detection instructions to perform an all-around and automatic detection on an unauthorized vulnerability of a system to be detected, so as to reduce the workload of security testers to a greater extent and improve the detection efficiency and identification accuracy of the unauthorized vulnerability. The specific scheme is as follows:
a first aspect of the present application provides an unauthorized vulnerability detection method, including:
receiving a detection instruction, and determining a corresponding target detection mode according to the detection instruction; the target detection mode is an agent mode configured for an IAST environment in advance, an instrumentation mode or a mixed mode combining the agent mode and the instrumentation mode;
carrying out unauthorized vulnerability detection on the system to be detected by utilizing the target detection mode;
and determining the unauthorized vulnerability of the system to be detected based on the detection result of the target detection mode.
Optionally, the receiving a detection instruction and determining a corresponding target detection mode according to the detection instruction includes:
receiving a detection instruction for representing the combination of an agent mode and an instrumentation mode, and determining a mixed mode of the agent mode and the instrumentation mode as a target detection mode;
correspondingly, the performing unauthorized vulnerability detection on the system to be detected by using the target detection mode comprises the following steps:
authenticating the system to be detected, and performing unauthorized vulnerability detection on the system to be detected through the proxy mode to obtain a first detection result;
acquiring a source code of the system to be detected, and performing unauthorized vulnerability detection on the source code of the system to be detected through the instrumentation mode to obtain a second detection result;
and determining the first detection result and the second detection result as the detection result of the target detection mode.
Optionally, the authenticating the system to be detected includes:
automatically authenticating the system to be detected which is accessed to the unified authentication;
and if the system to be detected does not access the unified authentication, authenticating the system to be detected in a manual input mode.
Optionally, before authenticating the system to be detected, the method further includes:
establishing and configuring a working interval for detecting the system to be detected; and the working interval is used for storing the attribute information of the login user corresponding to the system to be detected.
Optionally, the performing unauthorized vulnerability detection on the system to be detected through the proxy mode to obtain a first detection result includes:
collecting user traffic by using a traffic transmission device;
verifying the user identity corresponding to the user flow according to the attribute information;
and carrying out unauthorized vulnerability detection on the system to be detected by using the verified user traffic to obtain a first detection result.
Optionally, after verifying the user identity corresponding to the user traffic according to the attribute information, the method further includes:
and returning the identification information of the user corresponding to the user flow passing the verification.
Optionally, the performing unauthorized vulnerability detection on the source code of the system to be detected through the instrumentation mode to obtain a second detection result includes:
and performing unauthorized vulnerability detection on the source code of the system to be detected by utilizing active instrumentation and/or passive instrumentation to obtain a second detection result.
Optionally, the determining the unauthorized vulnerability of the system to be detected based on the detection result of the target detection mode includes:
outputting the detection result of the target detection mode to a human-computer interaction interface;
acquiring a manual audit result of the detection result for the target detection mode returned by the human-computer interaction interface;
and determining the unauthorized vulnerability of the system to be detected based on the manual audit result.
A second aspect of the present application provides an unauthorized vulnerability detection apparatus, including:
the receiving module is used for receiving a detection instruction and determining a corresponding target detection mode according to the detection instruction; the target detection mode is an agent mode configured for an IAST environment in advance, an instrumentation mode or a mixed mode combining the agent mode and the instrumentation mode;
the detection module is used for carrying out unauthorized vulnerability detection on the system to be detected by utilizing the target detection mode;
and the determining module is used for determining the unauthorized vulnerability of the system to be detected based on the detection result of the target detection mode.
A third aspect of the application provides an electronic device comprising a processor and a memory; wherein the memory is used for storing a computer program which is loaded and executed by the processor to implement the aforementioned unauthorized vulnerability detection method.
A fourth aspect of the present application provides a computer-readable storage medium, in which computer-executable instructions are stored, and when the computer-executable instructions are loaded and executed by a processor, the foregoing unauthorized vulnerability detection method is implemented.
In the method, a detection instruction is received first, and a corresponding target detection mode is determined according to the detection instruction; the target detection mode is an agent mode, a pile insertion mode or a mixed mode combining the agent mode and the pile insertion mode, which are configured for an IAST environment in advance, then the target detection mode is utilized to detect the unauthorized vulnerability of the system to be detected, and finally the unauthorized vulnerability of the system to be detected is determined based on the detection result of the target detection mode. The method and the device flexibly select different detection modes according to different detection instructions to carry out all-around and automatic detection on the unauthorized loophole of the system to be detected, can reduce the workload of safety testers to a greater extent, and improve the detection efficiency and the identification precision of the unauthorized loophole.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of an unauthorized vulnerability detection method provided in the present application;
FIG. 2 is a flowchart of a specific unauthorized vulnerability detection method provided by the present application;
fig. 3 is a schematic diagram of a specific unauthorized vulnerability detection scheme provided in the present application;
fig. 4 is a schematic structural diagram of an unauthorized vulnerability detection apparatus provided in the present application;
fig. 5 is a structural diagram of an unauthorized vulnerability detection electronic device according to the present application.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the prior art, detection of the unauthorized vulnerability is limited to manual detection or detection of the unauthorized vulnerability in a single vulnerability detection mode, and a diversified autonomous detection mode cannot be provided according to user requirements. On one hand, the account data are acquired manually, and operations such as modification and deletion are performed one-step by one-step for detection, so that a large amount of time and labor cost are consumed, the increase speed of safety testers cannot catch up with the increase speed of safety test requirements, and the service publishing efficiency is seriously influenced; on the other hand, the DAST dynamic application program testing technology is used for detecting the unauthorized vulnerability by using the proxy mode, the detection method has limited coverage range, cannot locate the specific position of the vulnerability, cannot accurately judge the unauthorized vulnerability, and the detection rate of the vulnerability cannot meet the ever-increasing security requirements of enterprises. In order to overcome the technical problem, the application provides an unauthorized vulnerability detection scheme, which can flexibly select different detection modes according to different detection instructions to perform all-around and automatic detection on the unauthorized vulnerability of a system to be detected, so that the workload of safety testers is reduced to a greater extent, and the detection efficiency and the identification precision of the unauthorized vulnerability are improved.
Fig. 1 is a flowchart of an unauthorized vulnerability detection method according to an embodiment of the present application. Referring to fig. 1, the unauthorized vulnerability detection method includes:
s11: receiving a detection instruction, and determining a corresponding target detection mode according to the detection instruction; the target detection mode is a proxy mode configured for an IAST environment in advance, an instrumentation mode or a hybrid mode combining the proxy mode and the instrumentation mode.
S12: and carrying out unauthorized vulnerability detection on the system to be detected by utilizing the target detection mode.
In this embodiment, before vulnerability detection, a detection instruction needs to be received, and a corresponding target detection mode is determined according to the detection instruction, that is, a user or a tester can send a detection instruction to an override detection IAST device according to a detection requirement, the override detection IAST device can determine a target detection mode corresponding to the detection instruction according to the detection instruction, the override detection IAST device is a packaged integrated environment for detecting an override vulnerability, and belongs to the implementation of engineering.
In this embodiment, after the target detection mode corresponding to the detection instruction is determined, the unauthorized vulnerability detection is performed on the system to be detected by using the target detection mode. For the black box test, the unauthorized vulnerability detection is carried out on the system to be detected through the agent mode which is configured for the IAST environment in advance, so that the IAST interactive application program safety test technology is realized. The proxy mode may be implemented by using an override detection tool such as secscan-authcheck, which is not limited in this embodiment. For the white box test, the instrumentation mode is used for detecting the vulnerability, the instrumentation mode in the embodiment is realized on the IAST instrumentation mode technology, and the unauthorized vulnerability is comprehensively analyzed and judged based on the request, the code, the data stream and the control stream, so that the vulnerability test accuracy is high, and the false alarm rate is extremely low. Whether the test is a black box test or a white box test, the comprehensiveness and accuracy of the detection result have certain bottlenecks, and the existing detection requirement for the unauthorized vulnerability is difficult to meet.
S13: and determining the unauthorized vulnerability of the system to be detected based on the detection result of the target detection mode.
In this embodiment, after deploying the agent mode, the instrumentation mode, and the mixed mode operating environment, the scanning task is started in steps S11 and S12, different processing flows are started according to different configurations of a working interval, data is automatically increased, decreased, replayed, modified, and the like, whether an unauthorized vulnerability exists is determined by comparing information returned before and after the unauthorized vulnerability is determined, and a detection result corresponding to the agent mode, a detection result corresponding to the instrumentation mode, or a detection result corresponding to the mixed mode is obtained based on the detection instruction. In the step, the detection result is displayed, and the unauthorized vulnerability of the system to be detected is further determined based on the detection result of the target detection mode. It is understood that, in order to display the detection result more clearly, the key holes in the detection result of the target detection mode may be highlighted according to the requirements of the user or the tester, and operations such as automatic filtering and screening may also be performed on non-unauthorized holes.
Therefore, the method and the device for detecting the target of the mobile terminal receive the detection instruction firstly, and determine the corresponding target detection mode according to the detection instruction; the target detection mode is an agent mode, a pile insertion mode or a mixed mode combining the agent mode and the pile insertion mode, which are configured for an IAST environment in advance, then the target detection mode is utilized to detect the unauthorized vulnerability of the system to be detected, and finally the unauthorized vulnerability of the system to be detected is determined based on the detection result of the target detection mode. According to the embodiment of the application, different detection modes are flexibly selected according to different detection instructions to carry out all-around and automatic detection on the unauthorized loophole of the system to be detected, the workload of safety testers can be reduced to a greater extent, and the detection efficiency and the identification precision of the unauthorized loophole are improved.
Fig. 2 is a flowchart of a specific unauthorized vulnerability detection method provided in an embodiment of the present application, and fig. 3 is a schematic diagram of a specific unauthorized vulnerability detection scheme provided in the present application. Referring to fig. 2 and 3, the unauthorized vulnerability detection method includes:
s21: receiving a detection instruction for representing the combination of an agent mode and an instrumentation mode, and determining a mixed mode of the agent mode and the instrumentation mode as a target detection mode.
In this embodiment, the unauthorized vulnerability detection result obtained after the black box test and the white box test are simultaneously performed on the system to be detected, which can acquire the source code, is more comprehensive and accurate, so that the unauthorized vulnerability detection is performed on the system to be detected by receiving the detection instruction representing the combination of the agent mode and the instrumentation mode and determining the mixed mode of the combination of the agent mode and the instrumentation mode as the target detection mode.
S22: establishing and configuring a working interval for detecting a system to be detected; and the working interval is used for storing the attribute information of the login user corresponding to the system to be detected.
S23: automatically authenticating the system to be detected which is accessed to the unified authentication; and if the system to be detected does not access the unified authentication, authenticating the system to be detected in a manual input mode.
In this embodiment, before testing, a working interval needs to be created and configured for a system to be tested, where the working interval is used to store attribute information of a login user corresponding to the system to be tested, and the attribute information of the login user includes information such as a login name and a password of the login user. And after the system to be detected is authenticated, the related information of the system to be detected can be transmitted to the working interval and is associated with other systems.
In the embodiment, the safety test automation is realized through a selectable authentication mode in the authentication stage of the system to be detected, so that a large amount of time cost is saved, and the safety test efficiency is greatly improved. Specifically, before authentication, the system to be detected is judged, automatic authentication is performed on the system to be detected which is accessed to unified authentication, if the system to be detected is not accessed to unified authentication or automatic authentication cannot be achieved in a large batch, authentication information can be manually entered into the working space in a manual entry mode after the system to be detected is directly deployed, so that authentication on the system to be detected is achieved, and the universality of systems facing a large number of different authentication modes is improved. After the authentication is completed, some basic information of the system to be detected is stored in a working area, including but not limited to attribute information of a login user corresponding to the system to be detected.
S24: and collecting user traffic by using a traffic transmission device, and verifying the user identity corresponding to the user traffic according to the attribute information.
In this embodiment, for the black box test, a proxy mode is implemented by using the traffic transmission device, such as a burpsite plug-in (including various tool integration platforms for attacking a Web application), a browser plug-in, a proxy server, and the like, user traffic is collected by the traffic transmission device, and the obtained traffic is sent to an override detection iatt device, and after receiving the user traffic sent by the traffic transmission device, the override detection iatt device verifies a user identity corresponding to the user traffic according to attribute information of a login user corresponding to the system to be detected stored in the working interval, for example, matches a login name and a login password of the user, and if matching is successful, the user traffic passes through verification, and can be used for performing override vulnerability detection on the system to be detected.
Furthermore, in order to optimize the operating environment and the computational efficiency of the system, after the step of verifying the user identity corresponding to the user traffic according to the attribute information, the identification information of the user corresponding to the user traffic that passes the verification may be returned. Specifically, for the user traffic passing the verification, a unique identifier may be returned to the user corresponding to the user traffic through an application program interface, where the unique identifier may be token, cookie, or the like, so that the unauthorized detection iatt device confirms the identity through the returned unique identifier when the user logs in the system to be detected again, and the loss of the user logging in the system to be detected again is reduced.
S25: and carrying out unauthorized vulnerability detection on the system to be detected by using the verified user traffic to obtain a first detection result.
In this embodiment, for the proxy mode, the verified user traffic is used to perform unauthorized vulnerability detection on the system to be detected, different processing flows are selected and started according to different configurations of the working interval, and the unauthorized vulnerability is automatically judged by screening and scanning the traffic, so as to obtain a first detection result.
In the embodiment, an open-source target range (the target range is a vulnerability detection environment for performing security testing in the field of information security) Pikachu is selected as a target range of black box testing to detect the unauthorized vulnerability of the system to be tested through a proxy mode, wherein the Pikachu is a Web application system with a vulnerability and contains common Web security vulnerabilities, including the testing target-unauthorized vulnerability of the embodiment. In order to make the detection result have more contrast, firstly, the existing unauthorized vulnerability detection method is utilized to manually capture the website request, and the identity information and the data information in the request are modified and replayed in the management tool of the website request. Testing the horizontal override vulnerability by replacing the identity in the request; and for the vertical override vulnerability, an account with a low authority identity is used, and a request which can be sent by an account with a high authority is sent to test. In the process, each interface needs to be repeatedly operated, the time for completing the whole unauthorized vulnerability test is consumed for 2 hours through experimental statistics, 7 unauthorized vulnerabilities are detected, and the vulnerability detection rate is 70%. In contrast, by using the method provided by the embodiment, the authentication mode of the system to be detected is automatically judged, and the system directly and automatically logs in the system by using a unified authentication architecture, so that a large amount of time cost is saved. And then, configuring an IAST technology implementation mode in a working interval, wherein the flow acquisition mode created based on the IAST technology in the embodiment covers the whole system. By automatically processing each request in the flow and combining with the final confirmation result of manual audit in the subsequent steps, 9 loopholes are detected in total, and the detection rate of the loopholes reaches up to 90%. The process of detecting the unauthorized vulnerability of the system to be detected in the test takes 30 minutes, and the efficiency is improved by 4 times.
S26: and performing unauthorized vulnerability detection on the source code of the system to be detected by utilizing active instrumentation and/or passive instrumentation to obtain a second detection result.
In this embodiment, for the white box test, the source code of the system to be detected is subjected to unauthorized vulnerability detection through a pile insertion mode, where the pile insertion mode includes Active pile insertion (Active pile insertion) and/or Passive pile insertion (Passive pile insertion), that is, the source code of the system to be detected is subjected to unauthorized vulnerability detection through the Active pile insertion and/or the Passive pile insertion, so as to obtain a second detection result. Firstly, an IAST instrumentation Agent is installed in a tested server, the Agent is triggered by the unauthorized detection IAST equipment, and tracking scanning is carried out on an application program. And the passive instrumentation installs an instrumentation Agent in the tested server, and detects the vulnerability when the application program runs. By adopting the passive instrumentation technology, a replay request is not needed, dirty data cannot be formed, and any scenes such as encryption, replay prevention, signature and the like can be covered.
S27: and outputting the first detection result and the second detection result to a human-computer interaction interface.
S28: and acquiring manual audit results which are returned by the human-computer interaction interface and aim at the first detection result and the second detection result, and determining the unauthorized vulnerability of the system to be detected based on the manual audit results.
In this embodiment, the first detection result and the second detection result of the system to be detected, which are obtained based on the IAST interactive application program security test technology, are stored in the working area, that is, the first detection result and the second detection result are output to the human-computer interaction interface. The tester can monitor each scanning result in real time, and perform subsequent operations such as screening, duplicate removal and filtering according to requirements, for example, further verifying parallel unauthorized holes, screening sensitive interfaces, filtering and removing repeated interfaces to store unique interfaces, and the like, and the above process is the process of manual auditing. And after the manual audit results aiming at the first detection result and the second detection result returned by the human-computer interaction interface are obtained, the result of doubtful testing personnel is automatically tested again, so that the loophole is further confirmed, and the final unauthorized loophole of the system to be detected is obtained.
Therefore, according to the embodiment of the application, on the basis of automatic authentication of a system to be detected, the IAST interactive application program safety testing technology of the system to be detected is realized through a proxy mode for a black box test, the IAST interactive application program safety testing technology of the system to be detected is realized through a pile insertion mode for a white box test, the black box test and the white box test are combined together to comprehensively detect the vulnerability, each interface of the system to be detected is covered in an all-around mode, each request is automatically modified, deleted, replayed and the like, the technical problems that a lot of time cost is consumed for unauthorized vulnerability detection and the detection rate is low when a tester conducts safety test are solved, and meanwhile, manual audit is matched to further improve the detection rate and accuracy of unauthorized vulnerabilities.
Referring to fig. 4, an embodiment of the present application further discloses an unauthorized vulnerability detection apparatus, which includes:
the receiving module 11 is configured to receive a detection instruction, and determine a corresponding target detection mode according to the detection instruction; the target detection mode is an agent mode configured for an IAST environment in advance, an instrumentation mode or a mixed mode combining the agent mode and the instrumentation mode;
the detection module 12 is configured to perform unauthorized vulnerability detection on the system to be detected by using the target detection mode;
and the determining module 13 is configured to determine an unauthorized vulnerability of the system to be detected based on the detection result of the target detection mode.
Therefore, in the embodiment of the application, a detection instruction is received first, and a corresponding target detection mode is determined according to the detection instruction; the target detection mode is an agent mode, a pile insertion mode or a mixed mode combining the agent mode and the pile insertion mode, which are configured for an IAST environment in advance, then the target detection mode is utilized to detect the unauthorized vulnerability of the system to be detected, and finally the unauthorized vulnerability of the system to be detected is determined based on the detection result of the target detection mode. The method and the device flexibly select different detection modes according to different detection instructions to carry out all-around and automatic detection on the unauthorized loophole of the system to be detected, can reduce the workload of safety testers to a greater extent, and improve the detection efficiency and the identification precision of the unauthorized loophole.
In some embodiments, the receiving module 11 is specifically configured to receive a detection instruction representing a combination of a proxy mode and an instrumentation mode, and determine a mixed mode of the combination of the proxy mode and the instrumentation mode as a target detection mode;
correspondingly, the detection module 12 specifically includes:
the system comprises a creating unit, a detecting unit and a processing unit, wherein the creating unit is used for creating and configuring a working interval for detecting a system to be detected; the working interval is used for storing attribute information of a login user corresponding to the system to be detected;
the automatic authentication unit is used for automatically authenticating the system to be detected which is accessed to the unified authentication;
the manual authentication unit is used for authenticating the system to be detected in a manual input mode if the system to be detected does not access the unified authentication;
the collecting unit is used for collecting user traffic by using the traffic transmission device;
the first result unit is used for verifying the user identity corresponding to the user traffic according to the attribute information and performing unauthorized vulnerability detection on the system to be detected by using the verified user traffic to obtain a first detection result;
and the second result unit is used for carrying out unauthorized vulnerability detection on the source code of the system to be detected by utilizing active instrumentation and/or passive instrumentation so as to obtain a second detection result.
In some specific embodiments, the determining module 13 specifically includes:
the output unit is used for outputting the detection result of the target detection mode to a human-computer interaction interface;
the acquisition unit is used for acquiring a manual audit result of the detection result aiming at the target detection mode returned by the human-computer interaction interface;
and the judging unit is used for determining the unauthorized vulnerability of the system to be detected based on the manual audit result.
Further, the embodiment of the application also provides electronic equipment. FIG. 5 is a block diagram illustrating an electronic device 20 according to an exemplary embodiment, and the contents of the diagram should not be construed as limiting the scope of use of the present application in any way.
Fig. 5 is a schematic structural diagram of an electronic device 20 according to an embodiment of the present disclosure. The electronic device 20 may specifically include: at least one processor 21, at least one memory 22, a power supply 23, a communication interface 24, an input output interface 25, and a communication bus 26. The memory 22 is configured to store a computer program, and the computer program is loaded and executed by the processor 21 to implement relevant steps in the unauthorized vulnerability detection method disclosed in any of the foregoing embodiments. In addition, the electronic device 20 in the present embodiment may be specifically a server.
In this embodiment, the power supply 23 is configured to provide a working voltage for each hardware device on the electronic device 20; the communication interface 24 can create a data transmission channel between the electronic device 20 and an external device, and a communication protocol followed by the communication interface is any communication protocol applicable to the technical solution of the present application, and is not specifically limited herein; the input/output interface 25 is configured to obtain external input data or output data to the outside, and a specific interface type thereof may be selected according to specific application requirements, which is not specifically limited herein.
In addition, the storage 22 is used as a carrier for resource storage, and may be a read-only memory, a random access memory, a magnetic disk or an optical disk, etc., and the resources stored thereon may include an operating system 221, a computer program 222, traffic data 223, etc., and the storage may be a transient storage or a permanent storage.
The operating system 221 is used for managing and controlling each hardware device and the computer program 222 on the electronic device 20, so as to realize the operation and processing of the processor 21 on the mass flow 223 in the memory 22, and may be Windows Server, Netware, Unix, Linux, and the like. The computer programs 222 may further include computer programs that can be used to perform other specific tasks in addition to the computer programs that can be used to perform the unauthorized vulnerability detection method disclosed by any of the foregoing embodiments and executed by the electronic device 20. Data 223 may include traffic data collected by electronic device 20.
Further, an embodiment of the present application further discloses a storage medium, in which a computer program is stored, and when the computer program is loaded and executed by a processor, the steps of the unauthorized vulnerability detection method disclosed in any of the foregoing embodiments are implemented.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The unauthorized vulnerability detection method, the unauthorized vulnerability detection device, the unauthorized vulnerability detection equipment and the storage medium provided by the invention are introduced in detail, specific examples are applied in the method to explain the principle and the implementation mode of the invention, and the description of the embodiments is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (11)
1. An unauthorized vulnerability detection method is characterized by comprising the following steps:
receiving a detection instruction, and determining a corresponding target detection mode according to the detection instruction; the target detection mode is an agent mode configured for an IAST environment in advance, an instrumentation mode or a mixed mode combining the agent mode and the instrumentation mode;
carrying out unauthorized vulnerability detection on the system to be detected by utilizing the target detection mode;
and determining the unauthorized vulnerability of the system to be detected based on the detection result of the target detection mode.
2. The unauthorized vulnerability detection method of claim 1, wherein the receiving a detection instruction and determining a corresponding target detection mode according to the detection instruction comprises:
receiving a detection instruction for representing the combination of an agent mode and an instrumentation mode, and determining a mixed mode of the agent mode and the instrumentation mode as a target detection mode;
correspondingly, the performing unauthorized vulnerability detection on the system to be detected by using the target detection mode comprises the following steps:
authenticating a system to be detected, and performing unauthorized vulnerability detection on the system to be detected through the proxy mode to obtain a first detection result;
acquiring a source code of the system to be detected, and performing unauthorized vulnerability detection on the source code of the system to be detected through the instrumentation mode to obtain a second detection result;
and determining the first detection result and the second detection result as the detection result of the target detection mode.
3. The unauthorized vulnerability detection method according to claim 2, wherein the authenticating the system to be detected comprises:
automatically authenticating a system to be detected which is accessed to the unified authentication;
and if the system to be detected does not access the unified authentication, authenticating the system to be detected in a manual input mode.
4. The unauthorized vulnerability detection method according to claim 3, wherein before authenticating the system to be detected, the method further comprises:
establishing and configuring a working interval for detecting a system to be detected; and the working interval is used for storing the attribute information of the login user corresponding to the system to be detected.
5. The unauthorized vulnerability detection method according to claim 4, wherein the performing unauthorized vulnerability detection on the system to be detected through the agent mode to obtain a first detection result comprises:
collecting user traffic by using a traffic transmission device;
verifying the user identity corresponding to the user flow according to the attribute information;
and carrying out unauthorized vulnerability detection on the system to be detected by using the verified user traffic to obtain a first detection result.
6. The unauthorized vulnerability detection method according to claim 5, wherein after verifying the user identity corresponding to the user traffic according to the attribute information, the method further comprises:
and returning the identification information of the user corresponding to the user flow passing the verification.
7. The method according to claim 5, wherein the performing unauthorized vulnerability detection on the source code of the system to be detected through the instrumentation mode to obtain a second detection result comprises:
and performing unauthorized vulnerability detection on the source code of the system to be detected by utilizing active instrumentation and/or passive instrumentation to obtain a second detection result.
8. The unauthorized vulnerability detection method according to any one of claims 1-7, wherein the determining of the unauthorized vulnerability of the system to be detected based on the detection result of the target detection mode comprises:
outputting the detection result of the target detection mode to a human-computer interaction interface;
acquiring a manual audit result of the detection result for the target detection mode returned by the human-computer interaction interface;
and determining the unauthorized vulnerability of the system to be detected based on the manual audit result.
9. An unauthorized vulnerability detection device, comprising:
the receiving module is used for receiving a detection instruction and determining a corresponding target detection mode according to the detection instruction; the target detection mode is an agent mode configured for an IAST environment in advance, an instrumentation mode or a mixed mode combining the agent mode and the instrumentation mode;
the detection module is used for carrying out unauthorized vulnerability detection on the system to be detected by utilizing the target detection mode;
and the determining module is used for determining the unauthorized vulnerability of the system to be detected based on the detection result of the target detection mode.
10. An electronic device, comprising a processor and a memory; wherein the memory is for storing a computer program that is loaded and executed by the processor to implement the unauthorized vulnerability detection method of any of claims 1 to 8.
11. A computer-readable storage medium storing computer-executable instructions that, when loaded and executed by a processor, perform the unauthorized vulnerability detection method of any of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110068645.9A CN112765611B (en) | 2021-01-19 | 2021-01-19 | Unauthorized vulnerability detection method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110068645.9A CN112765611B (en) | 2021-01-19 | 2021-01-19 | Unauthorized vulnerability detection method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112765611A true CN112765611A (en) | 2021-05-07 |
| CN112765611B CN112765611B (en) | 2022-11-25 |
Family
ID=75703135
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110068645.9A Active CN112765611B (en) | 2021-01-19 | 2021-01-19 | Unauthorized vulnerability detection method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112765611B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116599773A (en) * | 2023-07-14 | 2023-08-15 | 杭州海康威视数字技术股份有限公司 | Self-adaptive equipment security risk assessment method, device, equipment and system |
| CN117112435A (en) * | 2023-09-08 | 2023-11-24 | 清科万道(北京)信息技术有限公司 | Vulnerability linkage detection result fusion method, storage medium and electronic equipment |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101312393A (en) * | 2007-05-24 | 2008-11-26 | 北京启明星辰信息技术有限公司 | Detection method and system for SQL injection loophole |
| CN102693396A (en) * | 2012-06-11 | 2012-09-26 | 中南大学 | Flash bug detection method based on virtual execution mode |
| US20170111383A1 (en) * | 2015-10-16 | 2017-04-20 | Microsoft Technology Licensing, Llc. | Detection of bypass vulnerabilities |
| CN107133518A (en) * | 2017-04-10 | 2017-09-05 | 中国民生银行股份有限公司 | Source code based on parameter and information flow is gone beyond one's commission detection method and device |
| EP3401827A1 (en) * | 2017-05-10 | 2018-11-14 | Checkmarx Ltd. | Method and system of static and dynamic data flow analysis |
| WO2019004503A1 (en) * | 2017-06-29 | 2019-01-03 | 라인 가부시키가이샤 | Application vulnerability detection method and system |
| CN110390202A (en) * | 2019-07-30 | 2019-10-29 | 中国工商银行股份有限公司 | For detecting method, apparatus, system, equipment and the medium of service logic loophole |
| WO2020000723A1 (en) * | 2018-06-27 | 2020-01-02 | 平安科技(深圳)有限公司 | Ultra vires vulnerability detection method and device |
| CN110688659A (en) * | 2019-09-10 | 2020-01-14 | 深圳开源互联网安全技术有限公司 | Method and system for dynamically detecting horizontal override based on IAST test tool |
| CN111416811A (en) * | 2020-03-16 | 2020-07-14 | 携程旅游信息技术(上海)有限公司 | Unauthorized vulnerability detection method, system, equipment and storage medium |
| CN111740992A (en) * | 2020-06-19 | 2020-10-02 | 北京字节跳动网络技术有限公司 | Website security vulnerability detection method, device, medium and electronic equipment |
| CN112052457A (en) * | 2020-09-03 | 2020-12-08 | 中国银行股份有限公司 | Security condition evaluation method and device of application system |
| CN112115475A (en) * | 2020-08-05 | 2020-12-22 | 杭州数梦工场科技有限公司 | Unauthorized vulnerability detection method and device, storage medium and computer equipment |
-
2021
- 2021-01-19 CN CN202110068645.9A patent/CN112765611B/en active Active
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101312393A (en) * | 2007-05-24 | 2008-11-26 | 北京启明星辰信息技术有限公司 | Detection method and system for SQL injection loophole |
| CN102693396A (en) * | 2012-06-11 | 2012-09-26 | 中南大学 | Flash bug detection method based on virtual execution mode |
| US20170111383A1 (en) * | 2015-10-16 | 2017-04-20 | Microsoft Technology Licensing, Llc. | Detection of bypass vulnerabilities |
| CN107133518A (en) * | 2017-04-10 | 2017-09-05 | 中国民生银行股份有限公司 | Source code based on parameter and information flow is gone beyond one's commission detection method and device |
| EP3401827A1 (en) * | 2017-05-10 | 2018-11-14 | Checkmarx Ltd. | Method and system of static and dynamic data flow analysis |
| WO2019004503A1 (en) * | 2017-06-29 | 2019-01-03 | 라인 가부시키가이샤 | Application vulnerability detection method and system |
| WO2020000723A1 (en) * | 2018-06-27 | 2020-01-02 | 平安科技(深圳)有限公司 | Ultra vires vulnerability detection method and device |
| CN110390202A (en) * | 2019-07-30 | 2019-10-29 | 中国工商银行股份有限公司 | For detecting method, apparatus, system, equipment and the medium of service logic loophole |
| CN110688659A (en) * | 2019-09-10 | 2020-01-14 | 深圳开源互联网安全技术有限公司 | Method and system for dynamically detecting horizontal override based on IAST test tool |
| CN111416811A (en) * | 2020-03-16 | 2020-07-14 | 携程旅游信息技术(上海)有限公司 | Unauthorized vulnerability detection method, system, equipment and storage medium |
| CN111740992A (en) * | 2020-06-19 | 2020-10-02 | 北京字节跳动网络技术有限公司 | Website security vulnerability detection method, device, medium and electronic equipment |
| CN112115475A (en) * | 2020-08-05 | 2020-12-22 | 杭州数梦工场科技有限公司 | Unauthorized vulnerability detection method and device, storage medium and computer equipment |
| CN112052457A (en) * | 2020-09-03 | 2020-12-08 | 中国银行股份有限公司 | Security condition evaluation method and device of application system |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116599773A (en) * | 2023-07-14 | 2023-08-15 | 杭州海康威视数字技术股份有限公司 | Self-adaptive equipment security risk assessment method, device, equipment and system |
| CN116599773B (en) * | 2023-07-14 | 2023-09-19 | 杭州海康威视数字技术股份有限公司 | Self-adaptive equipment security risk assessment method, device, equipment and system |
| CN117112435A (en) * | 2023-09-08 | 2023-11-24 | 清科万道(北京)信息技术有限公司 | Vulnerability linkage detection result fusion method, storage medium and electronic equipment |
| CN117112435B (en) * | 2023-09-08 | 2024-01-26 | 清科万道(北京)信息技术有限公司 | Vulnerability linkage detection result fusion method, storage medium and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112765611B (en) | 2022-11-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106828362B (en) | Safety testing method and device for automobile information | |
| CN111783096B (en) | Method and device for detecting security hole | |
| CN111984975B (en) | Vulnerability attack detection system, method and medium based on mimicry defense mechanism | |
| CN112765611B (en) | Unauthorized vulnerability detection method, device, equipment and storage medium | |
| CN109039987A (en) | A kind of user account login method, device, electronic equipment and storage medium | |
| CN101017458A (en) | Software safety code analyzer based on static analysis of source code and testing method therefor | |
| CN113704767A (en) | Vulnerability scanning engine and vulnerability worksheet management fused vulnerability management system | |
| CN111416811A (en) | Unauthorized vulnerability detection method, system, equipment and storage medium | |
| CN110943984B (en) | Asset safety protection method and device | |
| CN113315767B (en) | Electric power internet of things equipment safety detection system and method | |
| CN113392409B (en) | Risk automated assessment and prediction method and terminal | |
| KR102156379B1 (en) | Agentless Vulnerability Diagnosis System through Information Collection Process and Its Method | |
| CN110708278B (en) | Method, system, device and readable storage medium for detecting HTTP response header | |
| CN107819758A (en) | A kind of IP Camera leak remote detecting method and device | |
| Antunes et al. | Evaluating and improving penetration testing in web services | |
| CN116318783B (en) | Network industrial control equipment safety monitoring method and device based on safety index | |
| CN110086812B (en) | Safe and controllable internal network safety patrol system and method | |
| CN111611590A (en) | Method and device for data security related to application program | |
| CN115361203A (en) | Vulnerability analysis method based on distributed scanning engine | |
| CN113868670A (en) | Vulnerability detection flow inspection method and system | |
| KR102156359B1 (en) | A Method for Checking Vulnerability Diagnosis Command Execution through Sending Pre-Command and Its System | |
| CN112699369A (en) | Method and device for detecting abnormal login through stack backtracking | |
| CN113032785A (en) | Document detection method, device, equipment and storage medium | |
| Basso et al. | Analysis of the effect of Java software faults on security vulnerabilities and their detection by commercial web vulnerability scanner tool | |
| US10819730B2 (en) | Automatic user session profiling system for detecting malicious intent |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |