CN114021144A - Software vulnerability detection method and device, computer equipment and storage medium - Google Patents
Software vulnerability detection method and device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN114021144A CN114021144A CN202111316010.2A CN202111316010A CN114021144A CN 114021144 A CN114021144 A CN 114021144A CN 202111316010 A CN202111316010 A CN 202111316010A CN 114021144 A CN114021144 A CN 114021144A
- Authority
- CN
- China
- Prior art keywords
- software
- name
- version
- information
- vulnerability
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 29
- 238000000034 method Methods 0.000 claims abstract description 37
- 230000008569 process Effects 0.000 claims description 27
- 238000013507 mapping Methods 0.000 claims description 16
- 238000004590 computer program Methods 0.000 claims description 14
- 230000008859 change Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 230000008439 repair process Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 230000007123 defense Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000009191 jumping Effects 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Stored Programmes (AREA)
Abstract
The application provides a software vulnerability detection method and device, computer equipment and a storage medium, relates to the technical field of network security, and is used for carrying out vulnerability detection on software installed in terminal equipment so as to improve the network security. The method mainly comprises the following steps: acquiring software information corresponding to each piece of software installed in terminal equipment, wherein the software information comprises a software name and a corresponding software version; matching the software information with software names and software versions in a vulnerability software version library, wherein the software names with vulnerabilities and the corresponding software versions are stored in the vulnerability software version library; determining software corresponding to software information successfully matched with the software name and the software version in the vulnerability software version library in the terminal equipment as target software; and determining that the target software is the software with the vulnerability.
Description
Technical Field
The present application relates to the field of network security technologies, and in particular, to a software vulnerability detection method and apparatus, a computer device, and a storage medium.
Background
Software bugs are one of the main sources of information security risks and are important targets in network defense and attack. Whether from the network security strategy of the national level or the information security protection of the social level, the security hole has become one of the core problems of the information countermeasure game of both parties.
At present, various kinds of software on the market are diversified, so that software bugs which can be utilized are more and more. But the number of platforms capable of detecting software bugs is relatively small, and the number of platforms capable of detecting bugs of software in real time is few.
Disclosure of Invention
The embodiment of the application provides a software vulnerability detection method and device, computer equipment and a storage medium, which are used for carrying out vulnerability detection on software installed in terminal equipment.
The embodiment of the invention provides a software vulnerability detection method, which comprises the following steps:
acquiring software information corresponding to each piece of software installed in terminal equipment, wherein the software information comprises a software name and a corresponding software version;
matching the software information with software names and software versions in a vulnerability software version library, wherein the software names with vulnerabilities and the corresponding software versions are stored in the vulnerability software version library;
determining software corresponding to software information successfully matched with the software name and the software version in the vulnerability software version library in the terminal equipment as target software;
and determining that the target software is the software with the vulnerability.
The embodiment of the invention provides a software vulnerability detection device, which comprises:
the terminal equipment comprises an acquisition module, a storage module and a processing module, wherein the acquisition module is used for acquiring software information corresponding to each piece of software installed in the terminal equipment, and the software information comprises a software name and a corresponding software version;
the matching module is used for matching the software information with the software name and the software version in a vulnerability software version library, wherein the vulnerability software version library stores the software name with the vulnerability and the corresponding software version;
the determining module is used for determining software corresponding to the software information which is successfully matched with the software name and the software version in the vulnerability software version library in the terminal equipment as target software;
the determining module is further configured to determine that the target software is software with a bug.
A computer device comprises a memory, a processor and a computer program which is stored in the memory and can run on the processor, wherein the processor realizes the software vulnerability detection method when executing the computer program.
A computer-readable storage medium storing a computer program which, when executed by a processor, implements the above-described software vulnerability detection method.
The invention provides a software vulnerability detection method, a device, computer equipment and a storage medium, wherein after software information corresponding to each piece of software installed in terminal equipment is acquired, the software information is matched with a software name and a software version in a vulnerability software version library, and then the software corresponding to the software information successfully matched with the software name and the software version in the vulnerability software version library in the terminal equipment is determined as target software, namely the target software is determined as software with a vulnerability. Therefore, the invention realizes the vulnerability detection of the software installed in the terminal equipment, thereby improving the network security.
Drawings
Fig. 1 is a flowchart of a software vulnerability detection method provided in the present application;
fig. 2 is a flowchart for acquiring a software version corresponding to a software name provided in the present application;
fig. 3 is a schematic structural diagram of a software vulnerability detection apparatus provided in the present application;
fig. 4 is a schematic diagram of a computer device provided in the present application.
Detailed Description
In order to better understand the technical solutions described above, the technical solutions of the embodiments of the present application are described in detail below with reference to the drawings and the specific embodiments, and it should be understood that the specific features of the embodiments and the embodiments of the present application are detailed descriptions of the technical solutions of the embodiments of the present application, and are not limitations of the technical solutions of the present application, and the technical features of the embodiments and the embodiments of the present application may be combined with each other without conflict.
Referring to fig. 1, a software vulnerability detection method provided in the embodiment of the present invention specifically includes steps S101 to S104:
step S101, acquiring software information corresponding to each piece of software installed in the terminal equipment.
The software information includes a software name and a corresponding software version, and the software version may be a version number of the software, for example, the software version may be 1.0, 2.0, 3.0, or the like. In this embodiment, software information of all software installed in the terminal device or software information of specific software in the terminal device may be obtained, so as to determine vulnerability software existing in the terminal device according to the software information in the subsequent step.
It should be noted that, if it is required to determine whether a specific software in the terminal device has a bug, the software that needs to be detected for the bug in the terminal device may be marked, so that the terminal device obtains the specific software that needs to be detected for the bug according to the mark, and then obtains the software information of the specific software.
In an optional embodiment, the obtaining software information corresponding to each piece of software installed in the terminal device includes: acquiring the software name of software installed in the terminal equipment according to a preset time interval, or acquiring the software name of starting software when the software in the terminal equipment is started; and acquiring a software version corresponding to the software name according to the software name. Further, after the software name of each software in the terminal device is acquired, it needs to be determined whether the acquired software name corresponds to the real software name of the software.
For example, when a new software process is started, the path where the process file is located is obtained, and the PDB of the process (for example, the name of the process file is determined by information, such as powershell.
Specifically, acquiring the software name of the software installed in the terminal device according to the preset time interval includes: and acquiring a path of a process file of the software according to a preset time interval, acquiring a debugging file through the path of the process file, and determining a software name of the corresponding software according to the process name in the debugging file.
The preset time interval may be set according to actual requirements, for example, the preset time interval may be 10 hours, 24 hours, 48 hours, and the like, and this embodiment is not particularly limited.
Further, in this embodiment, time intervals corresponding to different pieces of software may be set according to the use frequency of each piece of software in the terminal device, and then the software information of the corresponding piece of software may be acquired according to the different time intervals. Specifically, in this embodiment, the higher the use frequency of the software is, the shorter the corresponding time interval is set; the lower the frequency of use of the software, the longer the corresponding time interval is set. That is, the present embodiment obtains the software information of different software at different time intervals, so that the obtained software information has pertinence, and further, the efficiency of software vulnerability detection is improved.
Specifically, acquiring a software name of the startup software when the software in the terminal device is started includes: when software in terminal equipment is started, acquiring a path of a process file of the software, acquiring a debugging file through the path of the process file, and determining a software name of the started software according to the process name in the debugging file.
For example, after a new process is started in the terminal device, a path where a process file corresponding to the newly started process is located is obtained, and a name of the process file is obtained through a debugging file (program database file) of the process, that is, a process name in the debugging file is obtained, and then the process name is determined as a software name of the startup software.
And step S102, matching the software information with the software name and the software version in the vulnerability software version library.
And the vulnerability software version library stores the software name with the vulnerability and the corresponding software version. It should be noted that, in this embodiment, a version of the common software or a version of the software that needs to be detected and has a bug may be obtained over the whole network, for example, a website such as a software publisher official website, a microsoft official website, a national information security vulnerability library CNNVD, a CVE official website, and the like may be referred to obtain a software version having a bug, and then the obtained software name and the obtained software version having a bug may be stored in the bug software version library correspondingly.
It should be noted that, in this embodiment, the vulnerability software version base may be updated in real time, that is, after new vulnerability software is found, the software name and the software version of the vulnerability software are updated to the vulnerability software version base; the vulnerability software version base may also be updated at intervals, where the update time may be 5 days, 10 days, 15 days, and the like, and this embodiment is not particularly limited.
Further, if the bug software is repaired, the software name and the software version of the corresponding bug software in the bug software version library can be deleted. For example, the video software a has two software versions, which are 1.0 and 2.0 respectively, and both the two software versions have a bug, that is, the bug software version library stores the two data records, which are the video software a, 1.0 and the video software a, 2.0 respectively, and if the operator of the video software a repairs the version 1.0 (the repair patch automatically repairs the software), the data record "the video software a, 1.0" in the bug software version library can be deleted.
And step S103, determining the software corresponding to the software information successfully matched with the software name and the software version in the vulnerability software version library in the terminal equipment as the target software.
For example, a piece of social software a is installed in the terminal device, after the social software a is started, the terminal device may obtain software information (a software name and a software version of the social software a) of the social software a, and if the software name and the software version of the social software a exist in the vulnerability software version library, it is indicated that the social software a is target software, that is, the social software a is software with vulnerabilities.
And step S104, determining the target software as the software with the bug.
The invention provides a software vulnerability detection method, which is characterized in that after software information respectively corresponding to each piece of software installed in terminal equipment is obtained, the software information is matched with a software name and a software version in a vulnerability software version library, and then the software corresponding to the software information successfully matched with the software name and the software version in the vulnerability software version library in the terminal equipment is determined as target software, namely the target software is determined as software with a vulnerability. Therefore, the invention realizes the vulnerability detection of the software installed in the terminal equipment, thereby improving the network security.
Referring to fig. 2, acquiring a software version corresponding to a software name according to the software name includes:
step S201, reading the uninstall or change program information of the registry in the terminal device.
Step S202, inquiring whether the uninstalled or changed program information contains a software version corresponding to the software name.
It should be noted that, the uninstall or modify program information of the registry usually stores the software version corresponding to the software name, so the software version corresponding to the software name can be obtained through the uninstall or modify program information of the registry. However, there are some software that does not need to be installed (software that can be run without being installed on a terminal device), such as applets, public numbers, etc., and the software version corresponding to the software name cannot be found in uninstall or change program information of the registry. Therefore, in this embodiment, different processing manners are adopted for determining whether the uninstalled or modified program information in the registry can query the software version corresponding to the software name, that is, if the uninstalled or modified program information includes the software version corresponding to the software name, the step S203 is skipped to continue to execute; and if the software version corresponding to the software name does not exist in the uninstalling or modifying program information, jumping to the step S204 to continue executing.
Step S203, if the uninstall or change program information includes a software version corresponding to the software name, determining the software version queried in the uninstall or change program information as the software version corresponding to the software name.
Step S204, if the software version corresponding to the software name does not exist in the uninstalled or modified program information, acquiring the software version corresponding to the software name according to the software version acquisition mode corresponding to each software name in the preset mapping table.
The preset mapping table records the acquisition mode of the software version of each software, and the software version corresponding to the software name can be acquired through the acquisition mode of the software version recorded in the preset mapping table.
Specifically, the acquiring the software version corresponding to the software name according to the software version acquisition mode corresponding to each software name in the preset mapping table includes: acquiring preset position information in a registry corresponding to the software name in the preset mapping table or file information under a preset directory; and acquiring a software version corresponding to the software name through preset position information in the registry or file information under the preset directory.
The software version corresponding to the software name is recorded under the preset position information in the registry, and the preset position information is provided by a software operator or discovered by manual mining; the preset directory is also provided by the software operator, and the software version corresponding to the software name can be obtained by reading the file information in the preset directory.
Further, if the preset mapping table does not have the software version obtaining mode of the software name, obtaining the software version corresponding to the software name through the file attribute corresponding to the software name; or acquiring a software version corresponding to the software name by running a preset command; or acquiring the software version corresponding to the software name by intercepting the software directory corresponding to the software name.
It should be noted that, the software version corresponding to the software name obtained by the file attribute, the preset command, or the interception software directory may be obtained by any one of the above manners, that is, the specific form of obtaining the software version is not limited in this embodiment.
It should be noted that, the success rate of acquiring the software versions corresponding to the software names is in the following order: and intercepting a software directory through file attributes, preset commands. Therefore, in this embodiment, if the preset mapping table does not have the software version obtaining manner of the software name, the software version corresponding to the software name is obtained through the file attribute corresponding to the software name; if the software version corresponding to the software name is not obtained through the file attribute corresponding to the software name, obtaining the software version corresponding to the software name through running a preset command; and if the software version corresponding to the software name is not obtained by operating a preset command, obtaining the software version corresponding to the software name by intercepting the software directory corresponding to the software name.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
In an embodiment, a software vulnerability detection apparatus is provided, and the software vulnerability detection apparatus corresponds to the software vulnerability detection method in the above embodiments one to one. As shown in fig. 3, the functional modules of the software vulnerability detection apparatus are explained in detail as follows:
an obtaining module 31, configured to obtain software information corresponding to each piece of software installed in a terminal device, where the software information includes a software name and a corresponding software version;
the matching module 32 is configured to match the software information with a software name and a software version in a vulnerability software version library, where the vulnerability software version library stores software names with vulnerabilities and corresponding software versions;
the determining module 33 is configured to determine, as target software, software corresponding to software information in the terminal device, which is successfully matched with the software name and the software version in the vulnerability software version library;
the determining module 33 is further configured to determine that the target software is software with a bug.
In an optional embodiment, the obtaining module 31 is specifically configured to:
acquiring the software name of software installed in the terminal equipment according to a preset time interval, or acquiring the software name of starting software when the software in the terminal equipment is started;
and acquiring a software version corresponding to the software name according to the software name.
In an optional embodiment, the obtaining module 31 is further specifically configured to:
when software is started in terminal equipment, acquiring a path of a process file of the software;
acquiring a debugging file through the path of the process file;
and determining the software name of the starting software according to the process name in the debugging file.
In an optional embodiment, the obtaining module 31 is further specifically configured to:
reading uninstalling or program changing information of a registry in the terminal equipment;
inquiring whether the uninstalling or changing program information contains a software version corresponding to the software name;
if the software version corresponding to the software name exists in the uninstalled or changed program information, determining the software version inquired in the uninstalled or changed program information as the software version corresponding to the software name;
and if the software version corresponding to the software name does not exist in the uninstalled or modified program information, acquiring the software version corresponding to the software name according to a software version acquisition mode corresponding to each software name in a preset mapping table.
In an optional embodiment, the obtaining module 31 is further specifically configured to:
acquiring preset position information in a registry corresponding to the software name in the preset mapping table or file information under a preset directory;
and acquiring a software version corresponding to the software name through preset position information in the registry or file information under the preset directory.
In an optional embodiment, the obtaining module 31 is further specifically configured to:
if the preset mapping table does not have the software version obtaining mode of the software name, obtaining the software version corresponding to the software name through the file attribute corresponding to the software name; or
Acquiring a software version corresponding to the software name by operating a preset command; or
And acquiring the software version corresponding to the software name by intercepting the software directory corresponding to the software name.
In an optional embodiment, the obtaining module 31 is further specifically configured to:
if the preset mapping table does not have the software version obtaining mode of the software name, obtaining the software version corresponding to the software name through the file attribute corresponding to the software name;
if the software version corresponding to the software name is not obtained through the file attribute corresponding to the software name, obtaining the software version corresponding to the software name through running a preset command;
and if the software version corresponding to the software name is not obtained by operating a preset command, obtaining the software version corresponding to the software name by intercepting the software directory corresponding to the software name.
For specific limitations of the software vulnerability detection apparatus, reference may be made to the above limitations of the software vulnerability detection method, which is not described herein again. The various modules in the above-described apparatus may be implemented in whole or in part by software, hardware, and combinations thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 4. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a software vulnerability detection method.
In one embodiment, a computer device is provided, comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the following steps when executing the computer program:
acquiring software information corresponding to each piece of software installed in terminal equipment, wherein the software information comprises a software name and a corresponding software version;
matching the software information with software names and software versions in a vulnerability software version library, wherein the software names with vulnerabilities and the corresponding software versions are stored in the vulnerability software version library;
determining software corresponding to software information successfully matched with the software name and the software version in the vulnerability software version library in the terminal equipment as target software;
and determining that the target software is the software with the vulnerability.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of:
acquiring software information corresponding to each piece of software installed in terminal equipment, wherein the software information comprises a software name and a corresponding software version;
matching the software information with software names and software versions in a vulnerability software version library, wherein the software names with vulnerabilities and the corresponding software versions are stored in the vulnerability software version library;
determining software corresponding to software information successfully matched with the software name and the software version in the vulnerability software version library in the terminal equipment as target software;
and determining that the target software is the software with the vulnerability.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-mentioned functions.
The above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present invention, and are intended to be included within the scope of the present invention.
Claims (10)
1. A software vulnerability detection method is characterized by comprising the following steps:
acquiring software information corresponding to each piece of software installed in terminal equipment, wherein the software information comprises a software name and a corresponding software version;
matching the software information with software names and software versions in a vulnerability software version library, wherein the software names with vulnerabilities and the corresponding software versions are stored in the vulnerability software version library;
determining software corresponding to software information successfully matched with the software name and the software version in the vulnerability software version library in the terminal equipment as target software;
and determining that the target software is the software with the vulnerability.
2. The method according to claim 1, wherein the acquiring software information corresponding to each piece of software installed in the terminal device comprises:
acquiring the software name of software installed in the terminal equipment according to a preset time interval, or acquiring the software name of starting software when the software in the terminal equipment is started;
and acquiring a software version corresponding to the software name according to the software name.
3. The method according to claim 2, wherein the obtaining of the software name of the startup software at the startup of the software in the terminal device comprises:
when software is started in terminal equipment, acquiring a path of a process file of the software;
acquiring a debugging file through the path of the process file;
and determining the software name of the starting software according to the process name in the debugging file.
4. The method of claim 2, wherein the obtaining the software version corresponding to the software name according to the software name comprises:
reading uninstalling or program changing information of a registry in the terminal equipment;
inquiring whether the uninstalling or changing program information contains a software version corresponding to the software name;
if the software version corresponding to the software name exists in the uninstalled or changed program information, determining the software version inquired in the uninstalled or changed program information as the software version corresponding to the software name;
and if the software version corresponding to the software name does not exist in the uninstalled or modified program information, acquiring the software version corresponding to the software name according to a software version acquisition mode corresponding to each software name in a preset mapping table.
5. The method according to claim 4, wherein the obtaining the software version corresponding to the software name according to the software version obtaining manner corresponding to each software name in the preset mapping table comprises:
acquiring preset position information in a registry corresponding to the software name in the preset mapping table or file information under a preset directory;
and acquiring a software version corresponding to the software name through preset position information in the registry or file information under the preset directory.
6. The method according to claim 4 or 5, characterized in that the method further comprises:
if the preset mapping table does not have the software version obtaining mode of the software name, obtaining the software version corresponding to the software name through the file attribute corresponding to the software name; or
Acquiring a software version corresponding to the software name by operating a preset command; or
And acquiring the software version corresponding to the software name by intercepting the software directory corresponding to the software name.
7. The method according to claim 4 or 5, characterized in that the method further comprises:
if the preset mapping table does not have the software version obtaining mode of the software name, obtaining the software version corresponding to the software name through the file attribute corresponding to the software name;
if the software version corresponding to the software name is not obtained through the file attribute corresponding to the software name, obtaining the software version corresponding to the software name through running a preset command;
and if the software version corresponding to the software name is not obtained by operating a preset command, obtaining the software version corresponding to the software name by intercepting the software directory corresponding to the software name.
8. An apparatus for detecting software vulnerabilities, the apparatus comprising:
the terminal equipment comprises an acquisition module, a storage module and a processing module, wherein the acquisition module is used for acquiring software information corresponding to each piece of software installed in the terminal equipment, and the software information comprises a software name and a corresponding software version;
the matching module is used for matching the software information with the software name and the software version in a vulnerability software version library, wherein the vulnerability software version library stores the software name with the vulnerability and the corresponding software version;
the determining module is used for determining software corresponding to the software information which is successfully matched with the software name and the software version in the vulnerability software version library in the terminal equipment as target software;
the determining module is further configured to determine that the target software is software with a bug.
9. A computer device comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the software vulnerability detection method of any of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium storing a computer program, wherein the computer program, when executed by a processor, implements the software vulnerability detection method of any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111316010.2A CN114021144A (en) | 2021-11-08 | 2021-11-08 | Software vulnerability detection method and device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111316010.2A CN114021144A (en) | 2021-11-08 | 2021-11-08 | Software vulnerability detection method and device, computer equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114021144A true CN114021144A (en) | 2022-02-08 |
Family
ID=80062372
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111316010.2A Pending CN114021144A (en) | 2021-11-08 | 2021-11-08 | Software vulnerability detection method and device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114021144A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103227992A (en) * | 2013-04-01 | 2013-07-31 | 南京理工大学常熟研究院有限公司 | Android terminal-based vulnerability scanning system |
| CN109977672A (en) * | 2017-12-22 | 2019-07-05 | 镇江市志捷软件开发有限公司 | The discovery method and system of software vulnerability |
| CN111797402A (en) * | 2020-06-17 | 2020-10-20 | 北京世纪互联宽带数据中心有限公司 | Method, device and storage medium for detecting software vulnerability |
| CN111898125A (en) * | 2020-05-21 | 2020-11-06 | 西安交大捷普网络科技有限公司 | Vulnerability scanning method and device based on registry |
| CN112182582A (en) * | 2020-09-25 | 2021-01-05 | 山东捷讯通信技术有限公司 | Container vulnerability detection method and device |
-
2021
- 2021-11-08 CN CN202111316010.2A patent/CN114021144A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103227992A (en) * | 2013-04-01 | 2013-07-31 | 南京理工大学常熟研究院有限公司 | Android terminal-based vulnerability scanning system |
| CN109977672A (en) * | 2017-12-22 | 2019-07-05 | 镇江市志捷软件开发有限公司 | The discovery method and system of software vulnerability |
| CN111898125A (en) * | 2020-05-21 | 2020-11-06 | 西安交大捷普网络科技有限公司 | Vulnerability scanning method and device based on registry |
| CN111797402A (en) * | 2020-06-17 | 2020-10-20 | 北京世纪互联宽带数据中心有限公司 | Method, device and storage medium for detecting software vulnerability |
| CN112182582A (en) * | 2020-09-25 | 2021-01-05 | 山东捷讯通信技术有限公司 | Container vulnerability detection method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10203951B2 (en) | Method and terminal for OTA updating | |
| CN103559065B (en) | Method and system for OTA (Over-the-Air Technology) upgrade | |
| CN104008340B (en) | Virus scanning and killing method and device | |
| CN107783776B (en) | Processing method and device of firmware upgrade package and electronic equipment | |
| US20140372799A1 (en) | System Differential Upgrade Method, Apparatus, and Mobile Terminal | |
| CN101826026A (en) | Embedded equipment and on-line updating system and method of firmware in embedded equipment | |
| CN102736978A (en) | Method and device for detecting installation status of application program | |
| US9244758B2 (en) | Systems and methods for repairing system files with remotely determined repair strategy | |
| CN108845841B (en) | Method and device for changing terminal application behaviors and terminal | |
| WO2016183951A1 (en) | System upgrade method and terminal | |
| CN107220074B (en) | Method and device for accessing and upgrading supporting layer software function | |
| CN111263354B (en) | OTA differential upgrading method and device | |
| CN110765394B (en) | Method and device for loading so files, storage medium and terminal equipment | |
| CN105677409A (en) | System upgrading method and device | |
| CN107273750B (en) | Android device kernel vulnerability repairing system and method | |
| CN103455750A (en) | High-security verification method and high-security verification system for embedded devices | |
| CN113010197B (en) | Application silence upgrading method, system, terminal equipment and storage medium | |
| WO2018166322A1 (en) | Repairing method and device for system partition | |
| CN112241529B (en) | Malicious code detection method, device, storage medium and computer equipment | |
| CN114021144A (en) | Software vulnerability detection method and device, computer equipment and storage medium | |
| KR101461319B1 (en) | Methods and device for upgrading firmware of set-top box | |
| CN113312073B (en) | Installation package file processing method and related device | |
| CN115185821A (en) | Version labeling method, system, equipment and storage medium in program test | |
| CN112667444A (en) | System upgrading method, storage medium and terminal equipment | |
| CN109858252B (en) | Vulnerability analysis and repair method for homemade system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |