CN114329486A - Asset vulnerability management method and device, electronic equipment and storage medium - Google Patents
Asset vulnerability management method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN114329486A CN114329486A CN202111601386.8A CN202111601386A CN114329486A CN 114329486 A CN114329486 A CN 114329486A CN 202111601386 A CN202111601386 A CN 202111601386A CN 114329486 A CN114329486 A CN 114329486A
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- asset
- information
- scanning
- existing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 38
- 238000000034 method Methods 0.000 claims abstract description 67
- 230000008439 repair process Effects 0.000 claims abstract description 61
- 230000011218 segmentation Effects 0.000 claims description 18
- 238000004590 computer program Methods 0.000 claims description 5
- 230000008569 process Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 7
- 238000013515 script Methods 0.000 description 5
- 230000009471 action Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000013102 re-test Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000003062 neural network model Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application provides an asset vulnerability management method, an asset vulnerability management device, electronic equipment and a storage medium, and relates to the field of network security. The method comprises the following steps: scanning a target asset to acquire a vulnerability of the target asset, wherein the target asset is determined based on selection of a user; comparing the vulnerability with existing vulnerabilities repaired in a vulnerability database; and when the vulnerability is determined not to be in the vulnerability library, feeding vulnerability information back to technicians to enable the technicians to repair the vulnerability, and storing the vulnerability and the corresponding repair method into the vulnerability library, so that when repeated vulnerabilities identical to the vulnerability are scanned, the repair method corresponding to the vulnerability is called to repair the repeated vulnerabilities. By uniformly managing the loopholes, the management efficiency and the repair efficiency of the loopholes are improved, the asset security is further improved, and the property loss caused by the loopholes is reduced.
Description
Technical Field
The present application relates to the field of network security, and in particular, to an asset vulnerability management method, an asset vulnerability management apparatus, an electronic device, and a computer-readable storage medium.
Background
In the prior art, when a security vulnerability occurs in asset equipment, a professional is usually required to repair the security vulnerability, however, as the vulnerability is not uniformly managed, when the vulnerability repeatedly occurs, frequent calling personnel are required to repair the vulnerability, so that the workload of related personnel is large, the vulnerability repair time is long, and the vulnerability repair efficiency is low. The frequent vulnerability and low repair efficiency easily cause the safety problem of the asset equipment, thereby causing property loss.
Disclosure of Invention
In view of the above, the present invention is directed to an asset vulnerability management method, an asset vulnerability management apparatus, an electronic device and a computer-readable storage medium, so as to reduce the workload of vulnerability repair personnel, improve the vulnerability repair efficiency and reduce the occurrence of security problems of asset devices.
In a first aspect, an embodiment of the present application provides an asset vulnerability management method, including: scanning a target asset to acquire a vulnerability of the target asset, wherein the target asset is determined based on selection of a user; comparing the vulnerability with existing vulnerabilities repaired in a vulnerability database; and when the vulnerability is determined not to be in the vulnerability library, feeding vulnerability information back to technicians to enable the technicians to repair the vulnerability, and storing the vulnerability and the corresponding repair method into the vulnerability library, so that when repeated vulnerabilities identical to the vulnerability are scanned, the repair method corresponding to the vulnerability is called to repair the repeated vulnerabilities.
In the embodiment of the application, by acquiring the existing vulnerabilities of the target assets and comparing the vulnerabilities with existing vulnerabilities in a vulnerability library, whether the vulnerability of the target asset is the same as the existing vulnerability which is already repaired can be quickly judged, when the vulnerability is determined not to be in the vulnerability database, the feedback is given to the technical personnel and the technical personnel can repair the vulnerability, meanwhile, the bug and the repair method of the technical staff to the bug are stored, so that when the same bug appears in the subsequent assets, the corresponding repair method can be quickly called to repair the repeated bug, thereby reducing the workload of technical personnel for repairing the loophole, simplifying the repairing process, improving the repairing efficiency of the loophole, the vulnerability is stored in the vulnerability library for unified management, so that the vulnerability management efficiency is improved, the asset security is improved, and the property loss caused by the vulnerability is reduced.
In an embodiment, the comparing the vulnerability with the repaired existing vulnerability in the vulnerability library includes: acquiring vulnerability information of the vulnerability; comparing the vulnerability information with existing vulnerability information of the existing vulnerability; and when the similarity between the vulnerability information and the existing vulnerability information is smaller than a preset threshold value, determining that the vulnerability is not in the vulnerability library.
In the embodiment of the application, by comparing the vulnerability information with the vulnerability information of the existing vulnerability in the vulnerability library, when the similarity between the vulnerability information and the vulnerability information is smaller than the preset threshold value, the vulnerability is determined not to be in the vulnerability library, so that the vulnerability which is the same as or similar to the vulnerability is judged to be not repaired, a technician is conveniently notified to repair the vulnerability in time, the vulnerability repairing efficiency is improved, the time for existence of the vulnerability is shortened, and the asset security is improved.
In an embodiment, when the similarity between the vulnerability information and the existing vulnerability information is greater than the preset threshold value, the vulnerability is determined to be a repeated vulnerability.
In the embodiment of the application, by comparing the vulnerability information with the vulnerability information of the existing vulnerability in the vulnerability library, when the similarity between the two is greater than the preset threshold value, the vulnerability is determined to be a repeated vulnerability, namely, the vulnerability identical/similar to the vulnerability exists in the vulnerability library, so that whether a repairing method corresponding to the vulnerability exists can be quickly judged, a subsequent repairing method is called to repair the vulnerability in time, the efficiency of vulnerability repairing is improved, the time for the vulnerability to exist is shortened, and the asset security is improved.
In an embodiment, before comparing the vulnerability with the repaired existing vulnerability in the vulnerability library, the method further includes: performing ik word segmentation on the vulnerability information to obtain word segmentation results; comparing the vulnerability information with existing vulnerability information of the existing vulnerability, including: and comparing the word segmentation result with the existing vulnerability information of the existing vulnerability.
In the embodiment of the application, through ik word segmentation, the keywords of the vulnerability information can be extracted, and the word segmentation result is obtained, so that the information such as the importance degree and the emergency degree of the vulnerability can be judged, the vulnerability can be repaired in time, the loss caused by the vulnerability is reduced, and the safety of assets is improved.
In one embodiment, before the scanning the target asset, the method further includes: inputting assets and corresponding asset information based on user operation; and encrypting the asset information, generating an asset primary key corresponding to the asset and storing the asset primary key into an asset database, wherein the asset primary key is an identification character string used for representing the asset information.
In the embodiment of the application, the asset information is input based on the operation of the user, so that the user can select the target asset and scan the target asset. The security of the asset information is improved by encrypting the asset information.
In an embodiment, the scanning the target asset to obtain the vulnerability of the target asset includes: creating a scanning task based on the target asset selected by a user; and acquiring threads with the same number from multiple threads created in advance based on the number of the scanning tasks, executing the scanning tasks, and respectively scanning the target assets corresponding to the scanning tasks, wherein the threads and the vulnerability scanning engines are the same in number and are bound in a one-to-one mode.
In the embodiment of the application, one thread is bound with one vulnerability scanning engine, multiple threads are used for respectively scanning target assets corresponding to different scanning tasks, multiple scanning tasks can be simultaneously carried out, multiple assets are simultaneously scanned, the scanning efficiency is improved, only one thread and the corresponding vulnerability scanning engine are used for one scanning task, and the problem that vulnerability scanning results are repeated due to the fact that multiple vulnerability scanning engines simultaneously scan one target asset can be avoided.
In an embodiment, after repairing the vulnerability and storing the vulnerability and the corresponding repairing method in the vulnerability library, the method further includes: and retesting the target asset to determine that the bug repair of the target asset is completed.
In the embodiment of the application, the target assets are retested to ensure that the vulnerability is repaired, so that potential safety hazards caused by unrepaired vulnerability can be reduced, and meanwhile, the retesting can also avoid the problem that a new vulnerability is not discovered in time.
In a second aspect, an embodiment of the present application provides an asset vulnerability management apparatus, including: the scanning module is used for scanning the target assets based on the scanning tasks created by the user to acquire the vulnerabilities of the target assets; the processing module is used for comparing the vulnerability with the repaired existing vulnerability in the vulnerability library; the processing module is further used for feeding back vulnerability information to technical staff when the vulnerability is determined not to be in the vulnerability database, so that the technical staff can repair the vulnerability, and storing the vulnerability and the corresponding repair method into the vulnerability database, so that when repeated vulnerabilities identical to the vulnerability occur, the repair method is called to repair the repeated vulnerabilities.
In a third aspect, an embodiment of the present application provides an electronic device, including a memory and a processor, where the memory stores computer-readable instructions, and the computer-readable instructions, when executed by the processor, cause the processor to execute an asset vulnerability management method according to the first aspect or implement functions of an asset vulnerability management apparatus according to the second aspect.
In a fourth aspect, the present application provides a computer-readable storage medium, where a computer program is stored, and when the computer program runs on a computer, the computer is caused to execute an asset vulnerability management method according to the first aspect or to implement the functions of the asset vulnerability management apparatus according to the second aspect.
Additional features and advantages of the disclosure will be set forth in the description which follows, or in part may be learned by the practice of the above-described techniques of the disclosure, or may be learned by practice of the disclosure.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a flowchart of an asset vulnerability management method provided in an embodiment of the present application;
FIG. 2 is a diagram illustrating multithreading provided by an embodiment of the present application;
fig. 3 is a block diagram illustrating an asset vulnerability management apparatus according to an embodiment of the present disclosure;
fig. 4 is a block diagram of an electronic device according to an embodiment of the present disclosure.
Icon: asset vulnerability management apparatus 200; a scanning module 220; a processing module 210.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
Assets refer to various types of devices, systems, software and the like owned by a company, such as a computer, a server, an operating system, a database and the like, various data, files and the like of the company are usually stored in various assets, and when a security vulnerability occurs in the assets, the assets are possibly invaded, so that the data of the company is leaked, property loss is brought to the company, and therefore the assets need to be scanned regularly and the existing vulnerability needs to be repaired.
The vulnerability scanning can utilize some scripts to detect open ports and services, for example, each safety tool is utilized to carry out manual operation, tasks of scanning and detection are issued, assets needing to be scanned are detected, and vulnerabilities existing in asset equipment are determined. After the vulnerability is scanned, a special technician is usually required to repair the vulnerability so as to restore the assets to normal and avoid data leakage and property loss caused by intrusion. However, in the prior art, since the vulnerabilities are not managed uniformly, when a vulnerability occurs, a technician is required to repair each vulnerability, which results in a large workload and low efficiency of manual repair.
Referring to fig. 1, fig. 1 is a flowchart of an asset vulnerability management method according to an embodiment of the present application, where the method includes the following steps:
s110, scanning the target assets to obtain the vulnerabilities of the target assets, wherein the target assets are determined based on selection of a user.
In one embodiment, the process of scanning the target asset comprises: creating a scanning task based on the target asset selected by the user; and acquiring the same number of threads from the pre-created multiple threads based on the number of the scanning tasks, executing the scanning tasks, and respectively scanning the target assets corresponding to the scanning tasks, wherein the number of the threads is the same as that of the vulnerability scanning engines, and the threads are bound one to one.
In this embodiment, after the user selects the target asset to be scanned, a scanning task for scanning the target asset may be generated. For example, when a user needs to scan a computer in a meeting room, the user can select the computer in the meeting room, and a scanning task for the computer in the meeting room is generated according to the selection of the user. In some embodiments, a scanning task created by the user terminal can be received, and the target asset selected by the user is determined from the scanning task.
In this embodiment, after the scan task for the target asset is generated, the scan task may be sent to the terminal device of the relevant responsible person for auditing, and after the scan task passes the auditing of the responsible person, the scan task is sent to the task queue to wait for scanning.
In this embodiment, the scanning task is executed by calling the threads in the multiple threads, the target asset is scanned, and before the scanning task is executed by using the multiple threads, the multiple threads capable of scanning the vulnerability need to be created.
Referring to fig. 2, fig. 2 is a schematic diagram of a multithread processing task according to an embodiment of the present application.
In this embodiment, the manner of creating multiple threads includes: the same number of threads are created according to the number of scan engines, and after the threads are created, the threads are bound to the engines, one thread being bound to one engine. As shown in FIG. 2, thread 1 is bound to engine 1, thread 2 is bound to engine 2, and thread 3 is bound to engine 3. After the thread and the engine are bound, the thread and the engine are placed into a thread pool, so that the thread can be called when a scanning task is executed, and the engine bound by the thread is called to scan a target asset corresponding to the scanning task.
In this embodiment, one thread may execute one scan task, and multiple threads may execute multiple scan tasks simultaneously. Specifically, when there is a thread that is not in a use state in the thread pool, the thread may be called from the thread pool to execute a scanning task, and one thread executes one scanning task, for example, threads 1 to 3 may respectively execute three scanning tasks, so that executing multiple tasks simultaneously may effectively improve efficiency of vulnerability scanning, and may also avoid a problem of duplicate scanning results. The scanning task may be only one target asset, or may include multiple target assets, and when multiple target assets are included, the scanning engine scans the target assets one by one to determine vulnerabilities existing in the target assets. When no thread capable of executing the scanning task exists in the thread pool, namely the thread in the thread pool is 0, the scanning task waits in the scanning queue, and when the thread finishes the scanning task and returns to the thread pool again, the thread is called from the thread pool to execute the scanning task.
In one embodiment, before being used for selecting a target asset to scan, information of the asset needs to be entered, and the entering process includes: inputting assets and corresponding asset information based on user operation; and encrypting the asset information to generate an asset primary key corresponding to the asset and storing the asset primary key into an asset database, wherein the asset primary key is an identification character string used for representing the asset information.
In this embodiment, the information of the assets needs to be first entered into the asset database, so that the user can select the target assets to be scanned from the asset database. Specifically, the information to be entered may include: the method comprises the steps that information such as an IP address, an equipment type, a service system, a port number, a department, an operating system, a login user name and a password of an asset can be correspondingly input by a user according to the information of the asset, it can be understood that different types of information can be input in different scenes, the input information of different assets is different, and the information to be input can be reasonably selected and set according to requirements. Wherein, the asset database can be a MySQL database, a SQLServer database, etc.
In this embodiment, the information of the asset may also be encrypted and then entered into the asset database, and specifically, the information of the asset may be encrypted by using the encryption method of MD5 to generate an asset primary key corresponding to the asset, where the asset primary key is an identification character string representing the asset information and is stored in the database, so that the security of the asset information may be improved.
S120, comparing the vulnerability with the repaired existing vulnerability in the vulnerability database.
In this embodiment, a vulnerability database is further provided, where the repaired vulnerability and vulnerability information corresponding to the vulnerability are stored in the vulnerability database, that is, the repaired vulnerability is an existing vulnerability.
In one embodiment, comparing the vulnerability to existing vulnerabilities repaired in a vulnerability library includes: acquiring vulnerability information of a vulnerability; comparing the vulnerability information with existing vulnerability information of existing vulnerabilities; and when the similarity between the vulnerability information and the existing vulnerability information is smaller than a preset threshold value, determining that the vulnerability is not in the vulnerability library.
In this embodiment, before comparing the vulnerability with the existing vulnerability, the vulnerability may be analyzed to obtain vulnerability information describing the vulnerability, for example, vulnerability category, vulnerability problem description, and vulnerability keyword. After the vulnerability information is obtained, the information of the vulnerability, such as the state of the vulnerability, the name, the existence time, the location and the like of the vulnerability, can be displayed to the user.
In this embodiment, after acquiring the vulnerability information, comparing the vulnerability information with existing vulnerability information of existing vulnerabilities in a vulnerability library, which may be calculating similarity between the vulnerability information and the existing vulnerability information, determining the vulnerability as a repeated vulnerability when the similarity is greater than a preset threshold, that is, when the similarity is less than the preset threshold, determining that the vulnerability is not in the vulnerability library, for example, when the similarity between a first vulnerability of a target asset and one or more vulnerabilities in the vulnerability library is greater than 85%, determining that the first vulnerability is a repeated vulnerability, and when the similarity between a second vulnerability of the target asset and existing vulnerabilities in the vulnerability library is less than 85%, determining that the second vulnerability is not in the vulnerability library. Wherein, the similarity can be calculated by adopting a neural network model.
In this embodiment, when it is determined that the vulnerability is not in the vulnerability database, the information of the vulnerability may be encrypted to generate a vulnerability main key, where the encryption mode may use MD5, and the vulnerability main key is an identification character string, and after encryption, the vulnerability main key, the asset main key, and the information of the scanning task are established and stored in the database, so as to facilitate subsequent lookup.
In an embodiment, before comparing the vulnerability information with the existing vulnerability information, ik word segmentation may be performed on the vulnerability information to obtain a word segmentation result, specifically, the word segmentation result may include preset key words and other information of the vulnerability, when the ik word segmentation is used for segmenting the vulnerability information, preset key words included in the vulnerability information are extracted, in an actual situation, the key words may be set according to an actual situation, for example, the key words related to the vulnerability emergency state, the location where the vulnerability occurs, and the like are set, and after the word segmentation, the word segmentation result may be compared with the existing vulnerability information of the vulnerability to determine whether the vulnerability is in the vulnerability library. Therefore, the user can obtain the bug information such as the emergency situation, the severity and the like of the bug through ik word segmentation, and then reasonably arrange the repair sequence of the bug, the call of the repair technicians and the like.
S130, when the fact that the bug is not in the bug base is determined, feeding back bug information to technicians to enable the technicians to repair the bug, and storing the bug and the corresponding repairing method into the bug base, so that when the repeated bug identical to the bug is scanned, the repairing method corresponding to the bug is called to repair the repeated bug.
In this embodiment, the vulnerability database further stores a repairing method corresponding to the repaired vulnerability, where the repairing method may be a repairing script, a patch, or the like, and when there is a repeated vulnerability in the vulnerability appearing in the target asset, the repairing method corresponding to the vulnerability may be called from the vulnerability database to repair the vulnerability.
In this embodiment, when it is determined that a bug is not in the bug library, a relevant technician needs to be notified to repair the bug, and after the technician repairs the bug, the repair process of the technician and the used scripts and patches are generated into a repair script package and a corresponding repair method. Meanwhile, the vulnerability and the corresponding repairing method are stored in the vulnerability database, specifically, the vulnerability main key and the corresponding repairing script packet can be stored in the vulnerability database. After the vulnerability and the corresponding repairing method are stored in the vulnerability library, when repeated vulnerabilities are encountered subsequently, the corresponding repairing method can be directly called to repair the vulnerability.
In one embodiment, after the vulnerability is repaired and the vulnerability and the corresponding repair method are stored in the vulnerability database, the target asset is retested to determine that the vulnerability repair of the target asset is completed.
In this embodiment, after the scanned vulnerabilities in all target assets in one scanning task are completely repaired, the scanning task, the asset primary key and the vulnerability primary key of the target asset may be stored in the query database, so that a user or a technician may query the relevant information of the assets, vulnerabilities and tasks from the query database, and thus, the security state of the assets may be known in time, and the security of the assets may be further improved. Wherein the query database may be an elastic search database.
In this embodiment, after all bugs of the target asset are repaired by calling a repair method or arranging a technician, the state of the target asset may be modified to be repaired. Meanwhile, a retest task of the target asset is periodically generated to determine that the bug in the target asset is repaired, and whether a new bug exists in the target asset is also checked.
In the embodiment of the application, the full life cycle of vulnerability generation, scanning, repair and management is managed, so that vulnerability repair efficiency and management efficiency are effectively improved, and asset safety is further improved. The method comprises the steps of obtaining the vulnerability of a target asset, comparing the vulnerability with the existing vulnerability in a vulnerability library, rapidly judging whether the vulnerability of the target asset is the same as the repaired existing vulnerability, feeding back to technicians and repairing when the vulnerability is different, namely when the vulnerability is determined not to be in the vulnerability library, storing the vulnerability and the repairing method of the technicians for repairing the vulnerability, and being convenient for rapidly calling the corresponding repairing method to repair repeated vulnerabilities when the same vulnerability appears in subsequent assets, so that the workload of the technicians for repairing the vulnerability is reduced, the repairing process is directly simplified by calling the repairing method, the repairing efficiency of the vulnerability is improved, the asset safety is improved, the vulnerability is repaired in time, and property loss caused by the vulnerability is reduced.
Referring to fig. 3, fig. 3 is a block diagram of an asset vulnerability management apparatus according to an embodiment of the present application, where the asset vulnerability management apparatus 200 includes: a processing module 210 and a scanning module 220.
The scanning module 220 is configured to scan the target asset to obtain a vulnerability of the target asset;
the processing module 210 is connected with the scanning module, and can call the asset database and the vulnerability database to compare the vulnerability with the repaired existing vulnerability in the vulnerability database;
the processing module 210 is further configured to, when it is determined that the vulnerability is not in the vulnerability database, feed back vulnerability information to a technician so that the technician repairs the vulnerability, and store the vulnerability and a corresponding repair method in the vulnerability database so that, when a repeated vulnerability identical to the vulnerability occurs, a repair method is called to repair the repeated vulnerability.
The processing module 210 is further configured to obtain vulnerability information of a vulnerability; comparing the vulnerability information with existing vulnerability information of existing vulnerabilities; when the similarity between the vulnerability information and the existing vulnerability information is smaller than a preset threshold value, determining that the vulnerability is not in a vulnerability library; and when the similarity between the vulnerability information and the existing vulnerability information is greater than a preset threshold value, determining the vulnerability as a repeated vulnerability.
The processing module 210 is further configured to perform ik word segmentation on the vulnerability information, obtain a word segmentation result, and compare the word segmentation result with existing vulnerability information of existing vulnerabilities.
The processing module 210 is further configured to enter assets and corresponding asset information based on the operation of the user; and encrypting the asset information to generate an asset primary key corresponding to the asset and storing the asset primary key into an asset database, wherein the asset primary key is an identification character string used for representing the asset information.
A processing module 210, further configured to create a scanning task based on the target asset selected by the user; and acquiring threads with the same quantity from the multiple threads created in advance based on the quantity of the scanning tasks, executing the scanning tasks, and respectively scanning the target assets corresponding to the scanning tasks, wherein the threads and the vulnerability scanning engines have the same quantity and are bound in a one-to-one mode.
The processing module 210 is further connected to a terminal used by the user, and is configured to receive asset information entered by the terminal used by the user, encrypt the asset information, and store the encrypted asset information in an asset database. The processing module can also receive an asset scanning task created by a user at a used terminal so as to complete the scanning and bug fixing of the target asset.
The scanning module 220 is further configured to retest the target asset to determine that the bug fix of the target asset is completed.
It can be understood that the asset vulnerability management apparatus 200 provided in the present application corresponds to the asset vulnerability management method provided in the present application, and for brevity of the description, the same or similar parts may refer to the contents of the asset vulnerability management method part, and are not described herein again.
The modules in the asset vulnerability management apparatus may be implemented in whole or in part by software, hardware, and combinations thereof. The modules can be embedded in a hardware form or independent of a processor in the server, and can also be stored in a memory in the server in a software form, so that the processor can call and execute operations corresponding to the modules. The processor can be a Central Processing Unit (CPU), a microprocessor, a singlechip and the like.
The above-described asset vulnerability management method or storage may be implemented in the form of computer readable instructions that may be executed on an electronic device as shown in fig. 4.
An embodiment of the present application further provides an electronic device, which includes a memory, a processor, and computer readable instructions stored in the memory and executable on the processor, where the processor executes the program to implement the asset vulnerability management method.
Fig. 4 is a schematic diagram of an internal structure of an electronic device according to an embodiment of the present application, where the electronic device may be a server. Referring to fig. 4, the electronic device includes a processor, a nonvolatile storage medium, an internal memory, an input device, a display screen, and a network interface, which are connected by a system bus. The non-volatile storage medium of the electronic device may store an operating system and computer readable instructions, and when the computer readable instructions are executed, the processor may execute the asset vulnerability management method according to the embodiments of the present application, and specific implementation processes of the method may refer to specific contents in fig. 1 and fig. 3, which are not described herein again. The processor of the electronic device is used for providing calculation and control capability and supporting the operation of the whole electronic device. The internal memory may have stored therein computer readable instructions that, when executed by the processor, may cause the processor to perform a method of asset vulnerability management. The input device of the electronic equipment is used for inputting various parameters, the display screen of the electronic equipment is used for displaying, and the network interface of the electronic equipment is used for network communication. Those skilled in the art will appreciate that the configuration shown in fig. 4 is a block diagram of only a portion of the configuration associated with the present application, and does not constitute a limitation on the electronic device to which the present application is applied, and a particular electronic device may include more or less components than those shown in the drawings, or combine certain components, or have a different arrangement of components.
Based on the same inventive concept, an embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, and when the computer program runs on a computer, the computer is enabled to execute the asset vulnerability management method.
In the embodiments provided in the present application, it should be understood that the disclosed method and apparatus may be implemented in other ways. The above-described apparatus embodiments are merely illustrative. The functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Claims (10)
1. An asset vulnerability management method, comprising:
scanning a target asset to acquire a vulnerability of the target asset, wherein the target asset is determined based on selection of a user;
comparing the vulnerability with existing vulnerabilities repaired in a vulnerability database;
and when the vulnerability is determined not to be in the vulnerability library, feeding vulnerability information back to technicians to enable the technicians to repair the vulnerability, and storing the vulnerability and the corresponding repair method into the vulnerability library, so that when repeated vulnerabilities identical to the vulnerability are scanned, the repair method corresponding to the vulnerability is called to repair the repeated vulnerabilities.
2. The method of claim 1, wherein comparing the vulnerability to existing vulnerabilities repaired in a vulnerability library comprises: acquiring vulnerability information of the vulnerability; comparing the vulnerability information with existing vulnerability information of the existing vulnerability; and when the similarity between the vulnerability information and the existing vulnerability information is smaller than a preset threshold value, determining that the vulnerability is not in the vulnerability library.
3. The method of claim 2, further comprising: and when the similarity between the vulnerability information and the existing vulnerability information is greater than the preset threshold value, determining that the vulnerability is a repeated vulnerability.
4. The method of claim 2 or 3, wherein before comparing the vulnerability to existing vulnerabilities repaired in a vulnerability library, the method further comprises: performing ik word segmentation on the vulnerability information to obtain word segmentation results;
comparing the vulnerability information with existing vulnerability information of the existing vulnerability, including: and comparing the word segmentation result with the existing vulnerability information of the existing vulnerability.
5. The method of claim 1, wherein prior to scanning the target asset, the method further comprises: inputting assets and corresponding asset information based on user operation; and encrypting the asset information, generating an asset primary key corresponding to the asset and storing the asset primary key into an asset database, wherein the asset primary key is an identification character string used for representing the asset information.
6. The method according to claim 1, wherein the scanning the target asset for the vulnerability existing in the target asset comprises: creating a scanning task based on the target asset selected by a user; and acquiring threads with the same number from multiple threads created in advance based on the number of the scanning tasks, executing the scanning tasks, and respectively scanning the target assets corresponding to the scanning tasks, wherein the threads and the vulnerability scanning engines are the same in number and are bound in a one-to-one mode.
7. The method of claim 1, wherein after repairing the vulnerability and storing the vulnerability and a corresponding repair method in the vulnerability repository, the method further comprises: and retesting the target asset to determine that the bug repair of the target asset is completed.
8. An asset vulnerability management apparatus, comprising:
the scanning module is used for scanning the target assets to acquire the vulnerabilities of the target assets;
the processing module is used for comparing the vulnerability with the repaired existing vulnerability in the vulnerability library;
the processing module is further used for feeding back vulnerability information to technical staff when the vulnerability is determined not to be in the vulnerability database, so that the technical staff can repair the vulnerability, and storing the vulnerability and the corresponding repair method into the vulnerability database, so that when repeated vulnerabilities identical to the vulnerability occur, the repair method is called to repair the repeated vulnerabilities.
9. An electronic device comprising a memory and a processor, the memory having stored therein computer-readable instructions that, when executed by the processor, cause the processor to perform the method of any one of claims 1-7 or to implement the functionality of the asset vulnerability management apparatus of claim 8.
10. A computer-readable storage medium, having stored thereon a computer program which, when run on a computer, causes the computer to perform the method of any one of claims 1-7 or to implement the functionality of the asset vulnerability management apparatus of claim 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111601386.8A CN114329486A (en) | 2021-12-24 | 2021-12-24 | Asset vulnerability management method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111601386.8A CN114329486A (en) | 2021-12-24 | 2021-12-24 | Asset vulnerability management method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114329486A true CN114329486A (en) | 2022-04-12 |
Family
ID=81013488
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111601386.8A Pending CN114329486A (en) | 2021-12-24 | 2021-12-24 | Asset vulnerability management method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114329486A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115314276A (en) * | 2022-08-03 | 2022-11-08 | 厦门国际银行股份有限公司 | Security check management system, method and terminal equipment |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110933083A (en) * | 2019-11-29 | 2020-03-27 | 中电福富信息科技有限公司 | Vulnerability grade evaluation device and method based on word segmentation and attack matching |
| CN111240994A (en) * | 2020-01-20 | 2020-06-05 | 北京国舜科技股份有限公司 | Vulnerability processing method and device, electronic equipment and readable storage medium |
| CN112035843A (en) * | 2020-08-20 | 2020-12-04 | 深信服科技股份有限公司 | Vulnerability processing method and device, electronic equipment and storage medium |
| CN112395616A (en) * | 2019-08-15 | 2021-02-23 | 奇安信安全技术(珠海)有限公司 | Vulnerability processing method and device and computer equipment |
| CN112528294A (en) * | 2020-12-21 | 2021-03-19 | 网神信息技术(北京)股份有限公司 | Vulnerability matching method and device, computer equipment and readable storage medium |
| US20210124830A1 (en) * | 2019-10-29 | 2021-04-29 | Dell Products L.P. | Code vulnerability remediation |
| CN113642004A (en) * | 2021-08-11 | 2021-11-12 | 杭州安恒信息技术股份有限公司 | Container mirror image security scanning and repairing method, device and equipment |
| CN113709174A (en) * | 2021-09-03 | 2021-11-26 | 国网山东省电力公司电力科学研究院 | Network vulnerability heat reappearance and repair method for power monitoring system |
-
2021
- 2021-12-24 CN CN202111601386.8A patent/CN114329486A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112395616A (en) * | 2019-08-15 | 2021-02-23 | 奇安信安全技术(珠海)有限公司 | Vulnerability processing method and device and computer equipment |
| US20210124830A1 (en) * | 2019-10-29 | 2021-04-29 | Dell Products L.P. | Code vulnerability remediation |
| CN110933083A (en) * | 2019-11-29 | 2020-03-27 | 中电福富信息科技有限公司 | Vulnerability grade evaluation device and method based on word segmentation and attack matching |
| CN111240994A (en) * | 2020-01-20 | 2020-06-05 | 北京国舜科技股份有限公司 | Vulnerability processing method and device, electronic equipment and readable storage medium |
| CN112035843A (en) * | 2020-08-20 | 2020-12-04 | 深信服科技股份有限公司 | Vulnerability processing method and device, electronic equipment and storage medium |
| CN112528294A (en) * | 2020-12-21 | 2021-03-19 | 网神信息技术(北京)股份有限公司 | Vulnerability matching method and device, computer equipment and readable storage medium |
| CN113642004A (en) * | 2021-08-11 | 2021-11-12 | 杭州安恒信息技术股份有限公司 | Container mirror image security scanning and repairing method, device and equipment |
| CN113709174A (en) * | 2021-09-03 | 2021-11-26 | 国网山东省电力公司电力科学研究院 | Network vulnerability heat reappearance and repair method for power monitoring system |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115314276A (en) * | 2022-08-03 | 2022-11-08 | 厦门国际银行股份有限公司 | Security check management system, method and terminal equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20210352099A1 (en) | System for automatically discovering, enriching and remediating entities interacting in a computer network | |
| US10489283B2 (en) | Software defect reporting | |
| Fonseca et al. | Testing and comparing web vulnerability scanning tools for SQL injection and XSS attacks | |
| US9160762B2 (en) | Verifying application security vulnerabilities | |
| US8499353B2 (en) | Assessment and analysis of software security flaws | |
| US7636919B2 (en) | User-centric policy creation and enforcement to manage visually notified state changes of disparate applications | |
| TWI559166B (en) | Threat level assessment of applications | |
| US8613080B2 (en) | Assessment and analysis of software security flaws in virtual machines | |
| US9202183B2 (en) | Auditing system and method | |
| CN110225029B (en) | Injection attack detection method, device, server and storage medium | |
| US11748487B2 (en) | Detecting a potential security leak by a microservice | |
| US11550923B2 (en) | Systems and/or methods for static-dynamic security testing using a test configurator to identify vulnerabilities and automatically repair defects | |
| Del Grosso et al. | Improving network applications security: a new heuristic to generate stress testing data | |
| US20150213272A1 (en) | Conjoint vulnerability identifiers | |
| CN113868659B (en) | Vulnerability detection method and system | |
| Duarte et al. | An empirical study of docker vulnerabilities and of static code analysis applicability | |
| Homaei et al. | Athena: A framework to automatically generate security test oracle via extracting policies from source code and intended software behaviour | |
| EP4044057B1 (en) | Method and system for identifying security vulnerabilities | |
| CN114329486A (en) | Asset vulnerability management method and device, electronic equipment and storage medium | |
| US10089463B1 (en) | Managing security of source code | |
| Cruz et al. | Open Source Solutions for Vulnerability Assessment: A Comparative Analysis | |
| Ashfaq | DEVELOPMENT OF A SECURITY TESTING PROCESS FOR YOCTO LINUX-BASED DISTRIBUTIONS | |
| Kaur et al. | Modeling a SQL injection attack | |
| CN111427767A (en) | Attack testing method and device for application system, computer equipment and storage medium | |
| JP2005025523A (en) | Information security management supporting system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |