CN114186241A - Vulnerability detection method, device and system - Google Patents

Vulnerability detection method, device and system Download PDF

Info

Publication number
CN114186241A
CN114186241A CN202111391609.2A CN202111391609A CN114186241A CN 114186241 A CN114186241 A CN 114186241A CN 202111391609 A CN202111391609 A CN 202111391609A CN 114186241 A CN114186241 A CN 114186241A
Authority
CN
China
Prior art keywords
detection
vulnerability
evaluation
preliminary
preliminary evaluation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111391609.2A
Other languages
Chinese (zh)
Inventor
曾锋
杨荣健
王炽明
方磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Yuncongxihe Artificial Intelligence Co ltd
Original Assignee
Jiangsu Yuncongxihe Artificial Intelligence Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Yuncongxihe Artificial Intelligence Co ltd filed Critical Jiangsu Yuncongxihe Artificial Intelligence Co ltd
Priority to CN202111391609.2A priority Critical patent/CN114186241A/en
Publication of CN114186241A publication Critical patent/CN114186241A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

The invention relates to the field of computer network information security, in particular to a vulnerability detection method, a vulnerability detection device and a vulnerability detection system, and aims to solve the problem that the safety management efficiency of the existing safety detection system is low due to manual implementation. To this end, the vulnerability detection method of the invention comprises the following steps: acquiring initial evaluation detection content input by a user; performing vulnerability preliminary evaluation detection on the system to be detected based on the preliminary evaluation detection content to obtain a preliminary evaluation detection result; judging whether system rectification is needed or not based on the initial evaluation detection result; if so, modifying the system to be tested based on the initial evaluation detection result, and performing vulnerability re-evaluation detection on the modified system to be tested; if not, the vulnerability detection of the system to be detected is finished.

Description

Vulnerability detection method, device and system
Technical Field
The invention relates to the field of computer network information security, and particularly provides a vulnerability detection method, device and system.
Background
With the rapid development of the internet industry, the information security environment is becoming more complex, and various security events are coming up endlessly. After the product design and development are completed inside an enterprise, due to the fact that effective safety control means are lacked in the research and development process, various safety holes cannot be identified, the product is on line with diseases, and serious potential safety hazards exist. In addition, hackers can utilize various vulnerabilities of products themselves to carry out malicious attacks, so that reputation of enterprises is negatively affected, and even important data is stolen to cause direct economic loss to the enterprises. Based on the current situation, various safety detection systems are provided by various well-known safety manufacturers so as to discover various safety risks of products inside enterprises in advance and correct the safety risks in time. However, the conventional security detection system can only realize automation of vulnerability detection, and work order application, preliminary evaluation test, work order generation, state update and the like corresponding to the system are still manually realized, so that the security management efficiency of the system is low, and the requirements cannot be met.
Accordingly, there is a need in the art for a new vulnerability detection scheme to address the above-mentioned problems.
Disclosure of Invention
In order to overcome the above-mentioned drawbacks, the present invention is proposed to provide a solution or at least a partial solution to the technical problem of low security management efficiency caused by manual implementation of the existing security detection system. The invention provides a vulnerability detection method, device and system.
In a first aspect, the present invention provides a vulnerability detection method, including: acquiring initial evaluation detection content input by a user; performing vulnerability preliminary evaluation detection on the system to be detected based on the preliminary evaluation detection content to obtain a preliminary evaluation detection result; judging whether system rectification is needed or not based on the initial evaluation detection result; if so, modifying the system to be tested based on the initial evaluation detection result, and performing vulnerability re-evaluation detection on the modified system to be tested; if not, the vulnerability detection of the system to be detected is finished.
In one embodiment, the preliminary evaluation content includes at least one of a system name to be tested, an item name associated with a defect management platform, middleware information, a server address, an open port, and application information.
In one embodiment, the vulnerability preliminary evaluation detection and the vulnerability re-evaluation detection both comprise a first type vulnerability detection and a second type vulnerability detection, wherein the first type vulnerability detection is based on a scanning engine for detection, and the second type vulnerability detection is based on a penetration test framework for detection; performing vulnerability preliminary evaluation detection on the system to be detected based on the preliminary evaluation detection content, wherein the step of obtaining a preliminary evaluation detection result comprises the following steps: performing first-class vulnerability detection and second-class vulnerability detection based on the preliminary evaluation detection content to obtain a preliminary evaluation detection result; the penetration testing framework performs vulnerability detection based on the following steps: acquiring a test rule or a test template of a system to be tested; analyzing the obtained test rule or test template; and carrying out vulnerability detection on the system to be tested based on the analyzed test rule or test template.
In one embodiment, the vulnerability detection method further includes: generating a work order based on the initial evaluation detection content input by the user, wherein the work order is in an application state; when the vulnerability initial evaluation detection is carried out on the system to be detected based on the initial evaluation detection content, the work order state is updated to be initial evaluation; and when the corrected system to be tested is subjected to vulnerability reexamination detection, the work order state is updated to reexamination.
In one embodiment, the preliminary evaluation detection result comprises a vulnerability name, a vulnerability type, a vulnerability address, a vulnerability description, a hazard level, a repair suggestion and a vulnerability state; the vulnerability detection method further comprises the following steps: outputting the initial evaluation detection result to a defect management platform to generate a leakage order; and outputting the reevaluation detection result to a defect management platform to update the leakage order.
In a second aspect, the present invention provides a vulnerability detection apparatus, comprising: the acquisition module is configured to acquire the initial evaluation detection content input by the user; the preliminary evaluation detection module is configured to perform preliminary evaluation detection on the vulnerability of the system to be detected based on the preliminary evaluation detection content to obtain a preliminary evaluation detection result; the judging module is configured to judge whether system rectification is needed or not based on the preliminary evaluation detection result, and if so, rectify and rectify the system to be detected based on the preliminary evaluation detection result; if not, ending the vulnerability detection; and the reevaluation detection module is configured to perform vulnerability reevaluation detection on the modified system to be detected based on the preliminary evaluation detection result.
In one embodiment, the vulnerability preliminary evaluation detection and the vulnerability re-evaluation detection both comprise a first type vulnerability detection and a second type vulnerability detection, wherein the first type vulnerability detection is based on a scanning engine for detection, and the second type vulnerability detection is based on a penetration test framework for detection; the preliminary evaluation detection module comprises a preliminary evaluation detection submodule which is configured to perform first-class vulnerability detection and second-class vulnerability detection based on the preliminary evaluation detection content to obtain a preliminary evaluation detection result; the penetration test frame comprises: the acquisition subunit is configured to acquire a test rule or a test template of the system to be tested; the analysis subunit is configured to analyze the obtained test rule or test template; and the vulnerability detection subunit is configured to perform vulnerability detection on the system to be tested based on the analyzed test rule or the analyzed test template.
In one embodiment, the system further comprises a work order generating and updating module, wherein the work order generating and updating module is configured to generate a work order based on the preliminary evaluation detection content input by a user, and the work order state is an application; when the vulnerability initial evaluation detection is carried out on the system to be detected based on the initial evaluation detection content, the work order state is updated to be initial evaluation; and when the corrected system to be tested is subjected to vulnerability reexamination detection, the work order state is updated to reexamination.
In one embodiment, the system further comprises an interface configured to output the preliminary evaluation detection result and the reevaluation detection result to a defect management platform.
In a third aspect, a vulnerability detection system is provided, which includes a vulnerability detection apparatus and a defect management platform; the defect management platform is configured to: and generating a leakage order based on the initial evaluation detection result output by the leakage detection device, and updating the leakage order based on the reevaluation detection result output by the leakage detection device.
In a fourth aspect, there is provided a control apparatus comprising a processor and a storage device, the storage device being adapted to store a plurality of program codes, the program codes being adapted to be loaded and run by the processor to perform the vulnerability detection method of any of the preceding claims.
In a fifth aspect, a computer-readable storage medium is provided, having stored therein a plurality of program codes adapted to be loaded and executed by a processor to perform the vulnerability detection method of any of the preceding claims.
One or more technical schemes of the invention at least have one or more of the following beneficial effects:
according to the vulnerability detection method, the assessment application, the preliminary assessment test and the re-assessment test are all realized in a platform and automatic mode, the safety evaluation management efficiency of the system to be detected in an enterprise is effectively improved, meanwhile, the vulnerability of the system to be detected is deeply tested in a mode of combining the preliminary assessment test and the re-assessment test, and the vulnerability detection accuracy is improved.
The invention not only carries out basic detection on the loophole, but also adopts a self-developed penetration testing frame to realize high-order detection of the loophole of the system to be detected, thereby further improving the precision of loophole detection.
The initial evaluation detection result of the loopholes is output to the defect management platform so as to realize real-time updating or management of the loopholes, the management efficiency of various loopholes is improved, and the management cost is saved.
Drawings
The disclosure of the present invention will become more readily understood with reference to the accompanying drawings. As is readily understood by those skilled in the art: these drawings are for illustrative purposes only and are not intended to constitute a limitation on the scope of the present invention. Moreover, in the drawings, like numerals are used to indicate like parts, and in which:
fig. 1 is a schematic flow chart illustrating the main steps of a vulnerability detection method according to an embodiment of the present invention;
FIG. 2 is a flow diagram illustrating the execution of vulnerability detection according to one embodiment of the present invention;
FIG. 3 is a schematic structural diagram of a penetration test frame according to one embodiment of the present invention;
FIG. 4 is a schematic diagram of interfacing with an enterprise management platform, according to an embodiment of the invention;
FIG. 5 is a schematic view of vulnerability statistics according to an embodiment of the present invention;
fig. 6 is a schematic main structural diagram of a vulnerability detection apparatus according to an embodiment of the present invention.
List of reference numerals
11: an acquisition module; 12: a preliminary evaluation detection module; 13: a judgment module; 14: and a review detection module.
Detailed Description
Some embodiments of the invention are described below with reference to the accompanying drawings. It should be understood by those skilled in the art that these embodiments are only for explaining the technical principle of the present invention, and are not intended to limit the scope of the present invention.
In the description of the present invention, a "module" or "processor" may include hardware, software, or a combination of both. A module may comprise hardware circuitry, various suitable sensors, communication ports, memory, may comprise software components such as program code, or may be a combination of software and hardware. The processor may be a central processing unit, microprocessor, image processor, digital signal processor, or any other suitable processor. The processor has data and/or signal processing functionality. The processor may be implemented in software, hardware, or a combination thereof. Non-transitory computer readable storage media include any suitable medium that can store program code, such as magnetic disks, hard disks, optical disks, flash memory, read-only memory, random-access memory, and the like. The term "a and/or B" denotes all possible combinations of a and B, such as a alone, B alone or a and B. The term "at least one A or B" or "at least one of A and B" means similar to "A and/or B" and may include only A, only B, or both A and B. The singular forms "a", "an" and "the" may include the plural forms as well.
Some terms to which the present invention relates are explained first.
Application scanning: the method is used for automatically detecting the mainstream vulnerability of owasp top10 and mainly used for identifying application layer risks.
System scanning: and (4) performing missing scanning aiming at the main stream operating system, the database, the middleware, the network equipment and the safety equipment, and identifying various component version bugs through a rule base.
Port scanning: and detecting a port list opened by a service system, and if a high-risk port is scanned, performing security reinforcement on the high-risk port.
Virus scanning: and detecting the file by adopting a mainstream virus engine, and checking and killing the file in time if the Trojan horse or the virus file is found.
A defect management platform: the whole life cycle of the defects is effectively managed and controlled through an automatic platform.
At present, the traditional safety detection system only realizes the automation of vulnerability detection, and still realizes the work order application, the preliminary evaluation test, the work order generation, the state updating and the like manually, thereby leading to the lower safety management efficiency of the system and being incapable of meeting the requirements. Therefore, the vulnerability detection method is provided, the evaluation application, the preliminary evaluation test and the reevaluation test and the report generation are all realized in a platform and automatic mode, the safety evaluation management efficiency of the system to be detected in an enterprise is effectively improved, meanwhile, the vulnerability of the system to be detected is deeply tested in a mode of combining the preliminary evaluation test and the reevaluation test, and the vulnerability detection accuracy is improved.
Referring to fig. 1, fig. 1 is a flow chart illustrating main steps of a vulnerability detection method according to an embodiment of the present invention. As shown in fig. 1, the vulnerability detection method in the embodiment of the present invention mainly includes the following steps S101 to S104.
Step S101: and acquiring the initial evaluation detection content input by the user. Specifically, the preliminary evaluation detection content may include at least one of a name of a system to be detected, a project name associated with the defect management platform, middleware information, a server address, an open port, and application information, where the middleware information includes an application component and a database component; the application information comprises a test URL and test account information of the system to be tested.
Step S102: and performing vulnerability preliminary evaluation detection on the system to be detected based on the preliminary evaluation detection content to obtain a preliminary evaluation detection result. In one embodiment, the vulnerability initial assessment detection comprises first-class vulnerability detection and second-class vulnerability detection, and an initial assessment detection result can be obtained after the first-class vulnerability detection and the second-class vulnerability detection are carried out based on the initial assessment detection content. The first type of vulnerability detection is basic evaluation and is scanned and detected by a scanning engine, and the second type of vulnerability detection is high-order evaluation and is detected by a penetration testing framework. The first type of vulnerability is a universal vulnerability, and the universal vulnerability is mainly scanned by an integrated scanning engine, wherein the universal vulnerability comprises application scanning, system scanning, port scanning and virus scanning. The penetration testing framework mainly combines the hacking mode and the characteristics of enterprise products, realizes service security vulnerability detection in an automatic mode, and can realize self-definition according to a standard template, thereby being adapted to various types of service products in the enterprise. The step of performing vulnerability detection by the penetration test framework will be described in detail in the following embodiments, which are not described herein. By combining the first vulnerability scanning detection and the second vulnerability detection, the detection of the business logic vulnerability is further realized on the basis of realizing the universal vulnerability scanning, and the detection accuracy and the coverage rate of the vulnerability are improved. After the initial assessment of the vulnerability is detected, a security engineer can audit the initial assessment detection result to eliminate the false-reported non-vulnerability, and for some special vulnerabilities, the security engineer can also level vulnerability risks by combining with a service scene, so that the hazard level of the vulnerability is obtained. Further, the initial evaluation detection result can be imported into an initial evaluation report template, so that a detailed vulnerability initial evaluation detection report is generated and pushed to relevant responsible personnel for reference.
Step S103: judging whether system rectification is needed or not based on the preliminary evaluation detection result, and rectifying the system to be detected according to the preliminary evaluation detection result if the system rectification is needed; if not, the vulnerability detection of the system to be detected is finished. Specifically, the method mainly realizes the rectification of the system to be tested by analyzing the root cause of the bug, and can perform bug reevaluation detection based on the rectified system to be tested, thereby detecting whether the rectified system to be tested still has the bug.
Step S104: and performing vulnerability reevaluation detection on the rectified system to be detected. The vulnerability re-evaluation detection is mainly realized based on the content to be detected of the system to be detected after the modification, and comprises a first type vulnerability detection and a second type vulnerability detection, wherein the first type vulnerability detection and the second type vulnerability detection can be referred to the specific description in the vulnerability initial evaluation detection, and are not repeated here. After the vulnerability re-evaluation detection is finished, the vulnerability re-evaluation detection can be imported into a re-evaluation report template, so that a detailed vulnerability re-evaluation detection report is generated and pushed to relevant responsible personnel.
Based on the steps S101 to S104, the platform and automation of evaluation application, preliminary evaluation test, reevaluation test and report automatic generation are realized, the efficiency of safety evaluation management of the system to be tested in an enterprise is effectively improved, meanwhile, the vulnerability of the system to be tested is deeply tested in a mode of combining the preliminary evaluation test and the reevaluation test, and the accuracy and the coverage rate of vulnerability detection are improved.
In one embodiment, the vulnerability detection method of the present invention further includes: when a user submits the initial evaluation detection content, a work order is generated based on the initial evaluation detection content input by the user, the state of the work order is an application, and the state of the work order is updated in real time according to a test flow, specifically, the work order state is updated to be an initial evaluation when the initial evaluation detection content is used for carrying out leak initial evaluation detection on a system to be tested; and when the corrected system to be tested is subjected to vulnerability reexamination detection, the work order state is updated to reexamination. Specifically, after the user submits the content of the preliminary evaluation test, the safety engineer receives the notification of the preliminary evaluation task, and after the safety engineer approves the preliminary evaluation task, the status of the work order is updated from "application" to "preliminary evaluation". After submitting the review test content, the safety engineer receives the review task notification, and after the safety engineer accepts the review task notification, the state of the work order is updated from 'preliminary evaluation' to 'review'. Through the automatic management of the work order state, the efficiency of the internal safety evaluation management of the enterprise is improved. Generally, as shown in fig. 2, after the vulnerability review detection is performed, if there is a vulnerability, the work order is rejected to the security engineer, the security engineer further modifies the system to be tested, and performs vulnerability review detection again according to the modified system to be tested until all vulnerabilities are repaired, and then the work order is closed.
At present, all existing security detection systems identify general vulnerabilities through rule bases, and cannot identify medium-business logic vulnerabilities of products, but the business logic vulnerabilities are very harmful to enterprise products. Therefore, the application provides a self-developed penetration testing framework to identify the service logic loopholes in the system to be tested, so that the identification precision and the coverage rate of the system to be tested are improved.
The steps of detecting the leak by the penetration testing framework specifically comprise: firstly, obtaining a test rule or a test template of a system to be tested, wherein the test rule comprises a transverse override, a longitudinal override, sensitive information leakage, short message/mail bombing, brute force cracking, user enumeration, unauthorized access, a weak password, configuration errors, directory traversal, file inclusion, authentication bypass and the like. The test template can be a template customized by a safety engineer according to the personalized requirements of the system to be tested by adopting a python script or an xml language. After the test rule or the test template of the system to be tested is obtained, the test rule or the test template can be analyzed according to the http protocol, and whether the security vulnerability exists in the current system or not is automatically detected based on the analyzed test rule or the analyzed test template. The vulnerability detection rule of the penetration test framework has strong expandability and low maintenance cost, all the detection rules and the detection templates are highly coupled with the system to be detected, the security vulnerability of the system to be detected can be deeply detected, the detection precision is high, the false alarm rate of the detection result is low, and the customer requirements can be met. In addition, as shown in fig. 3, the penetration test framework in the present application may also configure a concurrency number, thereby ensuring the execution efficiency of the vulnerability test. In addition, the penetration testing framework can judge whether the system to be tested has a login state, and for the system to be tested with the login state, the penetration testing is executed on the login session information stored in the corresponding database of the system to be tested, so that various security holes of the login session information are detected, and the comprehensiveness and the coverage degree of hole detection are ensured.
In one embodiment, the preliminary evaluation detection result comprises a bug name, a bug type, a bug address, a bug description, a hazard level, a repair recommendation and a bug state. The vulnerability detection method also comprises the steps of outputting the initial evaluation detection result to a defect management platform to generate a vulnerability list; and outputting the reevaluation detection result to a defect management platform to update the leakage order. Specifically, as shown in fig. 4, after the vulnerability preliminary evaluation detection is executed, the vulnerability name, the vulnerability type, the vulnerability address, the vulnerability description, the hazard level, the repair suggestion and the vulnerability status are output to the defect management platform through the interface, so that the vulnerability statement is generated on the defect management platform. And after the vulnerability review detection is executed, outputting the vulnerability state to a defect management platform, and updating the vulnerability list by the defect management platform, wherein the vulnerability state comprises repaired, left-over and neglected. In addition, the defect management platform in the present invention may be implemented by jira, but is not limited thereto.
As shown in fig. 5, after the vulnerability detection of the system to be detected is completed, the vulnerability can be further subjected to automatic statistics from three dimensions of hazard distribution, TOP5 type distribution and repair condition. The method mainly comprises the steps that the damage distribution is mainly used for counting the vulnerability damage level distribution in the system to be tested, wherein the vulnerability damage level distribution comprises four types of serious types, high-risk types, medium-risk types and low-risk types, and a user can improve or perfect the system to be tested according to the vulnerability damage distribution counting condition. TOP5 type distribution is mainly used for counting leak type distribution in a system to be tested, and further unified security reinforcement can be performed on a development framework, middleware and the like. The method mainly comprises the steps that repaired bugs, unrepaired bugs and repair cycles of all the bugs are counted, a user can make effective measures to promote timely correction of the bugs by checking repair condition statistics of the bugs and aiming at product lines with more left bugs and long repair time, and the final closed loop of the bugs is achieved. Therefore, through multidimensional statistics on the vulnerabilities, efficient management of the vulnerabilities inside the enterprise is achieved. After the vulnerability statistics is completed, the user can query the statistical result by customizing different time periods, and the statistical result can be presented to the user in a page form or can be exported in a report form.
It should be noted that, although the foregoing embodiments describe each step in a specific sequence, those skilled in the art will understand that, in order to achieve the effect of the present invention, different steps do not necessarily need to be executed in such a sequence, and they may be executed simultaneously (in parallel) or in other sequences, and these changes are all within the protection scope of the present invention.
Furthermore, the invention also provides a vulnerability detection device.
Referring to fig. 6, fig. 6 is a main structural block diagram of a vulnerability detection apparatus according to an embodiment of the present invention. As shown in fig. 6, the vulnerability detection apparatus in the embodiment of the present invention mainly includes an obtaining module 11, an initial evaluation detection module 12, a judgment module 13, and a review detection module 14. In some embodiments, one or more of the acquisition module 11, the preliminary evaluation module 12, the judgment module 13, and the review detection module 14 may be combined together into one module. In some embodiments, the obtaining module 11 may be configured to obtain the content of the preliminary evaluation input by the user. The preliminary evaluation detection module 12 may be configured to perform preliminary evaluation detection of a vulnerability of the system under test based on the preliminary evaluation detection content, and obtain a preliminary evaluation detection result. The determination module 13 may be configured to determine whether system rectification is required based on the preliminary evaluation detection result, and if so, rectify the system to be tested based on the preliminary evaluation detection result; if not, the vulnerability detection is finished. The reevaluation detection module 14 may be configured to perform vulnerability reevaluation detection on the modified system to be tested based on the preliminary evaluation detection result. In one embodiment, the description of the specific implementation function may refer to steps S101 to S104.
In one embodiment, the vulnerability primary evaluation detection and the vulnerability re-evaluation detection both comprise a first type vulnerability detection and a second type vulnerability detection, wherein the first type vulnerability detection is detected based on a scanning engine, and the second type vulnerability detection is detected based on a penetration test framework; the preliminary evaluation detection module comprises a preliminary evaluation detection submodule which is configured to perform first-class vulnerability detection and second-class vulnerability detection based on preliminary evaluation detection content to obtain a preliminary evaluation detection result; the penetration testing framework comprises an acquisition subunit, an analysis subunit and a vulnerability detection subunit, wherein the acquisition subunit is configured to acquire a testing rule or a testing template of the system to be tested; the analysis subunit is configured to analyze the obtained test rule or test template; the vulnerability detection subunit is configured to perform vulnerability detection on the system to be tested based on the analyzed test rule or the analyzed test template.
In one embodiment, the vulnerability detection device further comprises a work order generation and update module, wherein the work order generation and update module is configured to generate a work order based on the initial evaluation detection content input by the user, and the state of the work order is an application; when the vulnerability initial evaluation detection is carried out on the system to be detected based on the initial evaluation detection content, the work order state is updated to the initial evaluation; and when the corrected system to be tested is subjected to vulnerability reexamination detection, the work order state is updated to reexamination.
In one embodiment, the vulnerability detection apparatus further comprises an interface configured to output the preliminary evaluation detection result and the re-evaluation detection result to the defect management platform.
The technical principles, the solved technical problems and the generated technical effects of the vulnerability detection apparatus for executing the vulnerability detection method embodiment shown in fig. 1 are similar, and it can be clearly understood by those skilled in the art that for convenience and simplicity of description, the specific working process and related description of the vulnerability detection apparatus may refer to the contents described in the vulnerability detection method embodiment, and no further description is given here.
It will be understood by those skilled in the art that all or part of the flow of the method according to the above-described embodiment may be implemented by a computer program, which may be stored in a computer-readable storage medium and used to implement the steps of the above-described embodiments of the method when the computer program is executed by a processor. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable storage medium may include: any entity or device capable of carrying said computer program code, media, usb disk, removable hard disk, magnetic diskette, optical disk, computer memory, read-only memory, random access memory, electrical carrier wave signals, telecommunication signals, software distribution media, etc. It should be noted that the computer readable storage medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable storage media that does not include electrical carrier signals and telecommunications signals in accordance with legislation and patent practice.
Further, the invention also provides a vulnerability detection system, which comprises a vulnerability detection device and a defect management platform; the defect management platform is configured to generate a leakage order based on the initial evaluation detection result output by the vulnerability detection device, and update the leakage order based on the re-evaluation detection result output by the vulnerability detection device. Wherein the defect management platform may be implemented by, but not limited to, jira.
Furthermore, the invention also provides electronic equipment. In an embodiment of the electronic device according to the present invention, the electronic device includes a processor and a storage device, the storage device may be configured to store a program for executing the vulnerability detection method of the above method embodiment, and the processor may be configured to execute the program in the storage device, the program including but not limited to the program for executing the vulnerability detection method of the above method embodiment. For convenience of explanation, only the parts related to the embodiments of the present invention are shown, and details of the specific techniques are not disclosed.
Further, the invention also provides a computer readable storage medium. In one computer-readable storage medium embodiment according to the present invention, a computer-readable storage medium may be configured to store a program for executing the vulnerability detection method of the above-described method embodiment, and the program may be loaded and executed by a processor to implement the vulnerability detection method. For convenience of explanation, only the parts related to the embodiments of the present invention are shown, and details of the specific techniques are not disclosed. The computer readable storage medium may be a storage device formed by including various electronic devices, and optionally, the computer readable storage medium is a non-transitory computer readable storage medium in the embodiment of the present invention.
Further, it should be understood that, since the setting of each module is only for explaining the functional units of the apparatus of the present invention, the corresponding physical devices of the modules may be processes
The processor itself, or a part of the software, a part of the hardware, or a part of a combination of the software and the hardware in the processor. Thus, the number of individual modules in the figures is merely illustrative.
Those skilled in the art will appreciate that the various modules in the apparatus may be adaptively split or combined. Such splitting or combining of specific modules does not cause the technical solutions to deviate from the principle of the present invention, and therefore, the technical solutions after splitting or combining will fall within the protection scope of the present invention.
So far, the technical solutions of the present invention have been described in connection with the preferred embodiments shown in the drawings, but it is easily understood by those skilled in the art that the scope of the present invention is obviously not limited to these specific embodiments. Equivalent changes or substitutions of related technical features can be made by those skilled in the art without departing from the principle of the invention, and the technical scheme after the changes or substitutions can fall into the protection scope of the invention.

Claims (12)

1. A vulnerability detection method is characterized by comprising the following steps:
acquiring initial evaluation detection content input by a user;
performing vulnerability preliminary evaluation detection on the system to be detected based on the preliminary evaluation detection content to obtain a preliminary evaluation detection result;
judging whether system rectification is needed or not based on the initial evaluation detection result;
if so, modifying the system to be tested based on the initial evaluation detection result, and performing vulnerability re-evaluation detection on the modified system to be tested; if not, the vulnerability detection of the system to be detected is finished.
2. The vulnerability detection method of claim 1, wherein the preliminary assessment test content comprises at least one of a system name to be tested, a project name associated with a defect management platform, middleware information, a server address, an open port and application information.
3. The vulnerability detection method according to claim 1, wherein the vulnerability preliminary assessment detection and the vulnerability review detection both comprise a first type vulnerability detection and a second type vulnerability detection, the first type vulnerability detection is based on a scanning engine for detection, and the second type vulnerability detection is based on a penetration test framework for detection;
performing vulnerability preliminary evaluation detection on the system to be detected based on the preliminary evaluation detection content, wherein the step of obtaining a preliminary evaluation detection result comprises the following steps: performing first-class vulnerability detection and second-class vulnerability detection based on the preliminary evaluation detection content to obtain a preliminary evaluation detection result;
the penetration testing framework performs vulnerability detection based on the following steps:
acquiring a test rule or a test template of a system to be tested;
analyzing the obtained test rule or test template;
and carrying out vulnerability detection on the system to be tested based on the analyzed test rule or test template.
4. The vulnerability detection method of claim 1, further comprising: generating a work order based on the initial evaluation detection content input by the user, wherein the work order is in an application state;
when the vulnerability initial evaluation detection is carried out on the system to be detected based on the initial evaluation detection content, the work order state is updated to be initial evaluation;
and when the corrected system to be tested is subjected to vulnerability reexamination detection, the work order state is updated to reexamination.
5. The vulnerability detection method of claim 1, wherein the preliminary assessment detection results comprise vulnerability name, vulnerability type, vulnerability address, vulnerability description, hazard level, repair advice and vulnerability status;
the vulnerability detection method further comprises the following steps:
outputting the initial evaluation detection result to a defect management platform to generate a leakage order; and
and outputting the re-evaluation detection result to a defect management platform to update the leakage order.
6. A vulnerability detection apparatus, comprising:
the acquisition module is configured to acquire the initial evaluation detection content input by the user;
the preliminary evaluation detection module is configured to perform preliminary evaluation detection on the vulnerability of the system to be detected based on the preliminary evaluation detection content to obtain a preliminary evaluation detection result;
the judging module is configured to judge whether system rectification is needed or not based on the preliminary evaluation detection result, and if so, rectify and rectify the system to be detected based on the preliminary evaluation detection result; if not, ending the vulnerability detection;
and the reevaluation detection module is configured to perform vulnerability reevaluation detection on the modified system to be detected based on the preliminary evaluation detection result.
7. The vulnerability detection device of claim 6, wherein the vulnerability preliminary assessment detection and the vulnerability review detection both comprise a first type vulnerability detection and a second type vulnerability detection, the first type vulnerability detection is based on a scanning engine for detection, and the second type vulnerability detection is based on a penetration testing framework for detection;
the preliminary evaluation detection module comprises a preliminary evaluation detection submodule which is configured to perform first-class vulnerability detection and second-class vulnerability detection based on the preliminary evaluation detection content to obtain a preliminary evaluation detection result;
the penetration test frame comprises:
the acquisition subunit is configured to acquire a test rule or a test template of the system to be tested;
the analysis subunit is configured to analyze the obtained test rule or test template;
and the vulnerability detection subunit is configured to perform vulnerability detection on the system to be tested based on the analyzed test rule or the analyzed test template.
8. The vulnerability detection device of claim 6, further comprising a work order generation and update module configured to generate a work order based on the preliminary assessment detection content input by a user, the work order status being an application; when the vulnerability initial evaluation detection is carried out on the system to be detected based on the initial evaluation detection content, the work order state is updated to be initial evaluation; and when the corrected system to be tested is subjected to vulnerability reexamination detection, the work order state is updated to reexamination.
9. The vulnerability detection apparatus of claim 6, further comprising an interface configured to output the preliminary evaluation detection result and the re-evaluation detection result to a defect management platform.
10. A vulnerability detection system comprising the vulnerability detection apparatus of any of claims 6-9 and a defect management platform;
the defect management platform is configured to: and generating a leakage order based on the initial evaluation detection result output by the leakage detection device, and updating the leakage order based on the reevaluation detection result output by the leakage detection device.
11. An electronic device comprising a processor and a storage adapted to store a plurality of program codes, wherein the program codes are adapted to be loaded and run by the processor to perform the vulnerability detection method of any of claims 1 to 5.
12. A computer readable storage medium having stored therein a plurality of program codes, characterized in that the program codes are adapted to be loaded and executed by a processor to perform the vulnerability detection method according to any of claims 1 to 5.
CN202111391609.2A 2021-11-19 2021-11-19 Vulnerability detection method, device and system Pending CN114186241A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111391609.2A CN114186241A (en) 2021-11-19 2021-11-19 Vulnerability detection method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111391609.2A CN114186241A (en) 2021-11-19 2021-11-19 Vulnerability detection method, device and system

Publications (1)

Publication Number Publication Date
CN114186241A true CN114186241A (en) 2022-03-15

Family

ID=80602348

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111391609.2A Pending CN114186241A (en) 2021-11-19 2021-11-19 Vulnerability detection method, device and system

Country Status (1)

Country Link
CN (1) CN114186241A (en)

Similar Documents

Publication Publication Date Title
CN104077531B (en) System vulnerability appraisal procedure, device and system based on open vulnerability assessment language
CN112182588B (en) Threat information-based operating system vulnerability analysis and detection method and system
CN111488578A (en) Continuous vulnerability management for modern applications
CN108537042A (en) Self-defined plug-in unit generation method, device, equipment and storage medium
CN103581185A (en) Cloud searching and killing method, device and system for resisting anti-antivirus test
CN111897721B (en) Automatic testing method of API (application program interface) and storage medium
CN112818352B (en) Database detection method and device, storage medium and electronic device
CN111221727A (en) Test method, test device, electronic equipment and computer readable medium
CN109446053A (en) Test method, computer readable storage medium and the terminal of application program
CN110287700B (en) iOS application security analysis method and device
CN116383833A (en) Method and device for testing software program code, electronic equipment and storage medium
CN117493188A (en) Interface testing method and device, electronic equipment and storage medium
CN116431522A (en) Automatic test method and system for low-code object storage gateway
Marandi et al. Implementing and Automating Security Scanning to a DevSecOps CI/CD Pipeline
CN111125066A (en) Method and device for detecting functions of database audit equipment
CN114186241A (en) Vulnerability detection method, device and system
CN114282221B (en) Injection type vulnerability detection method, system, terminal and storage medium
CN116248393A (en) Intranet data transmission loophole scanning device and system
Wang et al. A model-based behavioral fuzzing approach for network service
CN112015715A (en) Industrial Internet data management service testing method and system
CN110032872A (en) A kind of service logic leak detection method and device
KR102589662B1 (en) compliance management system through automatic diagnosis of infrastructure asset threat and method therefor
CN115361203A (en) Vulnerability analysis method based on distributed scanning engine
CN115391230A (en) Test script generation method, test script penetration method, test script generation device, test penetration device, test equipment and test medium
Rajaram et al. Taxonomy‐based testing and validation of a new defect classification for health software

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination