CN115643112A - Method and device for testing safety protection capability - Google Patents
Method and device for testing safety protection capability Download PDFInfo
- Publication number
- CN115643112A CN115643112A CN202211654069.7A CN202211654069A CN115643112A CN 115643112 A CN115643112 A CN 115643112A CN 202211654069 A CN202211654069 A CN 202211654069A CN 115643112 A CN115643112 A CN 115643112A
- Authority
- CN
- China
- Prior art keywords
- test
- cluster
- vulnerability
- testing
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Computer And Data Communications (AREA)
- Debugging And Monitoring (AREA)
Abstract
The application discloses a method and a device for testing safety protection capability, which relate to the technical field of data safety, and the method comprises the following steps: determining the network configuration of the vulnerability detection nodes according to the network information of the tested environment, and constructing a test cluster taking the vulnerability detection nodes as working nodes; pulling a preset vulnerability starting script, a shooting range configuration file and a shooting range mirror image into a test cluster to generate a shooting range Pod, and dispatching all test pods to working nodes generated by vulnerability detection nodes; and starting all loopholes and the Pod of the firing ground to perform security test on the test cluster, and determining whether the test cluster has the security protection capability according to the test result. The automatic target range constructed by the scheme can be rolled back to an initial state through the snapshot, can be used repeatedly, can be automatically accessed into a tested environment, has strong automation capability, can centralize dirty data together only by dispatching the test Pod to the working node, and does not influence normal service in a test cluster.
Description
Technical Field
The present application relates to the field of data security technologies, and in particular, to a method and an apparatus for testing security protection capability.
Background
Cloud protogenesis is a technical methodology of a new generation of application program, a main landing mode is a software operation and architecture scheme represented by kubernets (K8 s for short), various vulnerabilities under a cloud protogenesis environment carried by the cloud protogenesis and various protection measures made aiming at the vulnerabilities are formed along with the cloud protogenesis, and detection means for detecting vulnerabilities or security capability of the cloud protogenesis environment under the environment generally comprises the step of manually triggering various vulnerability target fields to check whether the vulnerabilities are triggered or detected by a security protection platform.
Disclosure of Invention
The application provides a safety protection capability test method, which aims to solve the problems that in the prior art, a cloud native safety capability detection means is limited by the safety capability of testers and a node is uncontrollable after a bug is triggered.
In order to achieve the purpose, the following technical scheme is adopted in the application:
the application discloses a method for testing safety protection capability, which comprises the following steps:
determining the network configuration of vulnerability detection nodes according to the network information of the tested environment, and constructing a test cluster taking the vulnerability detection nodes as working nodes;
pulling a preset vulnerability starting script, a shooting range configuration file and a shooting range mirror image into the test cluster to generate a shooting range Pod, and dispatching all test pods into working nodes generated by the vulnerability detection nodes;
and starting all the bugs and the Pod of the firing ground to perform safety test on the test cluster, and determining whether the test cluster has safety protection capability according to a test result.
Preferably, before pulling the pre-configured vulnerability boot script, the shooting range configuration file and the shooting range image to the test cluster to generate the shooting range Pod, the method further includes:
and executing the cluster basic command to judge whether all the pod in the test cluster is in the running state, if so, the test cluster is healthy, and otherwise, the test cluster is reset.
Preferably, the determining the network configuration of the vulnerability detection node according to the network information of the tested environment and constructing the test cluster with the vulnerability detection node as the working node includes:
acquiring network information of a detected environment and comparing the network information with the network information of the vulnerability detection node;
when the network information of the tested environment is different from the network information of the vulnerability detection node, changing the network configuration of the vulnerability detection node, and performing health detection on the changed and configured network detection node to determine whether to construct a test cluster;
and when the network information of the tested environment is the same as that of the vulnerability detection node, constructing a test cluster with the vulnerability detection node as a working node.
Preferably, the performing health detection on the network detection node after configuration change to determine whether to construct a test cluster includes:
and judging whether the network detection nodes after configuration change are healthy or not by remotely accessing the polling detection network to detect whether the network requests a response or not, if so, constructing a test cluster taking the network detection nodes after configuration change as working nodes, and otherwise, reconfiguring the network.
Preferably, the network information includes static IP and domain name system information.
Preferably, the method further comprises: and after the test is finished, rolling back to the initial state of the target yard Pod through the snapshot.
Preferably, the starting all vulnerabilities and the Pod at the firing ground to perform security testing on the test cluster, and determining whether the test cluster has a security protection capability according to a test result, includes:
starting all vulnerabilities, wherein the vulnerabilities comprise a load vulnerability and a non-load vulnerability;
when the vulnerability is a load vulnerability, triggering the effective load of the vulnerability and judging whether the vulnerability is abnormal, if not, the testing cluster has the safety protection capability;
and when the vulnerability is a non-load vulnerability, judging whether a payload request packet sent to a Web safety target range by an external node is intercepted, if so, testing that the cluster has safety protection capability.
A safety protection capability testing device, comprising:
the building module is used for determining the network configuration of the vulnerability detection node according to the network information of the tested environment and building a test cluster taking the vulnerability detection node as a working node;
the calling module is used for pulling a preconfigured vulnerability starting script, a shooting range configuration file and a shooting range mirror image into the test cluster to generate a shooting range Pod, and dispatching all test pods into working nodes generated by the vulnerability detection nodes;
and the scanning module is used for starting all bugs and the firing ground Pod cluster so as to carry out security test on the test cluster, and determining whether the test cluster has the security protection capability according to the test result.
An electronic device comprising a memory and a processor, the memory for storing one or more computer instructions, wherein the one or more computer instructions are executable by the processor to implement a method of safety protection capability testing as claimed in any preceding claim.
A computer-readable storage medium storing a computer program for causing a computer to implement a method for testing safety protection capability as defined in any one of the preceding claims when executed.
The invention has the following beneficial effects:
the portable miniature server of this scheme utilization builds virtual cluster, and the portability is high, and the automation target range that constructs simultaneously can not only automize and insert the environment under test, still can roll back to initial condition through the virtual machine platform snapshot after the test, can use repeatedly, can also acquire the security ability of the environment under test, and only schedule the test Pod to the work node in, can make dirty data concentrate together, can not influence the normal business in the test cluster.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.
FIG. 1 is a schematic diagram of a safety protection capability testing device according to the present application;
FIG. 2 is a flow chart of a method for testing safety protection capability according to the present application;
FIG. 3 is a flow chart of the automated construction of a test cluster according to the present application;
FIG. 4 is a flow chart of the present application for automated drone ground detection;
fig. 5 is a schematic diagram of an electronic device implementing a method for testing safety protection capability according to the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings, and it is to be understood that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The terms "first," "second," and the like in the claims and in the description of the present application are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order, it being understood that the terms so used are interchangeable under appropriate circumstances and are merely used to describe a distinguishing manner between similar elements in the embodiments of the present application and that the terms "comprising" and "having" and any variations thereof are intended to cover a non-exclusive inclusion such that a process, method, system, article, or apparatus that comprises a list of elements is not necessarily limited to those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
As shown in fig. 1, the present application further provides a safety protection capability testing apparatus, including:
the building module 10 is configured to determine a network configuration of a vulnerability detection node according to network information of a tested environment, and build a test cluster using the vulnerability detection node as a working node;
the calling module 20 is configured to pull a pre-configured vulnerability boot script, a shooting range configuration file, and a shooting range image into the test cluster to generate a shooting range Pod, and schedule all test pods to the working nodes generated by the vulnerability detection nodes;
and the scanning module 30 is configured to start all bugs and the firing ground Pod to perform security testing on the test cluster, and determine whether the test cluster has a security protection capability according to a test result.
In order to realize portability of a detection tool, namely a testing device, the detection tool in the embodiment uses a micro server as a physical machine, and a virtual machine platform is arranged in the detection tool, so that the detection tool has self-defined memory and disk allocation capability and capability of adding, editing and deleting snapshots of the virtual machine, and meanwhile, the virtual machine platform also supports establishment of a virtual server cluster according to environmental requirements of various bugs in kubernets, so that the detection tool also has capability of testing various kernel bugs, component bugs and platform version bugs.
As a preferred implementation manner, the virtual server in this embodiment employs a standard version of open source Linux system, such as Centos or Ubuntu; selecting corresponding security versions of the virtual machine kernel, runC, docker, kubelet and Containerd according to the vulnerability coverage range; in addition, the virtual server in this embodiment is divided into a main control server and a test server cluster, the main control server is used as a management server of the cluster, and the main control server sends an instruction to the test server cluster in a remote manner through ssh, so that the test server cluster is managed, controlled and allocated.
The portable detection tool in this embodiment further has a private mirror image warehouse for storing the shooting range mirror image, and when detecting a vulnerability, the private mirror image warehouse is pulled and started to the specified K8s _ Node.
In order to implement the automatic construction of the test cluster and the automatic detection of the target range, the following files are customized in this embodiment:
1. a Config file: the configuration file of the whole program contains network information, domain Name System (DNS) information and K8s information, wherein the Domain Name System information is collected for adapting to private DNS service of a tested environment, and the K8s information is collected for connecting a K8s cluster of a tested service;
2. node _ conf folder: the method comprises the steps of automatically configuring an IP address provided by a tested environment to a configuration script of a test cluster network, automatically configuring a DNS configuration script of DNS information in a test cluster, and automatically detecting whether a server node is in an available state or not;
3. k8s _ conf folder: the system comprises a native K8s plugin which is prepared for providing the capability of automatically resetting a K8s node and depends on files, a configuration script which is customized for automatically resetting the K8s node for a cluster, a Yaml file which is used for mobilizing the K8s native plugin to construct a new available cluster, a native K8s plugin which is used for automatically pulling up the primary K8s dependent files of a K8s main control container, a K8s health detection script which is used for ensuring the cluster state and mainly monitors and polls the state of a K8s main control Pod so as to confirm whether the cluster is healthy or not, a K8s reset and a K8s init script which are used for resetting the cluster after IP is changed so as to ensure the availability of the automatically configured cluster, and a configuration script which is used for customizing and starting vulnerability detection so as to detect vulnerability triggering effects.
In the embodiment, the system also comprises an Auto _ Config _ shell file serving as a shooting range automation main control process, and in the actual test process, except that the Config file needs to be filled according to the actual test environment, the files in the Node _ conf folder and the K8s _ conf folder are automatically configured by the Auto _ Config _ shell file.
In addition, a target ground construction script and a container construction configuration file which comprise cloud native scenes such as k8s vulnerabilities, container vulnerabilities, kernel vulnerabilities and privilege escalation detection vulnerabilities are also configured in the embodiment, and Auto _ Create _ Sec _ pod.sh serving as a main control process of the vulnerability detection process is also configured, and the target ground construction script and the container construction configuration file can be automatically scheduled by reading the environment configuration in the Config file.
As shown in fig. 2, the present application provides a method for testing safety protection capability, which includes the following steps:
s110, determining the network configuration of the vulnerability detection node according to the network information of the tested environment, and constructing a test cluster taking the vulnerability detection node as a working node;
s120, pulling a pre-configured vulnerability boot script, a shooting range configuration file and a shooting range mirror image into the test cluster to generate a shooting range Pod, and scheduling all test pods to working nodes generated by the vulnerability detection nodes;
s130, starting all bugs and the target yard Pod cluster to perform security test on the test cluster, and determining whether the test cluster has security protection capability according to a test result.
Based on the customized file, in this embodiment, first, network information of the environment to be tested is obtained, where the network information includes static IP and DNS information, and is compared with network information in the Config file, that is, network information of the vulnerability detection node, when the network information is not consistent, the network configuration in the Config file is changed, and whether the vulnerability detection node is healthy or not is determined by remotely accessing to poll and detect whether the network can request a response, if the vulnerability detection node is healthy, the change is effective, and K8s reset & init, that is, K8s reset and initialization process is performed, if the vulnerability detection node is unhealthy, the network configuration is performed again, and when the network information is consistent with the network information in the Config file, the K8s reset & init process is directly performed.
The K8s reset & init flow includes the following two cases: in the first situation, the testing purpose is to test the security capability of a certain service cluster or the security capability of a security protection platform with only a single service cluster, the testing process will add all vulnerability detection nodes as working nodes K8s Node into the tested K8s cluster, that is, each Node executes a join _ key command to add into the service cluster and generate a final test cluster by requesting the token join _ key of the tested service cluster main control end of the tested environment; and in the second situation, the test aim is to test the protection capability of the safety protection platform with multiple clusters, the test process is that all vulnerability detection nodes form a complete test cluster with a control Node K8s master and a plurality of working nodes K8s nodes, one vulnerability detection Node is reset to be a K8s _ master through a K8s _ reset command and generates a join _ key to be sent to the rest vulnerability detection nodes, the rest vulnerability detection nodes execute the join _ key command to be added into the cluster, and the whole test cluster is added into the tested safety protection platform according to the safety protection platform subset script provided by the tested system.
Specifically, a cluster basic command is executed to determine whether all the pod in the test cluster is in a running state, if so, the test cluster is healthy, otherwise, the test cluster is reset.
And after the loading of the K8s test cluster is finished, checking whether all the pod in the cluster is in the running state by executing a K8s basic command, if so, loading the vulnerability detection node if the test cluster is healthy, and if not, resetting and init again.
After all vulnerability detection nodes are started, each testing Pod is dispatched to a working Node where a micro server is located through a preset shooting range Yaml file so as to perform vulnerability detection in the working Node, wherein the shooting range Yaml file is used for distinguishing the testing Pod from the service Pod and keeping all running data in the testing micro server, besides, when the testing aims at testing the safety capability of a certain service cluster or the safety capability of a safety protection platform of only a single service cluster, the testing nodes are grouped according to configuration files, all service groups Pod are isolated in an original service Node, and the service Pod is forbidden to be dispatched to the testing Node, namely the working Node, so as to prevent the normal service of the tested cluster from being influenced, as shown in FIG. 3.
Specifically, starting all vulnerabilities, wherein the vulnerabilities comprise a load vulnerability and a non-load vulnerability;
when the vulnerability is a load vulnerability, triggering the effective load of the vulnerability and judging whether the vulnerability is abnormal, if not, the testing cluster has the safety protection capability;
and when the vulnerability is a non-load vulnerability, judging whether a payload request packet sent to a Web safety target range by an external node is intercepted, if so, testing that the cluster has safety protection capability.
As shown in fig. 4, after the vulnerability detection node is pulled up, the Auto _ Create _ Sec _ Pod.sh file is started to perform payload triggering, and first, the Auto _ Create _ Sec _ Pod.sh reads a pre-configured shooting range construction file, various vulnerability starting related scripts are pulled into a master node of the test cluster, and simultaneously, the configured shooting range Yaml file and a shooting range mirror image are pulled to generate a shooting range Pod cluster, wherein the vulnerability in the embodiment includes all known vulnerabilities such as escape class, K8s class, container class, kernel class, right extraction detection class, sensitive command class, malicious process class, file integrity protection, web security and the like in a native cloud scene, and if the master is also the master of the service cluster, the step is executed in the main control server through a kubutel client.
Then, load type bugs such as escape types, k8s types, container types, kernel types, right-lifting detection types, malicious process types and file integrity protection can detect whether the bugs are abnormal or not by triggering load payloads per se, if so, the bugs are triggered, and the cluster has no safety protection capability; and if the non-load type loophole exists, an external node needs to automatically send a payload request packet to a Web safety target (the only non-load type target) Pod through an external interface of the target, then whether the target intercepts or alarms the request packet is judged, and if the request packet is intercepted or alarmed, the cluster has the safety protection capability.
And after the scanning is finished, obtaining a scanning result, clearing dirty data, closing the scanning environment, and simultaneously, after the testing environment is closed, the tested environment does not influence the operation of the normal service of the tested environment.
The automatic target range constructed in the embodiment can be rolled back to an initial state through the snapshot, can be repeatedly used, can be automatically accessed to the tested cluster and obtain the safety capability of the tested cluster, saves the time and cost of manual verification, improves the detection speed and efficiency of the safety capability of the cloud native environment, can concentrate dirty data at one point so as not to influence the normal service of the tested cluster, and is high in safety.
As shown in fig. 5, the present application further provides an electronic device, which includes a memory 501 and a processor 502, where the memory 501 is configured to store one or more computer instructions, and the one or more computer instructions are executed by the processor 502 to implement one of the above-mentioned methods for testing safety protection capability. It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working process of the electronic device described above may refer to the corresponding process in the foregoing method embodiment, and is not described herein again. The present application also provides a computer-readable storage medium storing a computer program, which, when executed by a computer, implements a method for testing safety protection capability as described above. Illustratively, a computer program may be divided into one or more modules/units, one or more modules/units are stored in the memory 501 and executed by the processor 502, and the input interface 505 and the output interface 506 perform I/O interface transmission of data to complete the present invention, and one or more modules/units may be a series of computer program instruction segments for describing the execution of the computer program in a computer device, which can perform specific functions. The computer device may be a desktop computer, a notebook, a palm computer, a cloud server, or other computing devices. The computer device may include, but is not limited to, the memory 501 and the processor 502, and those skilled in the art will appreciate that the present embodiment is only an example of the computer device, and does not constitute a limitation of the computer device, and may include more or less components, or combine certain components, or different components, for example, the computer device may further include the input device 507, a network access device, a bus, and the like. The Processor 502 may be a Central Processing Unit (CPU), other general purpose Processor 502, a Digital Signal Processor 502 (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. The general purpose processor 502 may be a microprocessor 502 or the processor 502 may be any conventional processor 502 or the like.
The storage 501 may be an internal storage unit of the computer device, such as a hard disk or a memory of the computer device. The memory 501 may also be an external storage device of the computer device, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), etc. provided on the computer device, further, the memory 501 may also include both an internal storage unit and an external storage device of the computer device, the memory 501 is used for storing computer programs and other programs and data required by the computer device, the memory 501 may also be used for temporarily storing in the output device 508, and the aforementioned storage Media include various Media capable of storing program codes, such as a usb disk, a removable hard disk, a ROM503, a RAM504, a disk, or an optical disk.
The above description is only an embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions within the technical scope of the present invention are intended to be covered by the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.
Claims (10)
1. A method for testing safety protection capability is characterized by comprising the following steps:
determining the network configuration of vulnerability detection nodes according to the network information of the tested environment, and constructing a test cluster taking the vulnerability detection nodes as working nodes;
pulling a preset vulnerability starting script, a shooting range configuration file and a shooting range mirror image into the test cluster to generate a shooting range Pod, and dispatching all test pods into working nodes generated by the vulnerability detection nodes;
starting all bugs and the Pod of the firing ground to perform security testing on the test cluster, and determining whether the test cluster has security protection capability according to a test result.
2. The method for testing safety protection capability of claim 1, wherein before pulling the pre-configured vulnerability boot script, the shooting range configuration file and the shooting range image to the shooting range Pod generated in the test cluster, further comprising:
and executing the cluster basic command to judge whether all the pod in the test cluster is in the running state, if so, the test cluster is healthy, and otherwise, the test cluster is reset.
3. The method for testing safety protection capability according to claim 1, wherein the determining the network configuration of the vulnerability detection node according to the network information of the tested environment and constructing the test cluster with the vulnerability detection node as the working node comprises:
acquiring network information of a detected environment and comparing the network information with the network information of the vulnerability detection node;
when the network information of the tested environment is different from the network information of the vulnerability detection node, changing the network configuration of the vulnerability detection node, and performing health detection on the changed and configured network detection node to determine whether to construct a test cluster;
and when the network information of the tested environment is the same as that of the vulnerability detection node, constructing a test cluster with the vulnerability detection node as a working node.
4. The method for testing safety protection capability according to claim 3, wherein the performing health detection on the network detection node after configuration change to determine whether to construct the test cluster includes:
and judging whether the network detection nodes after configuration change are healthy or not by remotely accessing the polling detection network to detect whether the network requests a response or not, if so, constructing a test cluster taking the network detection nodes after configuration change as working nodes, and otherwise, reconfiguring the network.
5. The method according to claim 3, wherein the network information includes static IP and domain name system information.
6. The method for testing safety protection capability of claim 1, further comprising: and after the test is finished, rolling back to the initial state of the target yard Pod through the snapshot.
7. The method for testing safety protection capability according to claim 1, wherein the starting all vulnerabilities and the Pod at the firing ground to perform safety testing on the test cluster, and determining whether the test cluster has safety protection capability according to a test result comprises:
starting all vulnerabilities, wherein the vulnerabilities comprise a load vulnerability and a non-load vulnerability;
when the vulnerability is a load vulnerability, triggering the effective load of the vulnerability and judging whether the vulnerability is abnormal, if not, the testing cluster has the safety protection capability;
and when the vulnerability is a non-load vulnerability, judging whether a payload request packet sent to a Web safety target range by an external node is intercepted, if so, testing that the cluster has safety protection capability.
8. A safety protection capability testing device is characterized by comprising:
the building module is used for determining the network configuration of the vulnerability detection node according to the network information of the tested environment and building a test cluster taking the vulnerability detection node as a working node;
the calling module is used for pulling a preset vulnerability starting script, a shooting range configuration file and a shooting range mirror image into the test cluster to generate a shooting range Pod cluster, and dispatching all test pods into the working nodes generated by the vulnerability detection nodes;
and the scanning module is used for starting all bugs and the firing ground Pod cluster so as to carry out security test on the test cluster, and determining whether the test cluster has the security protection capability according to the test result.
9. An electronic device comprising a memory and a processor, the memory storing one or more computer instructions, wherein the one or more computer instructions are executed by the processor to implement a method of testing security capability according to any one of claims 1 to 7.
10. A computer-readable storage medium storing a computer program, the computer program causing a computer to implement a method for testing safety protection capability according to any one of claims 1 to 7 when executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211654069.7A CN115643112B (en) | 2022-12-22 | 2022-12-22 | Safety protection capability testing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211654069.7A CN115643112B (en) | 2022-12-22 | 2022-12-22 | Safety protection capability testing method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115643112A true CN115643112A (en) | 2023-01-24 |
| CN115643112B CN115643112B (en) | 2023-04-28 |
Family
ID=84949738
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211654069.7A Active CN115643112B (en) | 2022-12-22 | 2022-12-22 | Safety protection capability testing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115643112B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117459401A (en) * | 2023-09-15 | 2024-01-26 | 永信至诚科技集团股份有限公司 | Method, device, equipment and storage medium for generating network target range environment snapshot |
| CN117478721A (en) * | 2023-12-28 | 2024-01-30 | 北京华云安信息技术有限公司 | Connection method, device, equipment and storage medium for control program |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190095253A1 (en) * | 2017-09-22 | 2019-03-28 | Vmware, Inc. | Cluster updating using temporary update-monitor pod |
| CN111259406A (en) * | 2020-01-14 | 2020-06-09 | 中国传媒大学 | Automatic construction method and system for cloud native application vulnerability reproduction environment |
| CN114036530A (en) * | 2021-11-22 | 2022-02-11 | 中邮信息科技(北京)有限公司 | Kubernetes-based web vulnerability scanning method and device, electronic equipment and medium |
| CN114036523A (en) * | 2021-10-23 | 2022-02-11 | 北京天融信网络安全技术有限公司 | Vulnerability shooting range automatic building method and device based on virtualization technology |
| CN114968470A (en) * | 2021-02-24 | 2022-08-30 | 中国移动通信集团江苏有限公司 | Container detection method and device based on k8s cluster, electronic equipment and storage device |
| CN114996955A (en) * | 2022-06-14 | 2022-09-02 | 北京同创永益科技发展有限公司 | Target range environment construction method and device for cloud-originated chaotic engineering experiment |
-
2022
- 2022-12-22 CN CN202211654069.7A patent/CN115643112B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190095253A1 (en) * | 2017-09-22 | 2019-03-28 | Vmware, Inc. | Cluster updating using temporary update-monitor pod |
| CN111259406A (en) * | 2020-01-14 | 2020-06-09 | 中国传媒大学 | Automatic construction method and system for cloud native application vulnerability reproduction environment |
| CN114968470A (en) * | 2021-02-24 | 2022-08-30 | 中国移动通信集团江苏有限公司 | Container detection method and device based on k8s cluster, electronic equipment and storage device |
| CN114036523A (en) * | 2021-10-23 | 2022-02-11 | 北京天融信网络安全技术有限公司 | Vulnerability shooting range automatic building method and device based on virtualization technology |
| CN114036530A (en) * | 2021-11-22 | 2022-02-11 | 中邮信息科技(北京)有限公司 | Kubernetes-based web vulnerability scanning method and device, electronic equipment and medium |
| CN114996955A (en) * | 2022-06-14 | 2022-09-02 | 北京同创永益科技发展有限公司 | Target range environment construction method and device for cloud-originated chaotic engineering experiment |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117459401A (en) * | 2023-09-15 | 2024-01-26 | 永信至诚科技集团股份有限公司 | Method, device, equipment and storage medium for generating network target range environment snapshot |
| CN117478721A (en) * | 2023-12-28 | 2024-01-30 | 北京华云安信息技术有限公司 | Connection method, device, equipment and storage medium for control program |
| CN117478721B (en) * | 2023-12-28 | 2024-04-12 | 北京华云安信息技术有限公司 | Connection method, device, equipment and storage medium for control program |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115643112B (en) | 2023-04-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110781007B (en) | Task processing method, device, server, client, system and storage medium | |
| CN115643112A (en) | Method and device for testing safety protection capability | |
| US10075455B2 (en) | Zero-day rotating guest image profile | |
| JP6419787B2 (en) | Optimized resource allocation to virtual machines in malware content detection system | |
| CN111262759B (en) | Internet of things platform testing method, device, equipment and storage medium | |
| US11416377B2 (en) | Automated application testing system | |
| CN108256118B (en) | Data processing method, device, system, computing equipment and storage medium | |
| CN109739744B (en) | Test system and method | |
| US20170103200A1 (en) | Log Information Generation Apparatus And Recording Medium, And Log Information Extraction Apparatus And Recording Medium | |
| US8910294B1 (en) | System and method for application failure testing in a cloud computing environment | |
| CN110213121B (en) | Test platform, test method and test device for virtual communication product | |
| US20200244523A1 (en) | Linking multiple enrollments on a client device | |
| CN110119350A (en) | Software Development Kit test method, device and equipment and computer storage medium | |
| CN111258913A (en) | Automatic algorithm testing method and device, computer system and readable storage medium | |
| CN107506295A (en) | Method of testing, equipment and the computer-readable recording medium of virtual machine backup | |
| CN110224897A (en) | Vulnerable network test method, device, mobile device and the storage medium of application program | |
| CN115827111A (en) | Method and device for adjusting server startup items, storage medium and electronic device | |
| CN110618853B (en) | Detection method, device and equipment for zombie container | |
| US8938531B1 (en) | Apparatus, system and method for multi-context event streaming network vulnerability scanner | |
| CN105242981A (en) | Configuration method of Kdump and computer device | |
| CN110083366B (en) | Application running environment generation method and device, computing equipment and storage medium | |
| CN114510381A (en) | Fault injection method, device, equipment and storage medium | |
| CN109240914B (en) | Monitoring management method for security test task and terminal equipment | |
| US11360871B1 (en) | Automatic optimization and hardening of application images | |
| CN115617668A (en) | Compatibility testing method, device and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |