CN115033891A - Vulnerability assessment method and device, storage medium and electronic equipment - Google Patents
Vulnerability assessment method and device, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN115033891A CN115033891A CN202210841818.0A CN202210841818A CN115033891A CN 115033891 A CN115033891 A CN 115033891A CN 202210841818 A CN202210841818 A CN 202210841818A CN 115033891 A CN115033891 A CN 115033891A
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- product
- score value
- determining
- objects
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
Abstract
The invention discloses a vulnerability assessment method and device, a storage medium and electronic equipment, and relates to the field of information security, wherein the method comprises the following steps: determining a first score value of each vulnerability object based on the source and vulnerability grade of each vulnerability object in the vulnerability database; determining a second score value of the vulnerability object associated with the product object based on the registration state of the product object and the product type; determining a third score value of the vulnerability object based on the detection capability of the vulnerability detection product on the vulnerability object; and integrating the first score value, the second score value and the third score value of the vulnerability objects, and determining the sequencing results of all vulnerability objects, wherein the sequencing results are used for screening out the vulnerability set to be alarmed from the vulnerability database. The invention solves the technical problem that the target financial institution can not accurately acquire the vulnerability worth attention because the massive vulnerability objects are difficult to evaluate in the related technology.
Description
Technical Field
The invention relates to the field of information security, in particular to a vulnerability assessment method and device, a storage medium and electronic equipment.
Background
At present, a large number of security management manufacturers provide their security vulnerability databases for organizations (e.g., financial institutions) to use as security defense information sources, but because the vulnerability information data in the security vulnerability databases of the security management manufacturers are too huge, the organizations cannot obtain vulnerability information data worth paying attention to themselves from a large amount of vulnerability information data.
In the related art, a context-aware vulnerability priority model CAVP is provided to analyze vulnerability information, but the model has obvious disadvantages: the vulnerability priorities in the security vulnerability database can only be simply sorted, and massive vulnerability information data cannot be screened and evaluated according to the characteristics of the mechanism and the attention direction of the mechanism to vulnerability information, so that vulnerability data worth paying attention to the mechanism can be obtained.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
The embodiment of the invention provides a vulnerability assessment method and device, a storage medium and electronic equipment, and aims to at least solve the technical problem that a target financial institution cannot accurately acquire a vulnerability worth attention because a large number of vulnerability objects are difficult to assess in the related technology.
According to an aspect of the embodiments of the present invention, there is provided a vulnerability assessment method, including: determining a first score value of each vulnerability object based on the source and vulnerability grade of each vulnerability object in a vulnerability database, wherein the vulnerability database comprises a plurality of vulnerability objects, and an association relationship is established between each vulnerability object and a product object used by a financial institution in advance; determining a second score value of the vulnerability object associated with the product object based on the registration status of the product object and the product type; determining a third score value of the vulnerability object based on the detection capability of the vulnerability detection product on the vulnerability object, wherein the vulnerability detection product is pre-deployed on a product security detection platform of the financial institution; and integrating the first score value, the second score value and the third score value of the vulnerability objects, and determining a sequencing result of all the vulnerability objects, wherein the sequencing result is used for screening out a vulnerability set to be alarmed from the vulnerability database.
Optionally, the step of determining the ranking results of all the vulnerability objects by integrating the first score value, the second score value and the third score value of the vulnerability objects includes: synthesizing the first score value, the second score value and the third score value of the vulnerability object to determine a total score value of each vulnerability object in the vulnerability database; and sequencing score values based on the total score value of each vulnerability object, and determining the sequencing result of all vulnerability objects in a vulnerability database.
Optionally, after determining the ranking results of all the vulnerability objects in the vulnerability database, the method further includes: determining the attention level of each vulnerability object based on the total score value of the vulnerability object and a plurality of preset score areas; and integrating the attention levels of the vulnerability objects, and analyzing the distribution proportion of the attention levels.
Optionally, after integrating the attention levels of each vulnerability object and analyzing the distribution proportion of each attention level, the method includes: adopting a first type chart to display the object data of the vulnerability objects with the total score values larger than a preset score threshold value in the vulnerability database, wherein the first type chart at least comprises the following steps: vulnerability identification and vulnerability score values; and displaying the distribution information of each attention level by adopting a second type chart, wherein the second type chart at least comprises the following components: the distribution ratio and the attention level; and displaying the sequencing results of all the vulnerability objects in the vulnerability database by adopting a third type chart, wherein the third type chart at least comprises the following steps: vulnerability identification, vulnerability score value, number of institutions and number of applications.
Optionally, the step of determining a first score value of each vulnerability object based on a source and a vulnerability class of each vulnerability object in the vulnerability database includes: determining a vulnerability database to which the vulnerability object belongs based on the source of the vulnerability object; determining a first preset scoring rule based on the vulnerability grade, the vulnerability database to which the vulnerability object belongs and a first preset score set; and determining a first score value of the vulnerability object based on the first preset scoring rule.
Optionally, the step of determining a second score value of the vulnerability object associated with the product object based on the registration status of the product object and the product type includes: determining a second preset scoring rule based on the registration state of the product object in a target institution product system, the product type of the product object and a second preset score set, wherein the target institution product system is used for managing product data of all product objects used by the financial institution; determining a second score value of the vulnerability object associated with the product object based on the second preset scoring rule.
Optionally, the registration status comprises at least: registered with the target institution product system, unregistered with the target institution product system, registered with a branch of the financial institution, and unregistered with a general institution of the financial institution.
Optionally, after determining a second score value of the vulnerability object associated with the product object based on the second preset scoring rule, the method includes: and under the condition that the vulnerability object is not registered in the target organization product system, updating the target organization product system.
Optionally, the step of determining a third score value of the vulnerability object based on the detection capability of the vulnerability detection product on the vulnerability object includes: analyzing whether the vulnerability detection product has detection capability on the vulnerability object to obtain an analysis result; determining a third preset scoring rule based on the vulnerability detection product of the financial institution, the analysis result and a third preset score set; and determining a third score value of the vulnerability object based on the third preset scoring rule.
According to another aspect of the embodiments of the present invention, there is also provided a vulnerability assessment apparatus, including: the vulnerability analysis method comprises a first determination unit and a second determination unit, wherein the first determination unit is used for determining a first score value of each vulnerability object based on the source and the vulnerability grade of each vulnerability object in a vulnerability database, the vulnerability database comprises a plurality of vulnerability objects, and an association relationship is established between each vulnerability object and a product object used by a financial institution in advance; a second determination unit, configured to determine a second score value of the vulnerability object associated with the product object based on a registration status of the product object and a product type; a third determining unit, configured to determine a third score value of the vulnerability object based on a detection capability of a vulnerability detection product on the vulnerability object, where the vulnerability detection product is pre-deployed on a product security detection platform of the financial institution; and the fourth determining unit is used for integrating the first score value, the second score value and the third score value of the vulnerability objects and determining the sequencing result of all the vulnerability objects, wherein the sequencing result is used for screening out the vulnerability set to be alarmed from the vulnerability database.
Optionally, the fourth determining unit includes: a first determining subunit, configured to synthesize the first score value, the second score value, and the third score value of the vulnerability object, and determine a total score value of each vulnerability object in the vulnerability database; and the second determining subunit is used for sequencing the score values based on the total score value of each vulnerability object and determining the sequencing result of all vulnerability objects in the vulnerability database.
Optionally, the fourth determining unit further includes: the third determining subunit is used for determining the attention level of each vulnerability object based on the total score value of the vulnerability objects and a plurality of preset partition areas after determining the sequencing results of all vulnerability objects in the vulnerability database; and the first analysis subunit is used for integrating the attention levels of the vulnerability objects and analyzing the distribution proportion of the attention levels.
Optionally, the fourth determining unit further includes: the first display subunit is configured to, after integrating the attention levels of each vulnerability object and analyzing the distribution proportion of each attention level, display object data of the vulnerability objects in which a total score value is greater than a preset score threshold value in the vulnerability database by using a first type chart, where the first type chart at least includes: vulnerability identification and vulnerability score values; a second display subunit, configured to display, by using a second type chart, distribution information of each attention level, where the second type chart at least includes: the distribution ratio and the attention level; a third display subunit, configured to display, by using a third type chart, a result of ranking of all vulnerability objects in the vulnerability database, where the third type chart at least includes: vulnerability identification, vulnerability score value, number of institutions and number of applications.
Optionally, the first determination unit includes: the third determining subunit is used for determining a vulnerability database to which the vulnerability object belongs based on the source of the vulnerability object; the fourth determining subunit is used for determining a first preset scoring rule based on the vulnerability grade, the vulnerability database to which the vulnerability object belongs and a first preset score set; and the fifth determining subunit is configured to determine, based on the first preset scoring rule, a first scoring value of the vulnerability object.
Optionally, the second determination unit includes: a sixth determining subunit, configured to determine a second preset scoring rule based on a registration status of the product object in a target institution product system, a product type of the product object, and a second preset score set, where the target institution product system is configured to manage product data of all product objects used by the financial institution; a seventh determining subunit, configured to determine, based on the second preset scoring rule, a second scoring value of the vulnerability object associated with the product object.
Optionally, the registration status comprises at least: registered with the target institution product system, unregistered with the target institution product system, registered with a branch of the financial institution, and unregistered with a general institution of the financial institution.
Optionally, the second determining unit further includes: an updating subunit, configured to update the target organization product system when the vulnerability object is not registered in the target organization product system after determining a second score value of the vulnerability object associated with the product object based on the second preset scoring rule.
Optionally, the third determining unit includes: the second analysis subunit is used for analyzing whether the vulnerability detection product has the detection capability on the vulnerability object to obtain an analysis result; an eighth determining subunit, configured to determine a third preset scoring rule based on the vulnerability detection product of the financial institution, the analysis result, and a third preset score set; and the ninth determining subunit is configured to determine, based on the third preset scoring rule, a third scoring value of the vulnerability object.
In the invention, a first score value of each vulnerability object is determined based on the source and vulnerability grade of each vulnerability object in a vulnerability database, wherein, the vulnerability database comprises a plurality of vulnerability objects, the vulnerability objects and the product objects used by the financial institution are in pre-established association relationship, then determining a second score value of the vulnerability object associated with the product object based on the registration state of the product object and the product type, then determining a third score value of the vulnerability object based on the detection capability of the vulnerability detection product on the vulnerability object, the vulnerability detection product is deployed on a product security detection platform of a financial institution in advance, and finally, a first score value, a second score value and a third score value of the vulnerability objects are integrated to determine a sequencing result of all vulnerability objects, wherein the sequencing result is used for screening out a vulnerability set to be alarmed from a vulnerability database. According to the vulnerability detection method and device, a plurality of evaluation scores of the vulnerability objects are determined through the sources and vulnerability grades of the vulnerability objects, the product objects which have incidence relations with the vulnerability objects and the detection capacity of vulnerability detection products on the vulnerability objects, all vulnerability objects can be sequenced through the evaluation scores, information evaluation on all vulnerability objects can be achieved, the vulnerability objects worth paying attention to by financial institutions are screened out, and the technical problem that a target financial institution cannot accurately obtain the vulnerabilities worth paying attention due to the fact that a large number of vulnerability objects are difficult to evaluate in the related technology is solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention and do not constitute a limitation of the invention. In the drawings:
FIG. 1 is a flow chart of an alternative vulnerability assessment method according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of an alternative high-risk vulnerability presentation, according to an embodiment of the present invention;
FIG. 3 is a schematic diagram illustrating an alternative vulnerability awareness level distribution according to an embodiment of the present invention;
FIG. 4 is a flowchart of an alternative vulnerability priority visualization method based on a CAVP model according to an embodiment of the present invention;
FIG. 5 is a flowchart of another alternative vulnerability priority visualization method based on a CAVP model according to an embodiment of the present invention;
FIG. 6 is a schematic diagram of an alternative vulnerability assessment apparatus according to an embodiment of the present invention;
fig. 7 is a block diagram of a hardware structure of an electronic device (or a mobile device) according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
For convenience of description, some terms or expressions referring to the embodiments of the present application are explained below:
restful: the method is a design style and a development mode of a network application program, is based on HTTP, can use XML format definition or JSON format definition, is suitable for a scene that a mobile internet manufacturer uses as a service interface, and realizes the function that a third party calls mobile network resources.
Json: JavaScript Object Notation, a JS Object Notation, is a lightweight data exchange format. Data is stored and represented in a text format that is completely independent of the programming language.
Kafka: the distributed publish-subscribe messaging system is an open source streaming processing platform, is a high-throughput distributed publish-subscribe messaging system and can process all action streaming data of a consumer in a website.
Elastic search: is a search server for providing a full-text search engine with distributed multi-user capabilities.
Kibana: the tool is a data visualization and mining tool and can be used for log and time series analysis, application program monitoring and intelligent use case operation.
It should be noted that the vulnerability assessment method and the device thereof in the present disclosure may be used in the information security field for assessing vulnerabilities of products used in financial institutions, and may also be used in any fields other than the information security field for assessing vulnerabilities.
It should be noted that relevant information (including but not limited to user equipment information, user personal information, etc.) and data (including but not limited to data for presentation, analyzed data, etc.) referred to in the present disclosure are information and data that are authorized by the user or sufficiently authorized by various parties. For example, an interface is provided between the system and the relevant user or organization, before obtaining the relevant information, an obtaining request needs to be sent to the user or organization through the interface, and after receiving the consent information fed back by the user or organization, the relevant information is obtained.
The invention can be applied to various software products, control systems and clients (including but not limited to mobile clients, PCs and the like) of various financial institutions, is schematically illustrated by taking the software products as an example, and can evaluate the vulnerabilities related to the software products installed on the mobile clients to obtain vulnerabilities worth paying attention, thereby realizing the safe and stable processing of the business contents (including but not limited to business functions of account transfer, financial management, fund payment, check, advertisement, recommendation and the like) of the financial institutions.
By the method and the system, the vulnerability which is worth to pay attention to the financial institution can be rapidly calculated from the mass vulnerability data, the vulnerability information can be conveniently screened by a vulnerability management team of a safe operation center in the field of information security through visual display of the vulnerability which is worth to pay attention, the latest vulnerability which is worth to pay attention to is filtered, and unnecessary manual investigation of the vulnerability by an SOC vulnerability team is reduced.
The present invention will be described with reference to examples.
Example one
In accordance with an embodiment of the present invention, there is provided an alternative method embodiment for vulnerability assessment, it should be noted that the steps illustrated in the flowchart of the figure may be performed in a computer system such as a set of computer executable instructions, and that although a logical order is illustrated in the flowchart, in some cases the steps illustrated or described may be performed in an order different than here.
Fig. 1 is a flowchart of an optional vulnerability assessment method according to an embodiment of the present invention, as shown in fig. 1, the method includes the following steps:
step S101, determining a first score value of each vulnerability object based on the source and vulnerability grade of each vulnerability object in a vulnerability database, wherein the vulnerability database comprises a plurality of vulnerability objects, and the vulnerability objects and product objects used by a financial institution are in a pre-established association relationship;
step S102, determining a second score value of the vulnerability object associated with the product object based on the registration state of the product object and the product type;
step S103, determining a third score value of the vulnerability object based on the detection capability of the vulnerability detection product on the vulnerability object, wherein the vulnerability detection product is deployed on a product security detection platform of a financial institution in advance;
and step S104, integrating the first score value, the second score value and the third score value of the vulnerability objects, and determining the sequencing results of all vulnerability objects, wherein the sequencing results are used for screening out a vulnerability set to be alarmed from a vulnerability database.
Through the steps, the first score value of each vulnerability object is determined based on the source and vulnerability grade of each vulnerability object in the vulnerability database, wherein, the vulnerability database comprises a plurality of vulnerability objects, the vulnerability objects and the product objects used by the financial institution are in pre-established association relationship, then, based on the registration state of the product object and the product type, determining a second score value of the vulnerability object associated with the product object, and then based on the detection capability of the vulnerability detection product on the vulnerability object, determining a third score value of the vulnerability object, the vulnerability detection product is deployed on a product security detection platform of a financial institution in advance, and finally, a first score value, a second score value and a third score value of the vulnerability objects are integrated to determine a sequencing result of all vulnerability objects, wherein the sequencing result is used for screening out a vulnerability set to be alarmed from a vulnerability database. In the embodiment, a plurality of evaluation scores of the vulnerability objects are determined through the sources and vulnerability grades of the vulnerability objects, the product objects having an incidence relation with the vulnerability objects and the detection capability of vulnerability detection products on the vulnerability objects, and through the evaluation scores, not only all vulnerability objects can be sequenced, but also the information evaluation of each vulnerability object can be realized, and the vulnerability objects worth paying attention to by financial institutions are screened out, so that the technical problem that the target financial institutions cannot accurately acquire the vulnerabilities due to the fact that massive vulnerability objects are difficult to evaluate in the related technology is solved.
The following further describes embodiments of the present invention in conjunction with the above-described implementation steps.
Step S101, determining a first score value of each vulnerability object based on the source and vulnerability grade of each vulnerability object in a vulnerability database, wherein the vulnerability database comprises a plurality of vulnerability objects, and the vulnerability objects and product objects used by financial institutions establish an association relationship in advance.
Optionally, the vulnerability database in this embodiment may be constructed based on vulnerability data of vulnerability databases of multiple security vendors or security institutions, where multiple vulnerability objects of the vulnerability database and product objects used by the financial institutions establish a relationship in advance, that is, the product objects of the financial institutions may have a vulnerability problem indicated by the vulnerability objects, and most of the product objects used by the financial institutions are related to financial assets, so that vulnerability objects related to the financial assets may be screened from the vulnerability databases of the security vendors or security institutions. A vulnerability database has stored a large number of vulnerability objects, including vulnerabilities that are available to different financial institutions or non-financial institutions.
It should be noted that a vulnerability object may refer to a defect existing in the specific implementation of hardware, software, a system, a protocol, and a platform or a system security policy, and the defect corresponding to the vulnerability object may cause the hardware, software, a system, a protocol, and a platform to be damaged by an attacker or cause a system crash.
The product object may refer to a product such as software, hardware, a system, a device, etc. used by a financial institution.
How to determine the first score value of the vulnerability object is described in detail below.
An optional step of determining a first score value of each vulnerability object based on the source and vulnerability class of each vulnerability object in the vulnerability database includes: determining a vulnerability database to which the vulnerability object belongs based on the source of the vulnerability object; determining a first preset scoring rule based on the vulnerability grade, the vulnerability database to which the vulnerability object belongs and a first preset score set; and determining a first score value of the vulnerability object based on a first preset scoring rule.
Based on the source of the vulnerability object, which vulnerability database the vulnerability object is obtained from can be determined, and according to the authority degree of the security organization, the score value with high authority is larger than the score value of the security organization with low authority. The method comprises the steps that the score value of the vulnerability grade of a vulnerability object in a financial institution is higher than the score value of the vulnerability grade, and a first preset scoring rule is determined based on the vulnerability grade, a vulnerability database to which the vulnerability object belongs and a first preset score set.
The first predetermined score set may include different scores set according to the vulnerability source and the vulnerability class.
The first preset scoring rule is schematically described below with reference to table 1.
As shown in table 1, the vulnerability source/Environment Score (ES) is classified into an emergency, a high-risk, a medium-risk, and a low-risk (table 1 is only a schematic representation, and other vulnerability classification methods can be adopted in the actual use process, but different vulnerability classification methods are all within the protection range of this embodiment), the vulnerability object source is represented as a supervision institution, a financial institution chief line, an internet emergency center, an internet security manufacturer, an information security vulnerability sharing platform, an information security vulnerability library, etc., and according to the vulnerability grade and the Score in the vulnerability source correspondence table, the first Score of the vulnerability object can be determined, such as: the vulnerability target comes from an internet security manufacturer and the first score value is 10 if the vulnerability grade is urgent.
TABLE 1
Step S102, determining a second score value of the vulnerability object associated with the product object based on the registration state of the product object and the product type.
The registration status of the product object may be a registration status of the product object in a product system of a target institution, such as: the product system of the target institution has a registration status, a non-registration status, and may include a status introduced at a branch institution and not introduced at a general institution.
As an optional implementation manner, the step of determining the second score value of the vulnerability object associated with the product object based on the registration state of the product object and the product type includes: determining a second preset scoring rule based on the registration state of the product object in a target institution product system, the product type of the product object and a second preset score set, wherein the target institution product system is used for managing the product data of all the product objects used by the financial institution; and determining a second score value of the vulnerability object associated with the product object based on a second preset scoring rule.
In an alternative embodiment, the registration state comprises at least: the product system target system is registered in the target institution product system, is not registered in the target institution product system target system, is registered in a branch institution of the financial institution, and is not registered in a general institution of the financial institution.
The target institution product system may refer to product data of all product objects used by the financial institution, and a manner of determining the second score value of the vulnerability object is described below with reference to table 2.
As shown in table 2, the vulnerability Product Score (Product Score, PS for short) may correspond to a second Score value of the vulnerability object in table 2 according to the registration status of the vulnerability object in the SPMS (financial asset management system) and the CMDB (configuration management database) (e.g., SPMS and CMDB are registered, unknown, not introduced by the head office, and unknown by the branch), and the Product type of the vulnerability object (e.g., component framework class, database vulnerability, WEB application, middleware vulnerability, network device class, microsoft class, and operating system class), wherein the vulnerability Product corresponds to the Product object, and SPMS and CMDB correspond to the target organization Product system.
In table 2, "SPMS, CMDB registered" corresponds to a registration status registered in the target system of the target organization product system; "unknown case" may mean no registration in either SPMS, CMDB, corresponding to a registration status that is not registered with the target organization product system target system; the "headquarters not introduced, branch unknown" may mean that the product object is not introduced with the product at the headquarters of the financial institution, is introduced with the product at the branch of the financial institution, but is not registered (corresponding to a registration state of being registered at the branch of the financial institution and not being registered at the headquarters of the financial institution).
TABLE 2
Optionally, after determining a second score value of the vulnerability object associated with the product object based on a second preset scoring rule, the method includes: and updating the target organization product system under the condition that the vulnerability object is not registered in the target organization product system.
For unknown conditions, namely under the condition that no loophole object is registered in a target mechanism product system, the loophole comprehensive investigation can be carried out on a financial mechanism, a mechanism introducing a loophole product is investigated, and data is actively updated on SPMS and CMDB assets.
Step S103, determining a third score value of the vulnerability object based on the detection capability of the vulnerability detection product on the vulnerability object, wherein the vulnerability detection product is deployed on a product security detection platform of the financial institution in advance.
Optionally, the step of determining the third score value of the vulnerability object based on the detection capability of the vulnerability detection product on the vulnerability object includes: analyzing whether the vulnerability detection product has detection capability on the vulnerability object to obtain an analysis result; determining a third preset scoring rule based on the vulnerability detection product, the analysis result and a third preset score set of the financial institution; and determining a third score value of the vulnerability object based on a third preset scoring rule.
A manner of determining the third Score value of the vulnerability object is schematically described with reference to table 3, and the third preset scoring rule is, as shown in table 3, a Detection Ability Score (Detection Ability Score, DAS) in table 3, which schematically shows vulnerability Detection products 1, vulnerability Detection products 2, and vulnerability Detection products 3, scores the Detection Ability of the vulnerability object through a plurality of vulnerability Detection products, and determines the third Score value of the vulnerability object through a mathematical calculation manner, if the vulnerability object has the preset Score value of the Detection Ability. The mathematical calculation method may be a method of weighting, summing, and multiplying, and is not limited herein.
TABLE 3
It should be noted that, in an optional manner, in the process of linking with the vulnerability detection product 1, the vulnerability detection product 2, and the vulnerability detection product 3, a requirement for updating the rule base may also be provided for the security product manufacturer of the vulnerability detection product, so as to improve the capability of the financial institution to detect the vulnerability information as a whole.
And step S104, integrating the first score value, the second score value and the third score value of the vulnerability objects, and determining the sequencing results of all vulnerability objects, wherein the sequencing results are used for screening out a vulnerability set to be alarmed from a vulnerability database.
The following describes determining the ranking results of all vulnerability objects.
As an optional implementation manner of this embodiment, the step of determining the ranking results of all vulnerability objects by synthesizing the first score value, the second score value, and the third score value of the vulnerability object includes: synthesizing a first score value, a second score value and a third score value of the vulnerability object, and determining a total score value of each vulnerability object in the vulnerability database; and sequencing the score values based on the total score value of each vulnerability object, and determining the sequencing result of all vulnerability objects in the vulnerability database.
It should be noted that the total score value of each vulnerability object in the vulnerability database is determined based on the first score value, the second score value and the third score value of the vulnerability object, the total score value of the vulnerability objects may be determined by adopting a manner of weighted calculation, summation and product calculation, and the determination of the total score value is schematically illustrated in the manner of product calculation.
Calculate the CAVSS attention value (corresponding to the total score value) as follows:
CAVSS(O)=ES×PS×DAS;
where ES represents a first score value, PS represents a second score value, and DAS represents a third score value.
Based on the total score value of each vulnerability object, the vulnerability objects in the vulnerability data can be sorted according to the score values, and the sorting results of all vulnerability objects in the vulnerability database are determined.
It should be noted that, in an optional manner, any one or more of the first score value, the second score value, and the third score value may also be used to rank the vulnerability objects in the vulnerability data, and determine a ranking result of all vulnerability objects in the vulnerability database.
As an optional implementation manner, after determining the ranking result of all vulnerability objects in the vulnerability database, the method further includes: determining the attention level of each vulnerability object based on the total score value of the vulnerability object and a plurality of preset score areas; and integrating the attention levels of all vulnerability objects, and analyzing the distribution proportion of all attention levels.
The following result table 4 schematically illustrates the determination of the attention level of the vulnerability object, as shown in table 4, the attention level is divided into an emergency attention, a high-risk attention, a medium-risk attention and a low-risk attention, and the attention score interval (corresponding to the preset score interval) is that for each attention level: the attention grade of the vulnerability object can be determined according to which attention score interval the total score of the vulnerability object belongs to.
TABLE 4
| Attention ratings | Attention score section |
| Emergency attention | (10,15] |
| High risk concern | (7,10] |
| Middle-risk concern | (4,7] |
| Low risk concern | (0,4] |
According to the attention level of each vulnerability object, the distribution proportion of each attention level in vulnerability data can be analyzed.
An optional embodiment, after synthesizing the attention levels of each vulnerability object and analyzing the distribution proportion of each attention level, includes: the method comprises the following steps of displaying object data of vulnerability objects with total score values larger than a preset score threshold value in a vulnerability database by adopting a first type chart, wherein the first type chart at least comprises the following steps: vulnerability identification and vulnerability score values; and displaying the distribution information of each attention level by adopting a second type chart, wherein the second type chart at least comprises the following steps: distribution ratio and attention level; and displaying the sequencing results of all vulnerability objects in the vulnerability database by adopting a third type chart, wherein the third type chart at least comprises the following steps: vulnerability identification, vulnerability score value, number of institutions and number of applications.
Fig. 2 is a schematic diagram of an optional high-risk vulnerability display according to an embodiment of the present invention, and the object data of a vulnerability object whose total score value is greater than a preset score threshold in a vulnerability database is shown by using a first type chart in combination with fig. 2.
As shown in fig. 2, object data of vulnerability objects of TOP10 vulnerability objects with a total score value sorted are given, the left pie chart in fig. 2 includes a plurality of fan-shaped regions, different fan-shaped regions correspond to different right vulnerability object names, numbers marked on the fan-shaped regions 9, 10, 11, 13, 15, 12, 13 represent the total score values of the fan-shaped regions, the "Apache Log4 remote code execution … Apache Struts2 remote code execution vulnerability" represents the name of the vulnerability object (corresponding to the vulnerability identification), "the content in the right bracket in fig. 2 (such as CVE-2021-.
Fig. 3 is a schematic diagram of distribution of optional vulnerability attention levels according to an embodiment of the present invention, and a description is given below, in conjunction with fig. 3, to schematically illustrate distribution information of each attention level by using a second type chart.
As shown in fig. 3, each sector area of the pie chart in fig. 3 represents a different attention level, and the left sector area in fig. 3 corresponds to a low-risk vulnerability, a medium-risk vulnerability, a high-risk vulnerability, and an emergency vulnerability on the right side of fig. 3, respectively. The percentage of sector area identification in fig. 3 corresponds to the distribution scale for each attention level. (12.90% of low-risk leaks, 45.23% of medium-risk leaks, 38.24% of high-risk leaks and 3.63% of emergency leaks in FIG. 3).
The following schematically illustrates, with reference to table 5, the result of displaying the ranking of all vulnerability objects in the vulnerability database by using the third type chart. As shown in table 5, includes: the vulnerability identification, the CVE (standard vulnerability number), the vulnerability source/environment score (corresponding to the first score value), the vulnerability product score (corresponding to the second score value), the detection capability score (corresponding to the third score value), the number of institutions and the number of applications, wherein the number of institutions may refer to the number of financial institutions involved in the financial institutions for the vulnerability object, and the number of applications may be the number of product objects affected by the vulnerability object, such as the number of software involved by the vulnerability object.
TABLE 5
The vulnerability of which the previous N values are concerned can be rapidly screened from the massive vulnerability database through vulnerability visualization display or vulnerability sequencing results, a vulnerability risk distribution scale chart is obtained, wherein N is a natural number, the selection of the N value is not limited, the vulnerability score and the vulnerability related range can be seen through a third type chart, and vulnerability data can be conveniently sensed, screened, adjusted and analyzed by a vulnerability team.
According to the embodiment of the invention, the vulnerability which is worth to pay attention to the financial institution can be rapidly screened from the massive vulnerability data, the vulnerability information can be conveniently screened by a vulnerability management team of the safe operation center through visually displaying the vulnerability which is worth to pay attention, the latest vulnerability which is worth to pay attention to is filtered, and unnecessary manual investigation of the vulnerability by the vulnerability team is reduced.
The invention will be described in connection with another alternative embodiment.
Example two
The embodiment provides an optional vulnerability priority assessment method based on the CAVP model,
fig. 4 is a flowchart of an optional visualization method for vulnerability priority based on a CAVP model according to an embodiment of the present invention, as shown in fig. 4, including the following steps:
step 1: constructing a vulnerability database: the vulnerability database is established through the SOC vulnerability management platform, and vulnerability sources can be an information security vulnerability library and a vulnerability information sharing platform of a security manufacturer, and can also be an information security supervision mechanism and the like, such as: the system comprises a supervision institution, a financial institution head office, an internet emergency center, an internet security manufacturer, an information security vulnerability sharing platform, a national information security vulnerability library and the like, wherein vulnerability objects in the vulnerability database have an incidence relation with application products used by the financial institution, and the application products can be software, hardware, a database, a server and the like.
And 2, step: scoring vulnerability sources: and scoring the vulnerability source based on a first preset scoring rule based on the source information of the vulnerability object obtained from which security vulnerability library or platform and the vulnerability grade of the vulnerability object in the financial institution.
And step 3: vulnerability affects product scoring: according to the registration condition of the vulnerability object in the SPMS (financial asset management system) and the CMDB (configuration management database), based on a second preset scoring rule, scoring of vulnerability influence products is carried out, and if the vulnerability object is not registered in the SPMS and the CMDB, a whole group of financial institutions can be checked, branch institutions of products introducing the vulnerability object are checked, and the SPMS and the CMDB assets are actively updated by data.
And 4, step 4: scoring the detection capability of the vulnerability detection product: whether a vulnerability detection product deployed on a security detection platform in a financial institution has detection capability on a product object related to a vulnerability object or not is judged, the vulnerability object is scored based on a third preset scoring rule, and it needs to be stated that under the condition that the vulnerability detection product does not have detection capability on the product object, an update request can be provided for a producer of the vulnerability detection product, the detection capability of the vulnerability detection product on the product object is increased, wherein the product object is an application product used by the financial institution.
And 5: visual display: and visualizing the scoring result of the vulnerability object in the vulnerability database according to the scoring results from the step 2 to the step 3.
Fig. 5 is a flowchart of another optional visualization method for vulnerability priority based on CAVP model according to an embodiment of the present invention, where fig. 5 includes: the SOC vulnerability library restful interface service, the CAVP vulnerability scoring system, the json data stream, the kafka encryption channel, the analytics cluster, and the Kibana data visualization are described below with reference to the flow of fig. 5.
Based on SOC (system on chip) vulnerability library restful interface service, after passing through a CAVP vulnerability scoring system, the data format of vulnerability scoring data is in a json format, the json data is serialized into a json data stream and sent to a kafka cluster, the kafka cluster sends vulnerability scoring data to a database of an Elasticisarch cluster after being encrypted and transmitted through a kafka encryption channel, Kibana data visualization is carried out through a Kibana cluster display platform, it needs to be noted that the CAVP vulnerability scoring system is used for scoring vulnerability objects, and the scoring method adopts the scoring method from step 2 to step 3 in FIG. 4 for scoring.
It should be noted that, in this embodiment, an automated vulnerability assessment process may also be formed in a form of API interface linkage, so as to filter out the latest vulnerability objects worth attention, reduce unnecessary troubleshooting by a vulnerability team, and achieve the purpose of making the application product of the financial institution operate stably and being environmentally safe.
According to the method and the system, bugs worth paying attention to the financial institutions are rapidly calculated from massive bug data, visual display is carried out, a bug management team conveniently screens the bug information, and screening efficiency of the bug information is improved.
The invention will be described in connection with an alternative embodiment.
EXAMPLE III
The present embodiment provides an optional vulnerability assessment apparatus, and each implementation unit included in the vulnerability assessment apparatus corresponds to each implementation step in the first embodiment.
Fig. 6 is a schematic diagram of an alternative vulnerability assessment apparatus according to an embodiment of the present invention, as shown in fig. 6, the vulnerability assessment apparatus includes: a first determining unit 61, a second determining unit 62, a third determining unit 63, a fourth determining unit 64, wherein,
the first determining unit 61 is configured to determine a first score value of each vulnerability object based on a source and a vulnerability level of each vulnerability object in a vulnerability database, where the vulnerability database includes a plurality of vulnerability objects, and an association relationship is established between each vulnerability object and a product object used by a financial institution in advance;
a second determination unit 62, configured to determine a second score value of the vulnerability object associated with the product object based on the registration status of the product object and the product type;
a third determining unit 63, configured to determine a third score value of the vulnerability object based on a detection capability of the vulnerability detection product on the vulnerability object, where the vulnerability detection product is pre-deployed on a product security detection platform of the financial institution;
and a fourth determining unit 64, configured to synthesize the first score value, the second score value, and the third score value of the vulnerability object, and determine a ranking result of all vulnerability objects, where the ranking result is used to screen out a vulnerability set to be alarmed from the vulnerability database.
With the vulnerability assessment apparatus, a first score value of a vulnerability object can be determined by a first determination unit 61 based on the source and vulnerability class of each vulnerability object in a vulnerability database, wherein the vulnerability database comprises a plurality of vulnerability objects, the vulnerability object and a product object used by a financial institution are in a pre-established association relationship, then a second score value of the vulnerability object associated with the product object is determined by a second determination unit based on the registration state and product type of the product object, then a third score value of the vulnerability object is determined by a third determination unit 63 based on the detection capability of the vulnerability detection product on the vulnerability object, wherein the vulnerability detection product is pre-deployed on a product security detection platform of the financial institution, and the fourth determination unit 64 integrates the first score value, the second score value and the third score value of the vulnerability object to determine the sequencing result of all vulnerability objects, and the sequencing result is used for screening the vulnerability set to be alarmed from the vulnerability database. In the embodiment, a plurality of evaluation scores of the vulnerability objects are determined through the sources and vulnerability grades of the vulnerability objects, the product objects having an incidence relation with the vulnerability objects and the detection capability of vulnerability detection products on the vulnerability objects, and through the evaluation scores, not only all vulnerability objects can be sequenced, but also the information evaluation of each vulnerability object can be realized, and the vulnerability objects worth paying attention to by financial institutions are screened out, so that the technical problem that the target financial institutions cannot accurately acquire the vulnerabilities due to the fact that massive vulnerability objects are difficult to evaluate in the related technology is solved.
Optionally, the fourth determining unit includes: the first determining subunit is used for integrating the first score value, the second score value and the third score value of the vulnerability object and determining the total score value of each vulnerability object in the vulnerability database; and the second determining subunit is used for sequencing the score values based on the total score value of each vulnerability object and determining the sequencing result of all vulnerability objects in the vulnerability database.
Optionally, the fourth determining unit further includes: the third determining subunit is used for determining the attention level of each vulnerability object based on the total score value of the vulnerability objects and a plurality of preset partition areas after determining the sequencing results of all vulnerability objects in the vulnerability database; and the first analysis subunit is used for integrating the attention levels of all the vulnerability objects and analyzing the distribution proportion of each attention level.
Optionally, the fourth determining unit further includes: the first display subunit is configured to, after integrating the attention levels of each vulnerability object and analyzing the distribution proportion of each attention level, display, by using a first type chart, object data of the vulnerability object of which the total score value is greater than a preset score threshold value in the vulnerability database, where the first type chart at least includes: vulnerability identification and vulnerability score values; a second display subunit, configured to display, by using a second type chart, distribution information of each attention level, where the second type chart at least includes: distribution ratio and attention level; and the third display subunit is used for displaying the sequencing results of all vulnerability objects in the vulnerability database by adopting a third type chart, wherein the third type chart at least comprises: vulnerability identification, vulnerability score value, number of institutions and number of applications.
Optionally, the first determining unit includes: the third determining subunit is used for determining a vulnerability database to which the vulnerability object belongs based on the source of the vulnerability object; the fourth determining subunit is used for determining a first preset scoring rule based on the vulnerability grade, the vulnerability database to which the vulnerability object belongs and the first preset score set; and the fifth determining subunit is used for determining the first score value of the vulnerability object based on the first preset scoring rule.
Optionally, the second determining unit includes: a sixth determining subunit, configured to determine a second preset scoring rule based on a registration state of the product object in a target institution product system, a product type of the product object, and a second preset score set, where the target institution product system is configured to manage product data of all product objects used by the financial institution; and the seventh determining subunit is used for determining a second score value of the vulnerability object associated with the product object based on a second preset scoring rule.
Optionally, the registration status at least includes: registered with the target institution product system, unregistered with the target institution product system, registered with a branch of the financial institution, and unregistered with a general institution of the financial institution.
Optionally, the second determining unit further includes: and the updating subunit is used for updating the target organization product system under the condition that the vulnerability objects are not registered in the target organization product system after determining a second score value of the vulnerability objects associated with the product objects based on a second preset scoring rule.
Optionally, the third determining unit includes: the second analysis subunit is used for analyzing whether the vulnerability detection product has the detection capability on the vulnerability object to obtain an analysis result; the eighth determining subunit is used for determining a third preset scoring rule based on the vulnerability detection product, the analysis result and a third preset score set of the financial institution; and the ninth determining subunit is used for determining a third score value of the vulnerability object based on a third preset scoring rule.
The vulnerability assessment apparatus may further include a processor and a memory, wherein the first determining unit 61, the second determining unit 62, the third determining unit 63, the fourth determining unit 64, and the like are stored in the memory as program units, and the processor executes the program units stored in the memory to implement corresponding functions.
The processor comprises a kernel, and the kernel calls a corresponding program unit from the memory. The kernel can be set to be one or more, the first score value, the second score value and the third score value of the vulnerability object are determined by adjusting the kernel parameters through the source and vulnerability grade of the vulnerability object, the product object having an incidence relation with the vulnerability object and the detection capability of the vulnerability detection product on the vulnerability object, all vulnerability objects are sequenced, and the vulnerability object worthy of attention of the financial institution is screened out.
The memory may include volatile memory in a computer readable medium, Random Access Memory (RAM) and/or nonvolatile memory such as Read Only Memory (ROM) or flash memory (flash RAM), and the memory includes at least one memory chip.
According to another aspect of the embodiments of the present invention, there is also provided an electronic device, including: a processor; and a memory for storing executable instructions for the processor; wherein the processor is configured to perform any of the vulnerability assessment methods described above via execution of executable instructions.
According to another aspect of the embodiments of the present invention, a computer-readable storage medium is further provided, where the computer-readable storage medium includes a stored computer program, and when the computer program runs, the apparatus where the computer-readable storage medium is located is controlled to execute any one of the above vulnerability assessment methods.
Fig. 7 is a block diagram of a hardware structure of an electronic device (or a mobile device) according to an embodiment of the present invention. As shown in fig. 7, the electronic device may include one or more (shown as 702a, 702b, … …, 702 n) processors 702 (the processors 102 may include, but are not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA), and memory 704 for storing data. In addition, the method can also comprise the following steps: a display, an input/output interface (I/O interface), a Universal Serial Bus (USB) port (which may be included as one of the ports of the I/O interface), a network interface, a keyboard, a power supply, and/or a camera. It will be understood by those skilled in the art that the structure shown in fig. 7 is only an illustration and is not intended to limit the structure of the electronic device. For example, the electronic device may also include more or fewer components than shown in FIG. 7, or have a different configuration than shown in FIG. 7.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
In the above embodiments of the present invention, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed technology can be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units may be a logical division, and in actual implementation, there may be another division, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.
Claims (12)
1. A vulnerability assessment method is characterized by comprising the following steps:
determining a first score value of each vulnerability object based on the source and vulnerability grade of each vulnerability object in a vulnerability database, wherein the vulnerability database comprises a plurality of vulnerability objects, and the vulnerability objects and product objects used by a financial institution are in an association relationship in advance;
determining a second score value of the vulnerability object associated with the product object based on the registration status of the product object and the product type;
determining a third score value of the vulnerability object based on the detection capability of the vulnerability detection product on the vulnerability object, wherein the vulnerability detection product is pre-deployed on a product security detection platform of the financial institution;
and integrating the first score value, the second score value and the third score value of the vulnerability objects, and determining a sequencing result of all the vulnerability objects, wherein the sequencing result is used for screening out a vulnerability set to be alarmed from the vulnerability database.
2. The method of claim 1, wherein the step of determining the ranking result of all the vulnerability objects by combining the first score value, the second score value and the third score value of the vulnerability objects comprises:
synthesizing the first score value, the second score value and the third score value of the vulnerability object to determine a total score value of each vulnerability object in the vulnerability database;
and sequencing score values based on the total score value of each vulnerability object, and determining the sequencing result of all vulnerability objects in the vulnerability database.
3. The method of claim 2, wherein after determining the ranking result of all vulnerability objects in the vulnerability database, further comprising:
determining the attention level of each vulnerability object based on the total score value of the vulnerability object and a plurality of preset score areas;
and integrating the attention levels of the vulnerability objects, and analyzing the distribution proportion of the attention levels.
4. The method according to claim 3, wherein after synthesizing the attention levels of each vulnerability object and analyzing the distribution proportion of each attention level, the method comprises:
adopting a first type chart to display the object data of the vulnerability objects with the total score values larger than a preset score threshold value in the vulnerability database, wherein the first type chart at least comprises the following steps: vulnerability identification and vulnerability score values;
and displaying the distribution information of each attention level by adopting a second type chart, wherein the second type chart at least comprises the following components: the distribution ratio and the attention level;
and displaying the sequencing results of all the vulnerability objects in the vulnerability database by adopting a third type chart, wherein the third type chart at least comprises the following steps: vulnerability identification, vulnerability score value, number of institutions and number of applications.
5. The method of claim 1, wherein the step of determining the first score value of each vulnerability object based on the source and vulnerability class of the vulnerability object in the vulnerability database comprises:
determining a vulnerability database to which the vulnerability object belongs based on the source of the vulnerability object;
determining a first preset scoring rule based on the vulnerability grade, the vulnerability database to which the vulnerability object belongs and a first preset score set;
and determining a first score value of the vulnerability object based on the first preset scoring rule.
6. The method of claim 1, wherein determining a second score value for the vulnerability object associated with the product object based on the registration status of the product object and the product type comprises:
determining a second preset scoring rule based on the registration state of the product object in a target institution product system, the product type of the product object and a second preset score set, wherein the target institution product system is used for managing the product data of all the product objects used by the financial institution;
determining a second score value of the vulnerability object associated with the product object based on the second preset scoring rule.
7. The method of claim 6, wherein the registration state comprises at least: registered with the target institution product system, unregistered with the target institution product system, registered with a branch of the financial institution, and unregistered with a general institution of the financial institution.
8. The method of claim 6, after determining a second score value for the vulnerability object associated with the product object based on the second preset scoring rule, comprising:
and updating the target institution product system under the condition that the vulnerability object is not registered in the target institution product system.
9. The method of claim 1, wherein the step of determining the third score value of the vulnerability object based on the detection capability of the vulnerability detection product on the vulnerability object comprises:
analyzing whether the vulnerability detection product has detection capability on the vulnerability object to obtain an analysis result;
determining a third preset scoring rule based on the vulnerability detection product of the financial institution, the analysis result and a third preset score set;
and determining a third score value of the vulnerability object based on the third preset scoring rule.
10. A vulnerability assessment apparatus, comprising:
the first determining unit is used for determining a first score value of each vulnerability object based on the source and vulnerability grade of each vulnerability object in a vulnerability database, wherein the vulnerability database comprises a plurality of vulnerability objects, and an association relationship is established between each vulnerability object and a product object used by a financial institution in advance;
a second determination unit, configured to determine a second score value of the vulnerability object associated with the product object based on a registration status of the product object and a product type;
a third determining unit, configured to determine a third score value of the vulnerability object based on a detection capability of a vulnerability detection product on the vulnerability object, where the vulnerability detection product is pre-deployed on a product security detection platform of the financial institution;
and the fourth determining unit is used for integrating the first score value, the second score value and the third score value of the vulnerability objects and determining the sequencing result of all the vulnerability objects, wherein the sequencing result is used for screening out the vulnerability set to be alarmed from the vulnerability database.
11. A computer-readable storage medium, comprising a stored computer program, wherein when the computer program runs, the computer-readable storage medium controls a device to execute the vulnerability assessment method according to any one of claims 1 to 9.
12. An electronic device comprising one or more processors and memory, the memory storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the vulnerability assessment method of any of claims 1-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210841818.0A CN115033891A (en) | 2022-07-18 | 2022-07-18 | Vulnerability assessment method and device, storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210841818.0A CN115033891A (en) | 2022-07-18 | 2022-07-18 | Vulnerability assessment method and device, storage medium and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115033891A true CN115033891A (en) | 2022-09-09 |
Family
ID=83129278
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210841818.0A Pending CN115033891A (en) | 2022-07-18 | 2022-07-18 | Vulnerability assessment method and device, storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115033891A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116561769A (en) * | 2023-05-19 | 2023-08-08 | 国家计算机网络与信息安全管理中心 | Vendor recommendation method, device, equipment and storage medium |
-
2022
- 2022-07-18 CN CN202210841818.0A patent/CN115033891A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116561769A (en) * | 2023-05-19 | 2023-08-08 | 国家计算机网络与信息安全管理中心 | Vendor recommendation method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10162734B1 (en) | Method and system for crowdsourcing software quality testing and error detection in a tax return preparation system | |
| Schlette et al. | Measuring and visualizing cyber threat intelligence quality | |
| US11676087B2 (en) | Systems and methods for vulnerability assessment and remedy identification | |
| Alali et al. | Cloud computing: Overview and risk analysis | |
| Levi et al. | Cyberfraud and the implications for effective risk-based responses: themes from UK research | |
| WO2019222742A1 (en) | Real-time content analysis and ranking | |
| US20210112101A1 (en) | Data set and algorithm validation, bias characterization, and valuation | |
| US20210136122A1 (en) | Crowdsourced innovation laboratory and process implementation system | |
| Rashid et al. | Economic model for evaluating the value creation through information sharing within the cybersecurity information sharing ecosystem | |
| Tardelli et al. | Characterizing social bots spreading financial disinformation | |
| US8819442B1 (en) | Assessing risk associated with a computer technology | |
| CN110738527A (en) | feature importance ranking method, device, equipment and storage medium | |
| CN108268624B (en) | User data visualization method and system | |
| CN108170830B (en) | Group event data visualization method and system | |
| CN108280644B (en) | Group membership data visualization method and system | |
| CN109313541A (en) | For showing and the user interface of comparison attacks telemetering resource | |
| US10311514B2 (en) | Financial messaging platform | |
| CN115033891A (en) | Vulnerability assessment method and device, storage medium and electronic equipment | |
| CN109478219A (en) | For showing the user interface of network analysis | |
| US9064283B2 (en) | Systems, methods, and apparatus for reviewing file management | |
| CN112419030B (en) | Method, system and equipment for evaluating financial fraud risk | |
| CN115204881A (en) | Data processing method, device, equipment and storage medium | |
| Van Os | SOC-CMM: Designing and evaluating a tool for measurement of capability maturity in security operations centers | |
| Habib et al. | Trust4App: automating trustworthiness assessment of mobile applications | |
| Wortman et al. | SMART: security model adversarial risk-based tool for systems security design evaluation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |