CN115017518A - Vulnerability correction information detection method and device - Google Patents
Vulnerability correction information detection method and device Download PDFInfo
- Publication number
- CN115017518A CN115017518A CN202210702297.0A CN202210702297A CN115017518A CN 115017518 A CN115017518 A CN 115017518A CN 202210702297 A CN202210702297 A CN 202210702297A CN 115017518 A CN115017518 A CN 115017518A
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- scanning
- comparison
- result
- bug
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012937 correction Methods 0.000 title claims abstract description 56
- 238000001514 detection method Methods 0.000 title claims abstract description 28
- 238000000034 method Methods 0.000 claims abstract description 60
- 238000012216 screening Methods 0.000 claims abstract description 15
- 238000012545 processing Methods 0.000 claims description 53
- 230000008569 process Effects 0.000 claims description 15
- 238000004590 computer program Methods 0.000 claims description 14
- 238000004458 analytical method Methods 0.000 claims description 7
- 238000006243 chemical reaction Methods 0.000 claims description 4
- 238000010234 longitudinal analysis Methods 0.000 abstract description 6
- 238000013473 artificial intelligence Methods 0.000 abstract description 4
- 238000010586 diagram Methods 0.000 description 17
- 230000006870 function Effects 0.000 description 11
- 238000004891 communication Methods 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000010835 comparative analysis Methods 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The embodiment of the invention provides a method and a device for detecting vulnerability correction information, which can be used in the technical field of artificial intelligence, wherein the method comprises the following steps: screening out a comparison vulnerability scanning map from a map database according to set comparison conditions; the vulnerability scanning image is compared and analyzed with the generated current vulnerability scanning result image to obtain a vulnerability rectification result, a longitudinal analysis function is provided, vulnerability rectification information can be automatically compared, labor cost is reduced, and accuracy and detection efficiency of the detected rectification result are improved.
Description
Technical Field
The invention relates to the technical field of computers, in particular to the technical field of artificial intelligence, and particularly relates to a vulnerability correction information detection method and device.
Background
At present, enterprises generally buy a mature vulnerability scanning system, develop vulnerability scanning work of a server periodically or according to needs, and issue scanning reports, but the current scanning reports are reports issued independently according to each scanning. The user can obtain the vulnerability information by checking the scanning report, but if the problem of correcting the vulnerability needs to be verified, the vulnerability information needs to be manually compared with other scanning reports, the labor cost is high, the accuracy of the detected correcting result cannot be guaranteed, and the detection efficiency is low.
Disclosure of Invention
The invention aims to provide a method for detecting the bug rectification information, which has a longitudinal analysis function, can automatically compare the bug rectification information, reduces the labor cost and improves the accuracy and the detection efficiency of the detected rectification result. Another object of the present invention is to provide a vulnerability correction information detection apparatus. It is yet another object of the present invention to provide a computer readable medium. It is a further object of the present invention to provide a computer apparatus.
In order to achieve the above object, the present invention discloses a method for detecting vulnerability correction information, which includes:
screening out a comparison vulnerability scanning map from a map database according to set comparison conditions;
and comparing and analyzing the comparison vulnerability scanning image and the generated current vulnerability scanning result image to obtain a vulnerability rectification result.
Preferably, the comparison condition includes a network address and a scanning date;
according to the contrast condition who sets up, sieve out contrast leak scanogram from the picture database, include:
and screening out a corresponding comparison vulnerability scanning map from the map database according to the network address and the scanning date.
Preferably, before comparing and analyzing the comparison vulnerability scanning image and the generated current vulnerability scanning result image to obtain a vulnerability rectification result, the method further comprises the following steps:
sending a scanning instruction, a scanning parameter and a scanning task to a vulnerability scanning system, so that the vulnerability scanning system responds to the scanning instruction and performs vulnerability scanning on a scanning target in the scanning task according to the scanning parameter;
receiving a missing scanning result report sent by a vulnerability scanning system;
and according to a preset graph structure, carrying out format conversion on the missed scanning result report to obtain a current vulnerability scanning result graph.
Preferably, the method further comprises:
and if the missed scanning result report is an empty report, sending a termination instruction to the vulnerability scanning system, so that the vulnerability scanning system terminates vulnerability scanning on the scanning target.
Preferably, after sending a termination instruction to the vulnerability scanning system to cause the vulnerability scanning system to terminate vulnerability scanning on the scanning target, the method further includes:
and sending a deleting instruction to the vulnerability scanning system to enable the vulnerability scanning system to delete the scanning task.
Preferably, comparing the vulnerability scanning image comprises comparing vulnerability numbers, and the current vulnerability scanning result image comprises the current vulnerability numbers;
and comparing and analyzing the comparison vulnerability scanning image and the generated current vulnerability scanning result image to obtain a vulnerability rectification result, wherein the vulnerability rectification result comprises:
matching the current vulnerability number with the comparison vulnerability number;
determining the vulnerability corresponding to the vulnerability number successfully matched as an unmodified vulnerability;
determining the vulnerability corresponding to the vulnerability number which fails to be matched as a newly added vulnerability;
matching the comparison vulnerability number with the current vulnerability number;
determining the vulnerability corresponding to the vulnerability number which fails to be matched as the modified vulnerability;
and generating a vulnerability truing and modifying result according to the unmodified vulnerabilities, the newly-added vulnerabilities and the trued vulnerabilities.
Preferably, after comparing and analyzing the comparison vulnerability scanning map and the generated current vulnerability scanning result map to obtain a vulnerability correction result, the method further includes:
and visually displaying the vulnerability correction result.
Preferably, after comparing and analyzing the comparison vulnerability scanning map and the generated current vulnerability scanning result map to obtain a vulnerability correction result, the method further includes:
receiving vulnerability processing information input by a user, wherein the vulnerability processing information comprises processing nodes and processing opinions;
and transferring the vulnerability rectification result to a processing node so that the processing node can process the vulnerability according to the processing opinion.
The invention also discloses a loophole correction information detection device, which comprises:
the screening unit is used for screening out a comparison vulnerability scanning map from the map database according to the set comparison conditions;
and the comparison and analysis unit is used for comparing and analyzing the comparison vulnerability scanning image and the generated current vulnerability scanning result image to obtain a vulnerability rectification result.
The invention also discloses a computer-readable medium, on which a computer program is stored which, when executed by a processor, implements a method as described above.
The invention also discloses a computer device comprising a memory for storing information comprising program instructions and a processor for controlling the execution of the program instructions, the processor implementing the method as described above when executing the program.
According to the set comparison conditions, screening out a comparison vulnerability scanning map from a map database; the vulnerability scanning image is compared and analyzed with the generated current vulnerability scanning result image to obtain a vulnerability rectification result, a longitudinal analysis function is provided, vulnerability rectification information can be automatically compared, labor cost is reduced, and accuracy and detection efficiency of the detected rectification result are improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of a vulnerability correction information detection method according to an embodiment of the present invention;
fig. 2 is a flowchart of another vulnerability correction information detection method according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a current vulnerability scanning result graph according to an embodiment of the present invention;
FIG. 4 is a schematic structural diagram of a vulnerability scanning map in a map database according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a vulnerability rectification information detection apparatus according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a computer device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the method and the device for detecting the vulnerability correction information disclosed by the application can be used in the technical field of artificial intelligence and can also be used in any field except the technical field of artificial intelligence, and the application field of the method and the device for detecting the vulnerability correction information disclosed by the application is not limited.
In order to facilitate understanding of the technical solutions provided in the present application, the following first describes relevant contents of the technical solutions in the present application. Security vulnerabilities refer to vulnerabilities in hardware, software, or programs, and generally include four types: network vulnerabilities, system vulnerabilities, program vulnerabilities, and human vulnerabilities. Vulnerability scanning is the process of identifying vulnerabilities in system applications and devices. Vulnerability scanning systems are a collection of programs that automatically detect remote or local host security vulnerabilities. Common Vulnerabilities and explorations (CVE for short) give a Common name to widely recognized information security Vulnerabilities or Vulnerabilities that have been exposed. The CVE number determines a unique name for the vulnerability and exposure, and in vulnerability scanning system results, the vulnerability is usually identified in the form of the CVE number.
The invention provides a vulnerability correction information detection method, which can store vulnerabilities, an IP (Internet protocol) of a generation server and scanning task dates in a graph database through a graph database, is beneficial to the query advantage of graph data, is convenient for counting various vulnerabilities of one-time tasks, can quickly realize the comparison of results among different scanning tasks, and improves the efficiency. Meanwhile, aiming at the comparison result, vulnerability correction is initiated on line, and closed-loop management of vulnerabilities is achieved. The management efficiency of the loophole is improved, and the accuracy of the loophole rectification result is improved.
The following describes an implementation process of the vulnerability correction information detection method provided by the embodiment of the present invention, taking a vulnerability correction information detection apparatus as an execution subject. It can be understood that the executing subject of the method for detecting the vulnerability correction information provided by the embodiment of the present invention includes, but is not limited to, a vulnerability correction information detecting device.
Fig. 1 is a flowchart of a method for detecting vulnerability correction information according to an embodiment of the present invention, and as shown in fig. 1, the method includes:
And 102, comparing and analyzing the comparison vulnerability scanning image and the generated current vulnerability scanning result image to obtain a vulnerability correction result.
According to the technical scheme provided by the embodiment of the invention, a comparison vulnerability scanning map is screened out from a map database according to a set comparison condition; the vulnerability scanning image is compared and analyzed with the generated current vulnerability scanning result image to obtain a vulnerability rectification result, a longitudinal analysis function is provided, vulnerability rectification information can be automatically compared, labor cost is reduced, and accuracy and detection efficiency of the detected rectification result are improved.
Fig. 2 is a flowchart of another method for detecting bug correction information according to an embodiment of the present invention, as shown in fig. 2, the method includes:
In the embodiment of the invention, each step is executed by the vulnerability correction information detection device.
In the embodiment of the invention, the vulnerability scanning system is used for carrying out vulnerability scanning on the scanning target.
In the embodiment of the present invention, the scanning instruction is an instruction to start scanning, the scanning parameters include, but are not limited to, login information for logging in the vulnerability scanning system, and the scanning task includes, but is not limited to, at least one scanning target, where the scanning target may be a server, and the server that needs to be scanned may be indicated by a network address (IP) of the server.
In the embodiment of the invention, when the vulnerability scanning system finishes scanning, a missing scanning result report is returned, wherein the missing scanning result report comprises but is not limited to a server IP, a server IP attribute, a scanning task attribute, a vulnerability number (CVEID) and a vulnerability attribute, the CVEID is used for indicating a vulnerability, the server IP attribute comprises but is not limited to an application and a maintenance unit, the scanning task attribute comprises but is not limited to a scanning date, and the vulnerability attribute comprises but is not limited to vulnerability description and vulnerability risk level. The CVEID is capable of uniquely identifying a vulnerability.
In the embodiment of the present invention, the report of the missed scan result is in a report form, for example: excel or xml, etc.
Further, if the returned report of the missed scanning result is an empty report, which indicates that the scanning fails, a termination instruction is sent to the bug scanning system, so that the bug scanning system terminates the bug scanning on the scanning target.
Further, if the current scanning fails, a deleting instruction is sent to the vulnerability scanning system, so that the vulnerability scanning system deletes the scanning task.
And 203, converting the format of the report form of the missed scanning result according to a preset graph structure to obtain a current vulnerability scanning result graph.
In the embodiment of the invention, the graph structure is preset according to the actual situation, and the structure is the same as that in the graph database. Specifically, the server IP, the task number of the scanning task, and the CVEID are used as nodes, and the nodes are connected through arrows to indicate the association among the nodes. Further, the attribute information of the node may also be added to the corresponding node of the graph structure through an arrow.
For example: in the missing scan result report, the server IP corresponding to the task number 2022001 of the scan task of the decomposed graph object is 10.1.1.2, and the CVEID of the detected bug is CVE 1. Fig. 3 is a schematic structural diagram of a current vulnerability scanning result diagram provided in an embodiment of the present invention, where a server IP, a task number of a scanning task, and a CVEID are taken as nodes, and the server IP 10.1.1.2 is indicated to a task number 2022001 by an arrow, so as to indicate that a server with a server IP of 10.1.1.2 is scanned in a task number 2022001; task number 2022001 is indicated by an arrow to CVE1, indicating that task number 2022001 scans for vulnerabilities to CVE 1. Further, as shown in fig. 3, the server IP attribute includes the belonging application and maintenance unit, which is identified at the server IP by an arrow; vulnerability attributes include, but are not limited to, vulnerability description and vulnerability risk level, identified by arrows at CVE 1.
In the embodiment of the invention, the report form of the missing scanning result is converted into the current vulnerability scanning map, so that a basis can be provided for subsequent analysis, and a user can more clearly know the vulnerability related information scanned by the scanning task.
Further, vulnerability processing information input by a user is received, wherein the vulnerability processing information comprises processing nodes and processing opinions, and the vulnerability processing information is input by the user according to the vulnerability scanned at this time; and transferring the vulnerability processing information to a processing node so that the processing node can process the vulnerability according to the processing opinion. The user can output the correction method and the correction opinion of the vulnerability and the indicated handler responsible for processing the vulnerability, namely a processing node; after the circulation is transferred to the processing node, the disposers can process the loopholes according to the rectification method and the rectification opinions input by the users. After the processor finishes the bug correction, the bug scanning task can be launched again to obtain the bug scanning result scanned again, and the bug scanning result is compared with the bug scanning result before the processor finishes the bug correction to obtain the bug correction result.
Further, the current vulnerability scanning result graph is stored in a graph database, the current vulnerability scanning result graph is combined with a graph structure stored in a graph data value base, an updated vulnerability scanning graph structure is obtained, and the relationship display of which vulnerabilities appear in the scanning task of the server IP can be clearly established.
And 204, screening out a comparison vulnerability scanning map from the map database according to the set comparison conditions.
In the embodiment of the invention, the graph database is a data management system which takes a point and edge as a basic storage unit and takes high-efficiency storage and query graph data as a design principle. In graph databases, the relationships between data are equally important as the data itself, and they are stored as part of the data. The structure is that the graph database can quickly respond to complex association queries because the relationships among the entities are stored in the database in advance. The graph database can visually visualize the relationship, and is an efficient method for storing, inquiring and analyzing the highly interconnected data.
Fig. 4 is a schematic structural diagram of a vulnerability scanning graph in a graph database according to an embodiment of the present invention, where a server IP, a task number of a scanning task, and a CVEID are used as nodes, and the server IP 10.1.1.2 indicates task numbers 2022001, 2022002, and 2022003 respectively through arrows, so as to indicate that a server with a server IP of 10.1.1.2 is scanned in task numbers 2022001, 2022002, and 2022003; indicating task number 2022001 to CVE1 by an arrow, indicating that task number 2022001 scans for vulnerabilities of CVE 1; the task number 2022002 is indicated by arrows to CVE1 and CVE2, respectively, indicating the vulnerability of task number 2022002 scanning to CVE1 and CVE 2; indicating task number 2022003 by an arrow to CVE1, CVE3, and CVE4, respectively, indicating that task number 2022003 scans for vulnerabilities of CVE1, CVE3, and CVE 4; server IP 10.1.1.3 is indicated by an arrow to task number 2022002 to indicate that the server with server IP 10.1.1.3 was scanned in task number 2022002; the server IP 10.1.1.4 is indicated by an arrow to task number 2022003 to indicate that the server with server IP 10.1.1.4 was scanned in task number 2022003.
In the embodiment of the present invention, the comparison condition may be set according to an actual situation, which is not limited in the embodiment of the present invention. As an alternative, the comparison condition includes a network address (server IP) and a scan date.
Specifically, according to the IP of the server and the scanning date, a corresponding comparison vulnerability scanning map is screened from a map database. And selecting a comparison vulnerability scanning map of the scanning date before the scanning date of the current vulnerability scanning result map based on the same server IP as the current vulnerability scanning result map for subsequent comparison.
And 205, comparing and analyzing the comparison vulnerability scanning map and the generated current vulnerability scanning result map to obtain a vulnerability correction result.
In the embodiment of the invention, the comparison of the vulnerability scanning graphs comprises comparison of vulnerability numbers, and the current vulnerability scanning result graph comprises the current vulnerability numbers.
Specifically, based on the same server IP, the current vulnerability number is matched with the comparison vulnerability number by taking the CVEID as a comparison condition; and determining the vulnerability corresponding to the vulnerability number successfully matched as an unmodified vulnerability, namely: the vulnerability exists in both the current vulnerability scanning result graph and the comparison vulnerability scanning result graph; determining the vulnerability corresponding to the vulnerability number which fails to be matched as a newly added vulnerability, namely: the vulnerability exists in the current vulnerability scanning result graph but does not exist in the comparison vulnerability scanning result graph; matching the comparison vulnerability number with the current vulnerability number; determining the vulnerability corresponding to the vulnerability number which fails to be matched as the amended vulnerability, namely: the vulnerability exists in the comparison vulnerability scanning result graph, but does not exist in the current vulnerability scanning result graph. And generating a vulnerability truing and modifying result according to the unmodified vulnerabilities, the newly-added vulnerabilities and the trued vulnerabilities.
In the embodiment of the invention, all the servers IP in the graph database can be contrastively analyzed according to different scanning dates to obtain the corresponding vulnerability rectification condition, so that the vulnerability rectification condition can be verified and can also be used as a basis for vulnerability rectification.
And step 206, visually displaying the vulnerability rectification result.
In the embodiment of the invention, the vulnerability correction result is visually displayed, so that a user can more clearly know the correction condition of each vulnerability and provide a basis for subsequent correction.
Further, vulnerability processing information input by a user is received, wherein the vulnerability processing information comprises processing nodes and processing opinions, and the vulnerability processing information is input by the user according to the unmodified vulnerabilities and newly added vulnerabilities in a vulnerability modifying result; and transferring the vulnerability rectification result and the vulnerability processing information to a processing node so that the processing node can process the vulnerability according to the processing opinion. The user can output the correction method and the correction opinion of the vulnerability and the indicated handler responsible for processing the vulnerability, namely a processing node; after the circulation is transferred to the processing node, the disposers can process the loopholes according to the rectification method and the rectification opinions input by the users. After the processor finishes the bug correction, the bug scanning task can be launched again to obtain the bug scanning result scanned again, and the bug scanning result is compared with the bug scanning result before the processor finishes the bug correction to obtain the bug correction result.
According to the technical scheme of the vulnerability correction information detection method provided by the embodiment of the invention, a comparison vulnerability scanning map is screened from a map database according to set comparison conditions; the vulnerability scanning image is compared and analyzed with the generated current vulnerability scanning result image to obtain a vulnerability rectification result, a longitudinal analysis function is provided, vulnerability rectification information can be automatically compared, labor cost is reduced, and accuracy and detection efficiency of the detected rectification result are improved.
Fig. 5 is a schematic structural diagram of a vulnerability correction information detection apparatus according to an embodiment of the present invention, the apparatus is used for executing the vulnerability correction information detection method, and as shown in fig. 5, the apparatus includes: a screening unit 11 and a comparative analysis unit 12.
The screening unit 11 is configured to screen out a comparison leak scan from the graph database according to the set comparison condition.
The comparison and analysis unit 12 is configured to compare and analyze the comparison leak scan image and the generated current leak scan result image to obtain a leak correction result.
In the embodiment of the invention, the comparison condition comprises a network address and a scanning date; the screening unit 11 is specifically configured to screen out a corresponding comparison vulnerability scanning map from the map database according to the network address and the scanning date.
In the embodiment of the present invention, the apparatus further includes: a transmitting unit 13, a receiving unit 14 and a converting unit 15.
The sending unit 13 is configured to send a scanning instruction, a scanning parameter, and a scanning task to the vulnerability scanning system, so that the vulnerability scanning system performs vulnerability scanning on a scanning target in the scanning task according to the scanning parameter in response to the scanning instruction.
The receiving unit 14 is configured to receive a report of the missing scanning result sent by the bug scanning system.
The conversion unit 15 is configured to perform format conversion on the missing scanning result report according to a preset graph structure, so as to obtain a current vulnerability scanning result graph.
In this embodiment of the present invention, the sending unit 13 is further configured to send a termination instruction to the vulnerability scanning system if the report of the scanning result is an empty report, so that the vulnerability scanning system terminates vulnerability scanning on the scanning target.
In this embodiment of the present invention, the sending unit 13 is further configured to send a deletion instruction to the vulnerability scanning system, so that the vulnerability scanning system deletes the scanning task.
In the embodiment of the invention, the comparison of the vulnerability scanning images comprises comparison of vulnerability numbers, and the current vulnerability scanning result image comprises the current vulnerability numbers; the comparison analysis unit 12 is specifically configured to match the current vulnerability number with the comparison vulnerability number; determining the vulnerability corresponding to the vulnerability number successfully matched as an unmodified vulnerability; determining the vulnerability corresponding to the vulnerability number which fails to be matched as a newly added vulnerability; matching the comparison vulnerability number with the current vulnerability number; determining the vulnerability corresponding to the vulnerability number which fails to be matched as the modified vulnerability; and generating a vulnerability truing and modifying result according to the unmodified vulnerabilities, the newly-added vulnerabilities and the trued vulnerabilities.
In the embodiment of the present invention, the apparatus further includes: a unit 16 is shown.
The display unit 16 is used for visually displaying the bug rectification result.
In the embodiment of the present invention, the apparatus further includes: a circulation unit 17.
The receiving unit 14 is further configured to receive vulnerability processing information input by a user, where the vulnerability processing information includes processing nodes and processing opinions.
The circulation unit 17 is configured to circulate the bug rectification result to the processing node, so that the processing node processes the bug according to the processing opinion.
According to the scheme of the embodiment of the invention, a comparison vulnerability scanning map is screened out from a map database according to the set comparison conditions; the vulnerability scanning image is compared and analyzed with the generated current vulnerability scanning result image to obtain a vulnerability rectification result, a longitudinal analysis function is provided, vulnerability rectification information can be automatically compared, labor cost is reduced, and accuracy and detection efficiency of the detected rectification result are improved.
The systems, apparatuses, modules or units described in the above embodiments may be specifically implemented by a computer chip or an entity, or implemented by a product with certain functions. A typical implementation device is a computer device, which may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
The embodiment of the present invention provides a computer device, which includes a memory and a processor, where the memory is used to store information including program instructions, and the processor is used to control execution of the program instructions, and the program instructions are loaded and executed by the processor to implement the steps of the embodiment of the vulnerability correction information detection method, and for specific description, reference may be made to the embodiment of the vulnerability correction information detection method.
Referring now to FIG. 6, shown is a schematic diagram of a computer device 600 suitable for use in implementing embodiments of the present application.
As shown in fig. 6, the computer apparatus 600 includes a Central Processing Unit (CPU)601 which can perform various appropriate works and processes according to a program stored in a Read Only Memory (ROM)602 or a program loaded from a storage section 608 into a Random Access Memory (RAM) 603. In the RAM603, various programs and data necessary for the operation of the computer apparatus 600 are also stored. The CPU601, ROM602, and RAM603 are connected to each other via a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
The following components are connected to the I/O interface 605: an input portion 606 including a keyboard, a mouse, and the like; an output section 607 including a Cathode Ray Tube (CRT), a liquid crystal feedback (LCD), and the like, and a speaker and the like; a storage section 608 including a hard disk and the like; and a communication section 609 including a network interface card such as a LAN card, a modem, or the like. The communication section 609 performs communication processing via a network such as the internet. The driver 610 is also connected to the I/O interface 605 as needed. A removable medium 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 610 as necessary, so that a computer program read out therefrom is mounted as necessary on the storage section 608.
In particular, according to an embodiment of the present invention, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the invention include a computer program product comprising a computer program tangibly embodied on a machine-readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 609, and/or installed from the removable medium 611.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the various elements may be implemented in the same one or more pieces of software and/or hardware in the practice of the present application.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
According to the technical scheme, the data acquisition, storage, use, processing and the like meet relevant regulations of national laws and regulations.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
The application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (11)
1. A vulnerability correction information detection method is characterized by comprising the following steps:
screening out a comparison vulnerability scanning map from a map database according to set comparison conditions;
and comparing and analyzing the comparison vulnerability scanning image and the generated current vulnerability scanning result image to obtain a vulnerability correction result.
2. The method according to claim 1, wherein the comparison condition includes a network address and a scanning date;
according to the contrast condition who sets up, sieve out contrast leak scanogram from the picture database, include:
and screening out the corresponding comparison vulnerability scanning map from the map database according to the network address and the scanning date.
3. The method for detecting the bug correction information according to claim 1, wherein before the comparing and analyzing the comparison bug scan pattern and the generated current bug scan result pattern to obtain the bug correction result, the method further comprises:
sending a scanning instruction, a scanning parameter and a scanning task to a vulnerability scanning system, so that the vulnerability scanning system responds to the scanning instruction and performs vulnerability scanning on a scanning target in the scanning task according to the scanning parameter;
receiving a missing scanning result report sent by the vulnerability scanning system;
and according to a preset graph structure, carrying out format conversion on the missed scanning result report to obtain a current vulnerability scanning result graph.
4. The method of detecting the vulnerability correction information of claim 3, wherein the method further comprises:
if the missed scanning result report is an empty report, sending a termination instruction to the vulnerability scanning system, so that the vulnerability scanning system terminates vulnerability scanning on the scanning target.
5. The method according to claim 4, wherein after the sending a termination instruction to the vulnerability scanning system to cause the vulnerability scanning system to terminate vulnerability scanning on the scanning target, the method further comprises:
and sending a deleting instruction to the vulnerability scanning system to enable the vulnerability scanning system to delete the scanning task.
6. The method for detecting the vulnerability correction information according to claim 1, wherein the comparison vulnerability scanning map comprises comparison vulnerability numbers, and the current vulnerability scanning result map comprises current vulnerability numbers;
and comparing and analyzing the comparison vulnerability scanning image and the generated current vulnerability scanning result image to obtain a vulnerability rectification result, wherein the vulnerability rectification result comprises:
matching the current vulnerability number with the comparison vulnerability number;
determining the vulnerability corresponding to the vulnerability number successfully matched as an unmodified vulnerability;
determining the vulnerability corresponding to the vulnerability number which fails to be matched as a newly added vulnerability;
matching the comparison vulnerability number with the current vulnerability number;
determining the vulnerability corresponding to the vulnerability number which fails to be matched as the modified vulnerability;
and generating a vulnerability truing and modifying result according to the unfinished vulnerability, the newly added vulnerability and the trued vulnerability.
7. The method for detecting the bug correction information according to claim 1, wherein after the comparison and analysis of the comparison bug scanning map and the generated current bug scanning result map are performed to obtain a bug correction result, the method further comprises:
and visually displaying the vulnerability correction result.
8. The method for detecting the bug correction information according to claim 1, wherein after the comparison and analysis of the comparison bug scanning map and the generated current bug scanning result map are performed to obtain a bug correction result, the method further comprises:
receiving vulnerability processing information input by a user, wherein the vulnerability processing information comprises processing nodes and processing opinions;
and transferring the vulnerability correcting result to the processing node so that the processing node can process the vulnerability according to the processing opinion.
9. The utility model provides a leak rectification information detection device which characterized in that, the device includes:
the screening unit is used for screening out a comparison vulnerability scanning map from the map database according to the set comparison conditions;
and the comparison and analysis unit is used for comparing and analyzing the comparison vulnerability scanning image and the generated current vulnerability scanning result image to obtain a vulnerability correction result.
10. A computer-readable medium, on which a computer program is stored, which, when being executed by a processor, implements the vulnerability correction information detection method according to any one of claims 1 to 8.
11. A computer device comprising a memory for storing information comprising program instructions and a processor for controlling the execution of the program instructions, wherein the program instructions when loaded and executed by the processor implement the method of bug rectification information detection according to any of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210702297.0A CN115017518B (en) | 2022-06-21 | 2022-06-21 | Vulnerability correction information detection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210702297.0A CN115017518B (en) | 2022-06-21 | 2022-06-21 | Vulnerability correction information detection method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115017518A true CN115017518A (en) | 2022-09-06 |
| CN115017518B CN115017518B (en) | 2024-07-16 |
Family
ID=83076048
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210702297.0A Active CN115017518B (en) | 2022-06-21 | 2022-06-21 | Vulnerability correction information detection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115017518B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106982194A (en) * | 2016-01-19 | 2017-07-25 | 中国移动通信集团河北有限公司 | Vulnerability scanning method and device |
| CN111428248A (en) * | 2020-06-10 | 2020-07-17 | 浙江鹏信信息科技股份有限公司 | Vulnerability noise reduction identification method and system based on grade assignment |
| US20210226978A1 (en) * | 2017-09-11 | 2021-07-22 | Ping An Technology (Shenzhen) Co., Ltd. | Website vulnerability scan method, device, computer apparatus, and storage medium |
| CN113676460A (en) * | 2021-07-28 | 2021-11-19 | 清华大学 | Web application vulnerability integrated scanning method and system |
-
2022
- 2022-06-21 CN CN202210702297.0A patent/CN115017518B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106982194A (en) * | 2016-01-19 | 2017-07-25 | 中国移动通信集团河北有限公司 | Vulnerability scanning method and device |
| US20210226978A1 (en) * | 2017-09-11 | 2021-07-22 | Ping An Technology (Shenzhen) Co., Ltd. | Website vulnerability scan method, device, computer apparatus, and storage medium |
| CN111428248A (en) * | 2020-06-10 | 2020-07-17 | 浙江鹏信信息科技股份有限公司 | Vulnerability noise reduction identification method and system based on grade assignment |
| CN113676460A (en) * | 2021-07-28 | 2021-11-19 | 清华大学 | Web application vulnerability integrated scanning method and system |
Non-Patent Citations (2)
| Title |
|---|
| LIQIN SHI等: "Substation Immunity Improvement Strategy Based on Dynamic Credible Knowledge Graph", 《2023 INTERNATIONAL CONFERENCE ON ADVANCES IN ELECTRICAL ENGINEERING AND COMPUTER APPLICATIONS (AEECA)》, 19 August 2023 (2023-08-19), pages 445 - 449, XP034601213, DOI: 10.1109/AEECA59734.2023.00085 * |
| 李艳等: "基于攻击事件的动态网络风险评估框架", 《计算机工程与科学》, vol. 38, no. 09, 15 September 2016 (2016-09-15), pages 1803 - 1811 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115017518B (en) | 2024-07-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103313289B (en) | WAP system automation test macro and method | |
| CN107688626B (en) | Slow query log processing method and device and electronic equipment | |
| CN108563697B (en) | Data processing method, device and storage medium | |
| CN114116065B (en) | Method and device for acquiring topological graph data object and electronic equipment | |
| CN112667697A (en) | Method and device for acquiring real estate information by combining RPA and AI | |
| CN113051308A (en) | Alarm information processing method, equipment, storage medium and device | |
| CN112559538A (en) | Incidence relation generation method and device, computer equipment and storage medium | |
| US11782938B2 (en) | Data profiling and monitoring | |
| CN111813765B (en) | Method, device, electronic equipment and computer readable medium for processing abnormal data | |
| CN111625528A (en) | Configuration management database verification method and device and readable storage medium | |
| CN115017518B (en) | Vulnerability correction information detection method and device | |
| CN116719817A (en) | Digital object relationship tracing method and system for technological resources | |
| CN116431672A (en) | Predicate logic optimization method, storage medium and equipment of database operation statement | |
| CN115905151A (en) | Method, system and device for querying circulation information based on backup log | |
| CN113672497B (en) | Method, device and equipment for generating non-buried point event and storage medium | |
| US11921854B2 (en) | Malware detection quality control | |
| CN111353116B (en) | Content detection method, system and device, client device and storage medium | |
| CN109412861B (en) | Method for establishing security association display of terminal network | |
| CN113377683A (en) | Software test case generation method, system, device, terminal, medium and application | |
| KR20140054913A (en) | Apparatus and method for processing data error for distributed system | |
| CN113204541A (en) | Heterogeneous database data migration automatic correction method and device | |
| CN111159516B (en) | Media information processing method and device | |
| CN114416603B (en) | UI element testing method and device, storage medium and equipment | |
| US20240273179A1 (en) | Static analysis correlation scanners | |
| CN114091569A (en) | Information asset processing method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Country or region after: China Address after: 071700 unit 111, 1st floor, building C, enterprise office area, xiong'an citizen service center, Rongcheng County, xiong'an District, China (Hebei) pilot Free Trade Zone, Baoding City, Hebei Province Applicant after: ICBC Technology Co.,Ltd. Applicant after: INDUSTRIAL AND COMMERCIAL BANK OF CHINA Address before: 100029 Tianyuan Xiangtai building, No.5 Anding Road, Chaoyang District, Beijing Applicant before: ICBC Technology Co.,Ltd. Country or region before: China Applicant before: INDUSTRIAL AND COMMERCIAL BANK OF CHINA |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |