CN113591096A - Vulnerability scanning system for comprehensively detecting big data bugs and unsafe configurations - Google Patents
Vulnerability scanning system for comprehensively detecting big data bugs and unsafe configurations Download PDFInfo
- Publication number
- CN113591096A CN113591096A CN202110912600.5A CN202110912600A CN113591096A CN 113591096 A CN113591096 A CN 113591096A CN 202110912600 A CN202110912600 A CN 202110912600A CN 113591096 A CN113591096 A CN 113591096A
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- big data
- vulnerabilities
- security
- unsafe
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 claims abstract description 20
- 238000012795 verification Methods 0.000 claims abstract description 6
- 238000007726 management method Methods 0.000 claims description 25
- 238000012545 processing Methods 0.000 claims description 9
- 230000008439 repair process Effects 0.000 claims description 8
- 239000000243 solution Substances 0.000 claims description 8
- 230000005540 biological transmission Effects 0.000 claims description 6
- 238000012502 risk assessment Methods 0.000 claims description 5
- 238000004458 analytical method Methods 0.000 claims description 4
- 238000010835 comparative analysis Methods 0.000 claims description 4
- 238000013500 data storage Methods 0.000 claims description 4
- 238000002347 injection Methods 0.000 claims description 4
- 239000007924 injection Substances 0.000 claims description 4
- 230000003449 preventive effect Effects 0.000 claims description 4
- 238000012550 audit Methods 0.000 claims 1
- 238000010276 construction Methods 0.000 abstract description 7
- 230000002787 reinforcement Effects 0.000 abstract description 7
- 238000010586 diagram Methods 0.000 description 11
- 238000004891 communication Methods 0.000 description 7
- 238000004590 computer program Methods 0.000 description 7
- 238000000034 method Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 6
- 238000007689 inspection Methods 0.000 description 6
- 238000011156 evaluation Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 3
- 238000003860 storage Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000012163 sequencing technique Methods 0.000 description 2
- 230000004083 survival effect Effects 0.000 description 2
- 241000282813 Aepyceros melampus Species 0.000 description 1
- 230000001133 acceleration Effects 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 229910003460 diamond Inorganic materials 0.000 description 1
- 239000010432 diamond Substances 0.000 description 1
- 238000004880 explosion Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000004907 flux Effects 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 238000007634 remodeling Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
本申请实施例提供一种综合检测大数据漏洞和不安全配置的脆弱性扫描系统,包括:资产管理模块、漏洞检测模块、配置核查模块、报表管理模块、快捷升级模块、分布式管理模块;本申请能够对主流大数据组件进行漏洞扫描和安全配置合规性检查,包括Hadoop、Spark、Hbase、Solr、ES等,从而能够及时发现大数据组件中存在的安全漏洞和不安全配置,及时通过安全加固,提升大数据平台的安全保障水平,满足如等级保护、行业规范等政策法规的安全建设要求。
The embodiments of the present application provide a vulnerability scanning system for comprehensively detecting big data vulnerabilities and unsafe configurations, including: an asset management module, a vulnerability detection module, a configuration verification module, a report management module, a quick upgrade module, and a distributed management module; The application can perform vulnerability scanning and security configuration compliance checks on mainstream big data components, including Hadoop, Spark, Hbase, Solr, ES, etc., so that security vulnerabilities and insecure configurations in big data components can be discovered in a timely manner, and security Reinforcement, improve the security level of the big data platform, and meet the security construction requirements of policies and regulations such as level protection and industry norms.
Description
Technical Field
The application relates to the field of big data, in particular to a vulnerability scanning system for comprehensively detecting big data bugs and unsafe configurations.
Background
With the global acceleration of digital economy and the rapid development of related technologies such as 5G, artificial intelligence, internet of things and the like, the global data volume has exploded. According to statistics and predictions of the international authority Statista, the global data production is predicted to reach 47ZB in 2020, and by 2035, this number will reach 2142 ZB. Big data is remodeling a new world situation, is known as 'diamond mine in 21 century', and is more a national basic strategic resource. Big data in various industries are applied to wind and cloud surge, and the big data plays an increasingly greater role in national economic development. Along with the wide application of big data, the big data security problem is increasingly highlighted.
Since large data packets contain complex sensitive data, more potential attackers are attracted. And a large amount of data is gathered, so that more important data can be obtained by one successful attack, and the attack yield is increased. With the explosion of the internet and big data applications, the system is attacked, the data is lost and the personal information is leaked, and the underground data transaction is black and grey, which also causes a great deal of data abuse and phishing events.
How to help users find the vulnerability of a big data platform component before hacking, and ensuring safe and reliable operation of big data service becomes a problem which needs to be solved urgently.
Disclosure of Invention
Aiming at the problems in the prior art, the vulnerability scanning system for comprehensively detecting the big data vulnerability and unsafe configuration can carry out vulnerability scanning and safety configuration compliance inspection on a main stream big data assembly, wherein the vulnerability scanning and safety configuration compliance inspection comprises Hadoop, Spark, Hbase, Solr, ES and the like, so that the safety vulnerability and unsafe configuration existing in the big data assembly can be found in time, the safety guarantee level of a big data platform is improved through safety reinforcement in time, and the safety construction requirements of policy and regulations such as level protection, industrial specifications and the like are met.
In order to solve at least one of the above problems, the present application provides the following technical solutions:
in a first aspect, the present application provides a vulnerability scanning system for comprehensive detection of big data vulnerabilities and unsafe configurations, comprising:
the asset management module is used for discovering a survival host, network equipment and a database in a target network, automatically generating network topology and checking detailed information of each asset;
the vulnerability detection module is used for carrying out security vulnerability detection on the big data assembly and generating vulnerability description and vulnerability repair suggestions;
the configuration checking module is used for carrying out safety configuration compliance check on each component of the big data environment and determining unsafe configuration in the big data platform component;
the report management module is used for analyzing the scanning result in the form of a report and a graph to obtain a vulnerability risk level, a vulnerability category, a vulnerability description, a vulnerability type and a vulnerability solution;
the quick upgrading module is used for carrying out online upgrading, local upgrading and timed upgrading on the leak library and the software through a network or a local data packet;
and the distributed management module is used for issuing a scanning task to the lower engine, receiving a scanning result uploaded by the lower engine, performing unified analysis and generating an integral big data vulnerability scanning report.
Further, the vulnerability detection module is also used for performing security vulnerability detection of remote execution code vulnerabilities, command injection vulnerabilities, access control vulnerabilities, authority promotion vulnerabilities, denial of service vulnerabilities, and information leakage vulnerabilities on the big data component.
Further, the configuration checking module is further configured to perform security configuration compliance check on a big data acquisition component, a big data storage component and a big data processing component of the big data environment, and determine insecure configuration of user access permission control, log record integrity, file permission minimization, account permission minimization, service connection number limitation, transmission encryption and interface authentication in the big data platform component.
Further, the distributed management module further comprises:
and the self-evaluation unit is used for automatically creating a scanning task by a subordinate engine, and scanning and risk evaluation on real-time and timed big data vulnerability of the large-scale network.
Further, still include:
the vulnerability early warning unit is used for notifying a user in a mail or telephone mode when the latest high-risk vulnerability information is published and providing corresponding preventive measures;
the vulnerability scanning unit is used for carrying out vulnerability scanning on the target big data platform, detecting vulnerability and unsafe configuration of the big data by adopting a risk assessment model, finding vulnerability, carrying out priority sequencing and generating a vulnerability scanning report;
the vulnerability fixing unit is used for providing a safe configuration suggestion of the system and an effective downloading link of the patch;
and the vulnerability auditing unit is used for tracking, recording and verifying the effect of vulnerability management, and simultaneously starting a timing scanning task to perform comparative analysis and effect verification.
According to the technical scheme, vulnerability scanning and safety configuration compliance inspection including Hadoop, Spark, Hbase, Solr, ES and the like are carried out on the main-flow big data assembly, so that the safety vulnerability and the safety configuration existing in the big data assembly can be found in time, the safety guarantee level of the big data platform is improved through safety reinforcement in time, and the safety construction requirements of policy and regulations such as level protection, industrial specifications and the like are met.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a block diagram of one embodiment of a vulnerability scanning system for comprehensive detection of large data vulnerabilities and unsafe configurations;
FIG. 2 is a second block diagram of a vulnerability scanning system for comprehensive detection of big data vulnerabilities and unsafe configurations in an embodiment of the present application;
FIG. 3 is a third block diagram of a vulnerability scanning system for comprehensive detection of large data vulnerabilities and unsafe configurations in an embodiment of the present application;
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Consider that large data packets contain complex sensitive data, which attracts more potential attackers. And a large amount of data is gathered, so that more important data can be obtained by one successful attack, and the attack yield is increased. With the outbreak of Internet and big data application, the system is attacked, data loss and personal information leakage are happened occasionally, and the problem of massive data abuse and phishing events is caused by the black and grey product of underground data transaction.
In order to perform vulnerability scanning and security configuration compliance inspection on a mainstream big data assembly, including Hadoop, Spark, Hbase, Solr, ES and the like, so as to timely discover security vulnerabilities and insecure configurations existing in the big data assembly, and timely promote the security guarantee level of a big data platform through security reinforcement, and meet the security construction requirements of policy and regulations such as level protection, industry specifications and the like, the application provides an embodiment of a vulnerability scanning system for comprehensively detecting the big data vulnerabilities and insecure configurations, and referring to fig. 1, the vulnerability scanning system for comprehensively detecting the big data vulnerabilities and insecure configurations specifically comprises the following contents:
the asset management module 10 is used for discovering a survival host, network equipment and a database in a target network, automatically generating network topology and checking detailed information of each asset;
optionally, the asset management includes major data platform components such as Hadoop, Spark, Hbase, Solr, ES, and the like, which are mainstream, and accurately identifies attributes including an IP address, a port, an operating system, a software version, a responsible person, a region, and the like, so as to prepare for further vulnerability scanning. The system can automatically generate network topology, and can also carry out later-stage manual modification to check the detailed information of each asset. The method supports the export and import of the assets, facilitates the rapid discovery and statistics of the information assets of the whole network by users, and knows the safety risk level of each asset at a glance.
The vulnerability detection module 20 is used for carrying out security vulnerability detection on the big data assembly and generating vulnerability description and vulnerability repair suggestions;
optionally, vulnerability characteristics are extracted based on vulnerability research on big data, and a big data vulnerability scanning function is formed. The vulnerability scanning system can detect security vulnerabilities of big data components, including Hadoop, Spark, Hbase, Solr, ES and the like of mainstream, and provides detailed vulnerability description and vulnerability repair suggestions. The large data vulnerability includes a remote execution code vulnerability, a command injection vulnerability, an access control vulnerability, an authority promotion vulnerability, a denial of service vulnerability, an information leakage vulnerability and the like. The security vulnerability existing in the big data platform can be found by the user in time, and the security vulnerability can be prevented in the bud through security reinforcement.
The configuration checking module 30 is used for performing safety configuration compliance check on each component of the big data environment and determining unsafe configuration in the big data platform component;
optionally, the vulnerability scanning system may further perform a safety configuration compliance check for each component of the big data environment, and cover the big data acquisition component (Kafka, flux), the big data storage component (Hbase, Hive, HDFS, Impala), and the big data processing component (Yarn & MR, Spark, Storm, Zookeeper). Therefore, unsafe configurations in the big data platform assembly are discovered, and safety baseline requirements such as user access authority control, log record integrity, file authority minimization, account authority minimization, service connection number limitation, transmission encryption, interface authentication and the like are included. And the user is helped to improve the safety protection level of the big data platform through configuration optimization.
The report management module 40 is used for analyzing the scanning result in the form of a report and a graph to obtain a vulnerability risk level, a vulnerability category, a vulnerability description, a vulnerability type and a vulnerability solution;
optionally, the vulnerability scanning system analyzes the scanning result in a form of report and graph, and can predefine, self-define, multi-angle and multi-level analyze the scanning result. And providing a perfect vulnerability risk level, vulnerability category, vulnerability description, vulnerability type and vulnerability solution. The system provides international authority records about the vulnerability (including CVE number support), and a link associated with the vendor patch. The report forms provide styles of administrative personnel, technicians, safety experts, user-defined report forms and the like, and the output report forms comprise: HTML, DOC, PDF, etc.
The quick upgrading module 50 is used for performing online upgrading, local upgrading and timed upgrading on the leak library and software through a network or a local data packet;
optionally, the vulnerability scanning system may perform online upgrade, local upgrade, and timed upgrade on the vulnerability database and the software through a network or a local data packet by using a product upgrade module built in the program. Therefore, the system can timely and accurately detect the newly published bugs, and the safety protection level of the big data platform is improved.
And the distributed management module 60 is used for issuing a scanning task to the lower engine, receiving a scanning result uploaded by the lower engine, performing unified analysis, and generating an integral big data vulnerability scanning report.
Optionally, with the gradual enlargement and the gradual complexity of the network scale, the construction of a core level network, a department level network, a terminal/personal user level network, and the filtering mechanisms such as a firewall, a switch, etc. exist among the networks, most of the detection data packets sent by the network vulnerability management system will be filtered by the network devices, and the scanning timeliness and the scanning accuracy are reduced. Aiming at the distributed complex network, the vulnerability scanning system provides a distributed management function, and can issue scanning tasks to the lower engine, receive scanning results uploaded by the lower engine, perform unified analysis and generate an integral big data vulnerability scanning report. The lower engine can also automatically create a scanning task to meet the requirement of self evaluation. Therefore, real-time and timed big data vulnerability scanning and risk assessment of a large-scale network are realized.
Further, the vulnerability detection module is also used for performing security vulnerability detection of remote execution code vulnerabilities, command injection vulnerabilities, access control vulnerabilities, authority promotion vulnerabilities, denial of service vulnerabilities, and information leakage vulnerabilities on the big data component.
Further, the configuration checking module is further configured to perform security configuration compliance check on a big data acquisition component, a big data storage component and a big data processing component of the big data environment, and determine insecure configuration of user access permission control, log record integrity, file permission minimization, account permission minimization, service connection number limitation, transmission encryption and interface authentication in the big data platform component.
Further, the distributed management module 60 further includes:
and the self-evaluation unit 61 is used for automatically creating a scanning task by a subordinate engine, and scanning and risk evaluation on real-time and timed big data vulnerability of a large-scale network.
Further, still include:
the vulnerability early warning unit 71 is used for notifying a user in a mail or telephone mode when the latest high-risk vulnerability information is published, and providing corresponding preventive measures;
the vulnerability scanning unit 72 is used for carrying out vulnerability scanning on the target big data platform, detecting vulnerability and unsafe configuration of the big data by adopting a risk assessment model, finding vulnerability, carrying out priority sequencing and generating a vulnerability scanning report;
a bug fixing unit 73, configured to provide a security configuration suggestion of the system and an effective download link of the patch;
and the vulnerability auditing unit 74 is used for tracking, recording and verifying the success of vulnerability management, and simultaneously starting a timing scanning task to perform comparative analysis and success verification.
Alternatively, security management needs to be continuously improved for a long time. Safety management is not only a technology, but more importantly, vulnerability risks are controlled through a flow system. The loop process of vulnerability management can be divided into vulnerability early warning, vulnerability scanning, vulnerability repairing and vulnerability auditing.
(1) Vulnerability early warning: when the latest high-risk vulnerability information is published, the application notifies the user by means of mail or telephone at the first time and provides corresponding preventive measures. Meanwhile, a product upgrade package is provided, and the completeness of a vulnerability knowledge base is ensured;
(2) vulnerability scanning: vulnerability scanning is carried out on a target big data platform by means of the vulnerability scanning system, a risk assessment model at the front edge is adopted to detect vulnerability and unsafe configuration of big data, vulnerability is found in time, priority ranking is carried out, and a vulnerability scanning report is generated;
(3) and (3) vulnerability repair: the vulnerability scanning system provides a vulnerability repairing scheme with strong operability, and the vulnerability repairing scheme comprises a security configuration proposal of the system, an effective downloading link of a patch and the like, so that a user can repair the vulnerability in time and efficiently;
(4) and (4) vulnerability auditing: the vulnerability management also needs to provide a complete auditing mechanism, so that a user can conveniently track, record and verify the success of the vulnerability management, supervise and urge the user to repair the vulnerability, and simultaneously start a timing scanning task to perform comparative analysis and success verification. All these processes are fully automated, thereby ensuring the overall work efficiency of vulnerability management.
Examples are as follows:
meanwhile, the vulnerability scanning system can be deployed at any place of a network through B/S mode management, the vulnerability scanning system can normally work as long as a target big data platform to be subjected to security assessment can be accessed, and the detection range covers the mainstream big data platform assembly. In consideration of security, it is generally suggested to deploy a scanning system for vulnerability of big cloud data at a core switch by-pass, so as to detect various security vulnerabilities and insecure configurations existing in a big data platform component in time and prevent the vulnerability from happening in the bud. Therefore, the safety guarantee level of the large data platform is improved, and the increasing safety requirements of various service systems are met.
As can be seen from the above description, the vulnerability scanning system for comprehensively detecting big data vulnerabilities and unsafe configurations provided in the embodiment of the present application can perform vulnerability scanning and safety configuration compliance inspection on the main-flow big data component, including Hadoop, Spark, Hbase, Solr, ES, and the like, so as to timely discover the safety vulnerabilities and unsafe configurations existing in the big data component, and timely enhance the safety guarantee level of the big data platform through safety reinforcement, thereby meeting the safety construction requirements of policy and regulations such as level protection and industrial specifications.
In order to perform vulnerability scanning and security configuration compliance inspection on a mainstream big data assembly, including Hadoop, Spark, Hbase, Solr, ES and the like, on a hardware level, so that security vulnerabilities and insecure configurations existing in the big data assembly can be found in time, the security guarantee level of a big data platform can be improved in time through security reinforcement, and the security construction requirements of policy and regulations such as level protection and industry specifications are met, the application provides an embodiment of electronic equipment for realizing all or part of contents in a vulnerability scanning system for comprehensively detecting the big data vulnerabilities and insecure configurations, and the electronic equipment specifically comprises the following contents:
a processor (processor), a memory (memory), a communication Interface (Communications Interface), and a bus; the processor, the memory and the communication interface complete mutual communication through the bus; the communication interface is used for realizing information transmission between a vulnerability scanning system for comprehensively detecting big data bugs and unsafe configuration and relevant equipment such as a core service system, a user terminal, a relevant database and the like; the logic controller may be a desktop computer, a tablet computer, a mobile terminal, and the like, but the embodiment is not limited thereto. In this embodiment, the logic controller may be implemented with reference to the embodiment of the vulnerability scanning system for comprehensive detection of the big data vulnerability and the unsafe configuration and the embodiment of the vulnerability scanning system for comprehensive detection of the big data vulnerability and the unsafe configuration in the embodiment, and the contents thereof are incorporated herein, and repeated details are not repeated here.
It is understood that the user terminal may include a smart phone, a tablet electronic device, a network set-top box, a portable computer, a desktop computer, a Personal Digital Assistant (PDA), an in-vehicle device, a smart wearable device, and the like. Wherein, intelligence wearing equipment can include intelligent glasses, intelligent wrist-watch, intelligent bracelet etc..
In practical applications, part of the vulnerability scanning system for comprehensively detecting the big data vulnerability and the unsafe configuration may be executed on the electronic device side as described above, or all operations may be completed in the client device. The selection may be specifically performed according to the processing capability of the client device, the limitation of the user usage scenario, and the like. This is not a limitation of the present application. The client device may further include a processor if all operations are performed in the client device.
The client device may have a communication module (i.e., a communication unit), and may be communicatively connected to a remote server to implement data transmission with the server. The server may include a server on the task scheduling center side, and in other implementation scenarios, the server may also include a server on an intermediate platform, for example, a server on a third-party server platform that is communicatively linked to the task scheduling center server. The server may include a single computer device, or may include a server cluster formed by a plurality of servers, or a server structure of a distributed apparatus.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (devices), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The principle and the implementation mode of the invention are explained by applying specific embodiments in the invention, and the description of the embodiments is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (5)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110912600.5A CN113591096A (en) | 2021-08-10 | 2021-08-10 | Vulnerability scanning system for comprehensively detecting big data bugs and unsafe configurations |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110912600.5A CN113591096A (en) | 2021-08-10 | 2021-08-10 | Vulnerability scanning system for comprehensively detecting big data bugs and unsafe configurations |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113591096A true CN113591096A (en) | 2021-11-02 |
Family
ID=78256642
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110912600.5A Pending CN113591096A (en) | 2021-08-10 | 2021-08-10 | Vulnerability scanning system for comprehensively detecting big data bugs and unsafe configurations |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113591096A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114448721A (en) * | 2022-03-11 | 2022-05-06 | 全球能源互联网研究院有限公司南京分公司 | Device and method for non-sensing mitigation of loopholes |
| CN115277204A (en) * | 2022-07-28 | 2022-11-01 | 国网安徽省电力有限公司电力科学研究院 | Portable network security configuration of electric power monitored control system checks reinforced apparatus |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108737425A (en) * | 2018-05-24 | 2018-11-02 | 北京凌云信安科技有限公司 | Fragility based on multi engine vulnerability scanning association analysis manages system |
| CN109446817A (en) * | 2018-10-29 | 2019-03-08 | 成都思维世纪科技有限责任公司 | A kind of detection of big data and auditing system |
| CN111680304A (en) * | 2020-06-15 | 2020-09-18 | 北京凌云信安科技有限公司 | Scanning system for comprehensively detecting Docker vulnerability and unsafe configuration |
| CN112511512A (en) * | 2020-11-19 | 2021-03-16 | 北京凌云信安科技有限公司 | Vulnerability scanning engine and risk management system of threat detection engine |
-
2021
- 2021-08-10 CN CN202110912600.5A patent/CN113591096A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108737425A (en) * | 2018-05-24 | 2018-11-02 | 北京凌云信安科技有限公司 | Fragility based on multi engine vulnerability scanning association analysis manages system |
| CN109446817A (en) * | 2018-10-29 | 2019-03-08 | 成都思维世纪科技有限责任公司 | A kind of detection of big data and auditing system |
| CN111680304A (en) * | 2020-06-15 | 2020-09-18 | 北京凌云信安科技有限公司 | Scanning system for comprehensively detecting Docker vulnerability and unsafe configuration |
| CN112511512A (en) * | 2020-11-19 | 2021-03-16 | 北京凌云信安科技有限公司 | Vulnerability scanning engine and risk management system of threat detection engine |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114448721A (en) * | 2022-03-11 | 2022-05-06 | 全球能源互联网研究院有限公司南京分公司 | Device and method for non-sensing mitigation of loopholes |
| CN114448721B (en) * | 2022-03-11 | 2023-06-13 | 全球能源互联网研究院有限公司南京分公司 | Loophole noninductive relieving device and method |
| CN115277204A (en) * | 2022-07-28 | 2022-11-01 | 国网安徽省电力有限公司电力科学研究院 | Portable network security configuration of electric power monitored control system checks reinforced apparatus |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11218510B2 (en) | Advanced cybersecurity threat mitigation using software supply chain analysis | |
| US20220201042A1 (en) | Ai-driven defensive penetration test analysis and recommendation system | |
| US20220210200A1 (en) | Ai-driven defensive cybersecurity strategy analysis and recommendation system | |
| US20200137097A1 (en) | System and method for securing an enterprise computing environment | |
| US12045195B2 (en) | Efficient configuration compliance verification of resources in a target environment of a computing system | |
| US20220377093A1 (en) | System and method for data compliance and prevention with threat detection and response | |
| US10154066B1 (en) | Context-aware compromise assessment | |
| US11290483B1 (en) | Platform for developing high efficacy detection content | |
| Khan et al. | Cloud log forensics: foundations, state of the art, and future directions | |
| Fernandes et al. | Security issues in cloud environments: a survey | |
| US20180359272A1 (en) | Next-generation enhanced comprehensive cybersecurity platform with endpoint protection and centralized management | |
| US20220210202A1 (en) | Advanced cybersecurity threat mitigation using software supply chain analysis | |
| CN113704767A (en) | Vulnerability scanning engine and vulnerability worksheet management fused vulnerability management system | |
| US20230208882A1 (en) | Policy - aware vulnerability mapping and attack planning | |
| WO2016177437A1 (en) | Computer-implemented method for determining computer system security threats, security operations center system and computer program product | |
| Lombardi et al. | From DevOps to DevSecOps is not enough. CyberDevOps: an extreme shifting-left architecture to bring cybersecurity within software security lifecycle pipeline | |
| De Palma et al. | Self-protection in a clustered distributed system | |
| CN113591096A (en) | Vulnerability scanning system for comprehensively detecting big data bugs and unsafe configurations | |
| Grace et al. | Behaviour analysis of inter-app communication using a lightweight monitoring app for malware detection | |
| US12015647B2 (en) | System and method for securing computer infrastructure and devices that depend on cloud platforms | |
| Bassey et al. | Building a scalable security operations center: A focus on open-source tools | |
| US20230367911A1 (en) | Analyzing scripts to create and enforce security policies in dynamic development pipelines | |
| EP3679506A2 (en) | Advanced cybersecurity threat mitigation for inter-bank financial transactions | |
| US10033764B1 (en) | Systems and methods for providing supply-chain trust networks | |
| CN116980157A (en) | Security detection method, device, equipment and storage medium based on cloud security configuration |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20211102 |