CN114969751A - Automated vulnerability verification method and related equipment - Google Patents

Automated vulnerability verification method and related equipment Download PDF

Info

Publication number
CN114969751A
CN114969751A CN202210325830.6A CN202210325830A CN114969751A CN 114969751 A CN114969751 A CN 114969751A CN 202210325830 A CN202210325830 A CN 202210325830A CN 114969751 A CN114969751 A CN 114969751A
Authority
CN
China
Prior art keywords
information
vulnerability
application system
verification
verified
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210325830.6A
Other languages
Chinese (zh)
Inventor
赵佳萌
郭永冲
路向宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Life Insurance Co ltd
Original Assignee
China Life Insurance Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Life Insurance Co ltd filed Critical China Life Insurance Co ltd
Priority to CN202210325830.6A priority Critical patent/CN114969751A/en
Publication of CN114969751A publication Critical patent/CN114969751A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The application provides an automatic vulnerability verification method and related equipment, which are applied to an automatic vulnerability verification system. The method comprises the following steps: detecting the application system to obtain the standing book information of the open source component, and obtaining an information list to be verified according to the standing book information; and verifying based on the information list to be verified and the mirror image system of the application system to obtain the vulnerability verification result information of the application system, and updating the ledger information according to the vulnerability verification result information. And subsequent further verification is carried out, whether the version of the vulnerability component used by the application system is influenced by the vulnerability can be accurately judged, the verification efficiency is improved by carrying out directional verification on the application system which is possibly influenced by the vulnerability in the existing account information, and the account information is updated according to the vulnerability verification result information, so that the accuracy of the security asset information of the application system is further ensured.

Description

Automated vulnerability verification method and related equipment
Technical Field
The application relates to the technical field of network security, in particular to an automatic vulnerability verification method and related equipment.
Background
For information security vulnerabilities, the existing open source component detection tool can determine whether an application system uses a vulnerability component version based on a source code detection mode, and if the application system uses a distributed service framework Dubbo 2.6.8 version, the component version is considered as a vulnerability component if the version is within an vulnerability influence range, but no subsequent verification process is performed, for example, although the distributed service framework Dubbo 2.6.8 is within the vulnerability influence range, an application system which does not use a Hessian protocol for the component is not affected by the vulnerability.
Based on the above situation, the prior art cannot judge whether a bug exists, and if the application system uses a bug component according to the component bug library, the judgment is inaccurate, and further verification tests are lacked.
Disclosure of Invention
In view of the above, an objective of the present application is to provide an automated vulnerability verification method and related apparatus, so as to solve the above technical problems.
Based on the above purpose, a first aspect of the present application provides an automated vulnerability verification method, which is applied to an automated vulnerability verification system, where the automated vulnerability verification system includes an application system and a mirror system of the application system;
the method comprises the following steps:
detecting the application system to obtain standing book information, and obtaining an information list to be verified according to the standing book information;
and verifying based on the information list to be verified and a mirror image system of the application system to obtain vulnerability verification result information of the application system, and updating the account information according to the vulnerability verification result information.
A second aspect of the present application provides an automated vulnerability verification system, which includes an application system and a mirror system of the application system;
the vulnerability detection module is configured to detect the application system to obtain standing book information and obtain an information list to be verified according to the standing book information;
and the vulnerability verification module is configured to verify based on the information list to be verified and the mirror image system of the application system to obtain vulnerability verification result information of the application system, and update the account book information according to the vulnerability verification result information.
A third aspect of the application provides an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method of the first aspect when executing the program.
A fourth aspect of the present application provides a non-transitory computer-readable storage medium storing computer instructions for causing a computer to perform the method of the first aspect.
From the above, according to the automatic vulnerability verification method and the related device provided by the application, the application system is detected to obtain the account information, the list of information to be verified is obtained according to the account information, the system range possibly affected by the vulnerability is preliminarily screened out, then the mirror image system based on the list of information to be verified and the application system is used for verification to obtain the vulnerability verification result information of the application system, and subsequent further verification is performed, so that whether the vulnerability component version used by the application system is affected by the vulnerability can be accurately judged, the verification efficiency is improved by performing directional verification on the application system possibly affected by the vulnerability in the existing account information, and the account information is updated according to the vulnerability verification result information, so that the accuracy of the security asset information of the application system is further ensured.
Drawings
In order to more clearly illustrate the technical solutions in the present application or the related art, the drawings needed to be used in the description of the embodiments or the related art will be briefly introduced below, and it is obvious that the drawings in the following description are only embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a flowchart of an automated vulnerability verification method according to an embodiment of the present application;
FIG. 2 is a schematic diagram of information of a vulnerability library according to an embodiment of the present application;
FIG. 3 is a schematic diagram of an automated vulnerability verification system according to an embodiment of the present application;
fig. 4 is a schematic diagram of an automated vulnerability verification method according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of an automated vulnerability verification system according to an embodiment of the present application;
fig. 6 is a schematic diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is further described in detail below with reference to the accompanying drawings in combination with specific embodiments.
It should be noted that technical terms or scientific terms used in the embodiments of the present application should have a general meaning as understood by those having ordinary skill in the art to which the present application belongs, unless otherwise defined. The use of "first," "second," and similar terms in the embodiments of the present application do not denote any order, quantity, or importance, but rather the terms are used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that the element or item listed before the word covers the element or item listed after the word and its equivalents, but does not exclude other elements or items. The terms "connected" or "coupled" and the like are not restricted to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", and the like are used merely to indicate relative positional relationships, and when the absolute position of the object being described is changed, the relative positional relationships may also be changed accordingly.
In the related art, an open-source component vulnerability detection tool is generally adopted to perform detection in a source code-based manner, for example, open-source component detection is initiated for a code warehouse of an application system, and the source code detection of the application system is compared with a vulnerability library maintained by the application system to obtain whether a component used by the application system is in a vulnerability influence range, when the component version used by the application system is in the vulnerability influence range, the component version is considered as a vulnerability component, and if the component version is in the vulnerability influence range, the vulnerability is not influenced, and a subsequent verification process is not performed, so that the detection judgment is inaccurate.
The embodiment of the application provides an automatic vulnerability verification method, which comprises the steps of comparing and detecting source codes of a code warehouse in an application system and vulnerability library information preset by an automatic vulnerability verification system to obtain account information, screening and integrating the account information of component grade information corresponding to super-risk information and high-risk information according to component grade information to obtain an information list to be verified, preliminarily screening out a system range possibly influenced by vulnerabilities, constructing verification script information based on the information list to be verified, verifying through the verification script information based on a mirror image system of the application system to obtain vulnerability verification result information of the application system, realizing subsequent further verification, improving verification efficiency through oriented verification of the application system possibly influenced by vulnerabilities in the existing account information, accurately judging whether a vulnerability component version used by the application system is influenced by vulnerabilities, and updating the ledger information according to the vulnerability verification result information, thereby further ensuring the accuracy of the security asset information of the application system.
As shown in fig. 1, the method of the present embodiment is applied to an automated vulnerability verification system, where the automated vulnerability verification system includes an application system and a mirror system of the application system;
the method comprises the following steps:
step 101, detecting the application system to obtain standing book information, and obtaining an information list to be verified according to the standing book information.
In the step, the application system is detected through the open source component detection tool to obtain the account information, an information list to be verified is obtained according to the account information, and a system range possibly affected by the vulnerability is preliminarily screened out.
For example, the application system includes a system a and a system B, the system a uses the component a1.1.1, the component B1.1.1, the component log4j2.14.0, and the component d1.1.1, and the system B uses the component a2.2.2, the component B2.2.2, the component c2.2, and the component d2.2.2, and the generated ledger information is as shown in table 1:
TABLE 1 standing book information
Figure BDA0003571608540000041
102, verifying based on the information list to be verified and the mirror image system of the application system to obtain vulnerability verification result information of the application system, and updating the ledger information according to the vulnerability verification result information.
In the step, the information list to be verified is a list using component versions within the vulnerability influence range, determining the application system to be verified through the information list to be verified, starting the mirror image systems of the application system to be verified one by one to generate a verification environment, the vulnerability verification rule module verifies the application system to be verified to obtain vulnerability verification result information of the application system, wherein the vulnerability verification result information is a conclusion whether the application system to be verified is affected by the vulnerability, whether the vulnerability component version used by the application system is affected by the vulnerability can be accurately judged, and updates the ledger information according to the vulnerability verification result information, further ensuring the accuracy of the safety asset information of the application system, and in addition, the verification efficiency is improved by carrying out oriented verification on the application systems possibly affected by the loopholes in the existing ledger information.
By the scheme, the application system is detected by the open source component detection tool to obtain the standing book information, the list of information to be verified is obtained according to the standing book information, the range of the system which is possibly influenced by the loophole is preliminarily screened out, the information is verified based on the list of information to be verified and the mirror image system of the application system to obtain the loophole verification result information of the application system, the application system to be verified is determined by the list of information to be verified, the mirror image system of the application system to be verified is started one by one to generate a verification environment, the application system to be verified is verified by the loophole verification rule module to obtain the loophole verification result information of the application system, the loophole verification result information is a conclusion that whether the application system to be verified is influenced by the loophole or not, whether the version of the loophole component used by the application system is influenced by the loophole or not can be accurately judged, and the standing book information is updated according to the loophole verification result information, the accuracy of the safety asset information of the application system is further ensured, and in addition, the verification efficiency is improved by carrying out oriented verification on the application system possibly affected by the vulnerability in the existing standing book information.
In some embodiments, the application system includes a code repository;
in step 101, detecting the application system to obtain ledger information, including:
and comparing and detecting the source code of the code warehouse in the application system with the information of the vulnerability library preset by the automatic vulnerability verification system to obtain the ledger information.
In the above scheme, the open-source component vulnerability detection tool performs open-source component detection in a source code detection manner, for example, open-source component detection is initiated for a code repository of an application system, references of current open-source components are all introduced into a Project in a unified place of the application system in a standardized manner, such as a maven Project of a current main stream, references of the open-source components are referenced in a form of a pom file (Project Object Model), and the leak library information is compared with leak library information maintained by the open-source component detection tool through source code detection, where the leak library information is shown in fig. 2, so as to obtain whether a component version referenced in the application system has a vulnerability, and obtain platform account information.
In some embodiments, the ledger information includes at least one of:
the system comprises component name information, component version information, component level information, code bin information, product identification information, recommended use version information and vulnerability distribution information.
In the above scheme, the application system possibly affected by the vulnerability can be clearly determined through the component name information, the component version information, the component level information, the code bin information, the product identification information, the recommended use version information and the vulnerability distribution information in the standing book information, so that the range of the application system possibly affected by the vulnerability can be screened through the standing book information.
In some embodiments, the component level information includes danger information and non-hole leakage information, wherein the danger information includes ultra-danger information, high-danger information, medium-danger information, and low-danger information;
in step 101, obtaining an information list to be verified according to the ledger information includes:
and screening and integrating the ledger information belonging to the component grade information corresponding to the super-risk information, the high-risk information, the medium-risk information and the low-risk information according to the component grade information to obtain the information list to be verified.
In the above scheme, the list of information to be verified is shown in table 2, the ledger information belonging to the component level information corresponding to the ultra-dangerous information and the high-dangerous information is screened and integrated according to the component level information to obtain the list of information to be verified, and the verification efficiency is improved by judging the orientation of the application system possibly affected by the vulnerability through the existing ledger information.
TABLE 2 list of information to be verified
Figure BDA0003571608540000061
In some embodiments, in step 102, the verifying based on the to-be-verified information list and the mirror image system of the application system to obtain vulnerability verification result information of the application system includes:
step A1, constructing verification script information based on the information list to be verified.
Step A2, verifying through the verification script information based on the mirror image system of the application system to obtain the vulnerability verification result information of the application system.
In the scheme, an executable verification script information is constructed according to a verification information list and uploaded to a vulnerability verification rule module of an automatic vulnerability verification system, images of all application systems in the automatic vulnerability verification system are stored, the starting of the image systems of the application systems in the verification information list is completed one by one, a verification environment is generated, and a conclusion (namely vulnerability verification result information) whether the application systems are affected by the vulnerability is finally formed through the execution of the constructed verification script in the vulnerability verification rule module.
In some embodiments, the vulnerability verification result information includes vulnerability affected and vulnerability unaffected;
in step 102, the updating the ledger information according to the vulnerability verification result information includes:
and in response to determining that the vulnerability verification result information is not affected by the vulnerability, adjusting the vulnerability distribution information in the standing book information to be not affected by the vulnerability.
In the above scheme, for example, after the application system a, the application system D, and the application system E pass the verification, only the vulnerability verification result information of the application system a is affected by the vulnerability, then the application system D and the application system E can adjust the vulnerability distribution list to be unaffected by the vulnerability, and no correction is required in the vulnerability correction process, thereby further ensuring the accuracy of the security asset information of the application system.
In some embodiments, the list of information to be verified includes vulnerability distribution information;
step a1, comprising:
acquiring vulnerability characteristic information according to the vulnerability distribution information of the information list to be verified;
and constructing the verification script information based on all vulnerability characteristic information.
In the scheme, all vulnerability characteristic information about the vulnerability distribution information is obtained according to the vulnerability distribution information in the information list to be verified, all vulnerability characteristic information is constructed into executable verification script information, and the executable verification script information is uploaded to a vulnerability verification rule module of the automatic vulnerability verification system.
In some embodiments, for example, as shown in fig. 3, the automated vulnerability verification system includes an application system including a project management system, an asset management system, a role setting system, an authority management system, a data report system, and a test management system, and a detection engine is performed through the open source component, as shown in fig. 4, a detection person initiates an open source detection instruction to the detection engine, and detects the application system through the open source component to obtain an open source component ledger (i.e., ledger information).
And judging through the open source component account, judging whether the open source component account contains the components within the vulnerability influence component range version, if not, ending the automatic vulnerability verification task, and if so, indicating that the components within the vulnerability influence component range version exist.
And screening and integrating the open source component accounts belonging to the component level information corresponding to the super-risk information and the high-risk information according to the component level information in the open source component accounts to obtain an information list to be verified.
And calling mirror image systems of all application systems stored in the automatic vulnerability verification system from an information system mirror image warehouse, starting the mirror image system corresponding to the system to be verified according to the application systems in the list to be verified, using the mirror image system as a verification environment, and executing the verification environment.
And acquiring all vulnerability characteristic information related to the vulnerability distribution information according to the vulnerability distribution information in the information list to be verified, constructing all vulnerability characteristic information into executable verification script information, and uploading the executable verification script information to a vulnerability verification rule module of the automatic vulnerability verification system.
And verifying the application systems in the to-be-verified list based on the vulnerability verification rule module and the verification environment to obtain information whether the application systems are affected by the vulnerabilities (namely vulnerability verification result information), if the judgment result is negative, indicating that the corresponding application systems are not affected by the vulnerabilities, supplementing the machine account information, namely updating the on-line component machine account, and adjusting the vulnerability distribution list to be unaffected by the vulnerabilities. And if so, ending the automatic vulnerability verification task.
It should be noted that the method of the embodiment of the present application may be executed by a single device, such as a computer or a server. The method of the embodiment can also be applied to a distributed scene and completed by the mutual cooperation of a plurality of devices. In such a distributed scenario, one of the multiple devices may only perform one or more steps of the method of the embodiment, and the multiple devices interact with each other to complete the method.
It should be noted that the foregoing describes some embodiments of the present application. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments described above and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
Based on the same inventive concept, corresponding to the method of any embodiment, the application also provides an automatic vulnerability verification system.
Referring to fig. 5, the automated vulnerability verification system includes an application system and a mirroring system of the application system;
a vulnerability detection module 501, configured to detect the application system to obtain standing book information, and obtain an information list to be verified according to the standing book information;
the vulnerability verification module 502 is configured to perform verification based on the to-be-verified information list and the mirror image system of the application system, obtain vulnerability verification result information of the application system, and update the standing book information according to the vulnerability verification result information.
In some embodiments, the application system includes a code repository;
the vulnerability detection module 501 is specifically configured to:
and comparing and detecting the source code of the code warehouse in the application system with the information of the vulnerability library preset by the automatic vulnerability verification system to obtain the ledger information.
In some embodiments, the ledger information includes at least one of:
the system comprises component name information, component version information, component level information, code bin information, product identification information, recommended use version information and vulnerability distribution information.
In some embodiments, the component level information includes danger information and non-hole leakage information, wherein the danger information includes ultra-danger information, high-danger information, medium-danger information, and low-danger information;
the vulnerability detection module 501 is specifically configured to:
and screening and integrating the ledger information belonging to the component level information corresponding to the ultra-risk information, the high-risk information, the medium-risk information and the low-risk information according to the component level information to obtain the information list to be verified.
In some embodiments, the vulnerability verification module 502 includes:
the verification script information construction unit is configured to construct verification script information based on the information list to be verified;
and the verification unit is configured to verify through the verification script information based on a mirror image system of the application system to obtain the vulnerability verification result information of the application system.
In some embodiments, the vulnerability verification result information includes vulnerability affected and vulnerability unaffected;
the vulnerability verification module 502 is specifically configured to:
and in response to determining that the vulnerability verification result information is not affected by the vulnerability, adjusting the vulnerability distribution information in the standing book information to be not affected by the vulnerability.
In some embodiments, the list of information to be verified includes vulnerability distribution information;
a verification script information construction unit, specifically configured to:
acquiring vulnerability characteristic information according to the vulnerability distribution information of the information list to be verified;
and constructing the verification script information based on all vulnerability characteristic information.
For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, the functionality of the various modules may be implemented in the same one or more software and/or hardware implementations as the present application.
The apparatus of the foregoing embodiment is used to implement the corresponding automatic vulnerability verification method in any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which are not described herein again.
Based on the same inventive concept, corresponding to the method of any embodiment described above, the present application further provides an electronic device, which includes a memory, a processor, and a computer program stored on the memory and capable of running on the processor, and when the processor executes the program, the automated vulnerability verification method described in any embodiment above is implemented.
Fig. 6 is a schematic diagram illustrating a more specific hardware structure of an electronic device according to this embodiment, where the electronic device may include: a processor 601, a memory 602, an input/output interface 603, a communication interface 604, and a bus 605. Wherein the processor 601, the memory 602, the input/output interface 603 and the communication interface 604 are communicatively connected to each other within the device via a bus 605.
The processor 601 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits, and is configured to execute related programs to implement the technical solutions provided in the embodiments of the present specification.
The Memory 602 may be implemented in the form of a ROM (Read Only Memory), a RAM (random access Memory), a static storage device, a dynamic storage device, or the like. The memory 602 may store an operating system and other application programs, and when the technical solution provided by the embodiments of the present specification is implemented by software or firmware, the relevant program codes are stored in the memory 602 and called by the processor 601 for execution.
The input/output interface 603 is used for connecting an input/output module to realize information input and output. The i/o module may be configured as a component in a device (not shown) or may be external to the device to provide a corresponding function. The input devices may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and the output devices may include a display, a speaker, a vibrator, an indicator light, etc.
The communication interface 604 is used for connecting a communication module (not shown in the figure) to realize communication interaction between the device and other devices. The communication module can realize communication in a wired mode (such as USB, network cable and the like) and also can realize communication in a wireless mode (such as mobile network, WIFI, Bluetooth and the like).
Bus 605 includes a path that transfers information between the various components of the device, such as processor 601, memory 602, input/output interface 603, and communication interface 604.
It should be noted that although the above-mentioned device only shows the processor 601, the memory 602, the input/output interface 603, the communication interface 604 and the bus 605, in a specific implementation, the device may also include other components necessary for normal operation. In addition, those skilled in the art will appreciate that the above-described apparatus may also include only those components necessary to implement the embodiments of the present description, and not necessarily all of the components shown in the figures.
The electronic device of the above embodiment is used to implement the corresponding automatic vulnerability verification method in any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which are not described herein again.
Based on the same inventive concept, corresponding to any of the above-mentioned embodiment methods, the present application further provides a non-transitory computer-readable storage medium storing computer instructions for causing the computer to execute the automated vulnerability verification method according to any of the above-mentioned embodiments.
Computer-readable media of the present embodiments, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device.
The computer instructions stored in the storage medium of the above embodiment are used to enable the computer to execute the automated vulnerability verification method according to any of the above embodiments, and have the beneficial effects of the corresponding method embodiment, which are not described herein again.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, is limited to these examples; within the context of the present application, technical features in the above embodiments or in different embodiments may also be combined, steps may be implemented in any order, and there are many other variations of the different aspects of the embodiments of the present application described above, which are not provided in detail for the sake of brevity.
In addition, well-known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown in the provided figures for simplicity of illustration and discussion, and so as not to obscure the embodiments of the application. Furthermore, devices may be shown in block diagram form in order to avoid obscuring embodiments of the application, and this also takes into account the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform within which the embodiments of the application are to be implemented (i.e., specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the application, it should be apparent to one skilled in the art that the embodiments of the application can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative instead of restrictive.
While the present application has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of these embodiments will be apparent to those of ordinary skill in the art in light of the foregoing description. For example, other memory architectures (e.g., dynamic ram (dram)) may use the discussed embodiments.
The present embodiments are intended to embrace all such alternatives, modifications and variances which fall within the broad scope of the appended claims. Therefore, any omissions, modifications, substitutions, improvements, and the like that may be made without departing from the spirit and principles of the embodiments of the present application are intended to be included within the scope of the present application.

Claims (10)

1. An automatic vulnerability verification method is characterized by being applied to an automatic vulnerability verification system, wherein the automatic vulnerability verification system comprises an application system and a mirror image system of the application system;
the method comprises the following steps:
detecting the application system to obtain standing book information, and obtaining an information list to be verified according to the standing book information;
and verifying based on the information list to be verified and a mirror image system of the application system to obtain vulnerability verification result information of the application system, and updating the account information according to the vulnerability verification result information.
2. The method of claim 1, wherein the application system comprises a code repository;
the detecting the application system to obtain the ledger information includes:
and comparing and detecting the source code of the code warehouse in the application system with the information of the vulnerability library preset by the automatic vulnerability verification system to obtain the ledger information.
3. The method of claim 1, wherein the ledger information comprises at least one of:
the system comprises component name information, component version information, component level information, code bin information, product identification information, recommended use version information and vulnerability distribution information.
4. The method of claim 3, wherein the component level information comprises danger information and no-hole information, wherein the danger information comprises ultra-danger information, high-danger information, medium-danger information, and low-danger information;
the obtaining of the information list to be verified according to the standing book information includes:
and screening and integrating the ledger information belonging to the component level information corresponding to the ultra-risk information, the high-risk information, the medium-risk information and the low-risk information according to the component level information to obtain the information list to be verified.
5. The method according to claim 1, wherein the verifying based on the to-be-verified information list and a mirror image system of the application system to obtain vulnerability verification result information of the application system comprises:
constructing verification script information based on the information list to be verified;
and verifying the mirror image system based on the application system through the verification script information to obtain the vulnerability verification result information of the application system.
6. The method of claim 3, wherein the vulnerability verification result information includes vulnerability-affected and vulnerability-unaffected;
the updating the standing book information according to the vulnerability verification result information comprises:
and in response to determining that the vulnerability verification result information is not affected by the vulnerability, adjusting the vulnerability distribution information in the standing book information to be not affected by the vulnerability.
7. The method according to claim 5, wherein the list of information to be verified includes vulnerability profile information;
the establishing of the verification script information based on the to-be-verified information list comprises the following steps:
acquiring vulnerability characteristic information according to the vulnerability distribution information of the information list to be verified;
and constructing the verification script information based on all vulnerability characteristic information.
8. An automatic vulnerability verification system is characterized by comprising an application system and a mirror image system of the application system;
the vulnerability detection module is configured to detect the application system to obtain standing book information and obtain an information list to be verified according to the standing book information;
and the vulnerability verification module is configured to verify based on the information list to be verified and the mirror image system of the application system to obtain vulnerability verification result information of the application system, and update the account book information according to the vulnerability verification result information.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method according to any of claims 1 to 7 when executing the program.
10. A non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the method of any one of claims 1 to 7.
CN202210325830.6A 2022-03-29 2022-03-29 Automated vulnerability verification method and related equipment Pending CN114969751A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210325830.6A CN114969751A (en) 2022-03-29 2022-03-29 Automated vulnerability verification method and related equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210325830.6A CN114969751A (en) 2022-03-29 2022-03-29 Automated vulnerability verification method and related equipment

Publications (1)

Publication Number Publication Date
CN114969751A true CN114969751A (en) 2022-08-30

Family

ID=82975892

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210325830.6A Pending CN114969751A (en) 2022-03-29 2022-03-29 Automated vulnerability verification method and related equipment

Country Status (1)

Country Link
CN (1) CN114969751A (en)

Similar Documents

Publication Publication Date Title
CN112257054B (en) Software application unauthorized risk detection method, electronic equipment and storage medium
CN110032505B (en) Software quality determination apparatus and method, and non-transitory computer readable medium
CN112069068A (en) Automatic test data processing method, device, equipment and readable storage medium
CN112486946A (en) Version confirmation method, version confirmation system, electronic equipment and storage medium
CN108920159B (en) Security upgrading method and device and electronic equipment
CN110750272A (en) Data burning method for camera equipment, burning equipment and storage medium
CN113850603A (en) Method and device for determining reason of payment failure
CN111459802A (en) Method, device and equipment for testing WebView page of Android application program based on GUI
CN115618363B (en) Vulnerability path mining method and related equipment
CN111444093A (en) Method and device for determining quality of project development process and computer equipment
CN111612158A (en) Model deployment method, device, equipment and storage medium
CN114969751A (en) Automated vulnerability verification method and related equipment
CN107992749A (en) A kind of method and device for detecting patch packet conflict
CN115878491A (en) Interface abnormity detection method and device, electronic equipment, storage medium and chip
CN114422175A (en) Network security supervision and inspection behavior auditing method and device
KR102002545B1 (en) Code test automatic proceeding method through virtualixation and appratus for the same
CN106846401B (en) Detection method and equipment of double-camera module
CN109815129A (en) Test method, device, terminal and the storage medium of securities finance application software
CN113032006B (en) Plug-in construction method, device, equipment and storage medium
CN114969759B (en) Asset security assessment method, device, terminal and medium of industrial robot system
CN110264211B (en) Wind control method, system, device and equipment
CN114039740B (en) Network measurement method and system
CN110489341B (en) Test method and device, storage medium and electronic equipment
CN111542175B (en) Component packaging comparison method and related device
CN117332421A (en) Firmware security detection and verification method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination