CN116894581A - Method, system, terminal and medium for inspecting enterprise Internet deployment product environment - Google Patents

Method, system, terminal and medium for inspecting enterprise Internet deployment product environment Download PDF

Info

Publication number
CN116894581A
CN116894581A CN202310866986.XA CN202310866986A CN116894581A CN 116894581 A CN116894581 A CN 116894581A CN 202310866986 A CN202310866986 A CN 202310866986A CN 116894581 A CN116894581 A CN 116894581A
Authority
CN
China
Prior art keywords
asset
information
enterprise
fingerprint feature
website address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310866986.XA
Other languages
Chinese (zh)
Inventor
牛彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Inspur Intelligent Technology Co Ltd
Original Assignee
Suzhou Inspur Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Inspur Intelligent Technology Co Ltd filed Critical Suzhou Inspur Intelligent Technology Co Ltd
Priority to CN202310866986.XA priority Critical patent/CN116894581A/en
Publication of CN116894581A publication Critical patent/CN116894581A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/242Query formulation
    • G06F16/2433Query languages
    • G06F16/244Grouping and aggregation

Abstract

The invention relates to the field of enterprise asset investigation, in particular to an enterprise Internet deployment product environment investigation method, an enterprise Internet deployment product environment investigation system, an enterprise Internet deployment product environment investigation terminal and a medium, wherein an asset fingerprint feature library of an enterprise recorded asset is established based on an enterprise recorded asset information table; respectively calling each asset search engine interface to perform aggregation search on the assets, and filling the searched asset information into an enterprise asset scanning table; and performing cross analysis on asset information in the enterprise asset scanning table to establish an asset aggregation table and an asset difference table. Cross-verifying the assets in the asset difference table, and screening out asset information to be determined; and comparing the IP and port information contained in the asset information to be determined with the IP and port information in the asset fingerprint feature library to determine suspicious assets. The invention improves the accuracy and efficiency of the enterprise product investigation.

Description

Method, system, terminal and medium for inspecting enterprise Internet deployment product environment
Technical Field
The invention relates to the field of enterprise asset investigation, in particular to an enterprise Internet deployment product environment investigation method, an enterprise Internet deployment product environment investigation system, a terminal and a medium.
Background
The network asset collection refers to the process of tracking and mastering the condition of the network asset, generally comprises host discovery, operating system identification, service identification and the like, is an important premise for realizing network security management, and has wide application value in network security related work.
With the development of internet technology, internet assets are increasing, and meanwhile, internet assets face more and more network attacks and risks, and the risks of being attacked are increased by deploying enterprise products on the internet. However, due to low security consciousness, partial staff of the enterprise can build product environments in the internet privately under the condition of not recording and auditing to the security departments of the enterprise, and the environments are not normally subjected to security assessment, so that the enterprise is easy to be attacked by the network, the asset management and control difficulty of the enterprise is increased, and the enterprise faces more security risks. The product environment of the enterprise deployed on the Internet is collected, the product environment of the enterprise deployed on the Internet is closed, and the risk of the enterprise being attacked can be effectively reduced.
Currently, with the help of network asset mapping technology, the enterprise can be examined in the product environment deployed on the internet. For network asset mapping, a plurality of methods and tools exist at present, but a single asset searching method or tool has the problems of incomplete scanning results, false reporting of the scanning results, reduced accuracy, low efficiency caused by manual analysis of the scanning results, and the like, and brings inconvenience to the environmental investigation of the enterprise Internet deployment products.
Disclosure of Invention
In order to solve the problems, the invention provides an enterprise Internet deployment product environment investigation method, system, terminal and system, which uses a plurality of asset search tools to carry out aggregation search, and carries out analysis and verification on search results to investigate suspicious assets, thereby improving the accuracy and efficiency of the investigation of the enterprise deployment products in the Internet and reducing the risk of the enterprise being attacked.
In a first aspect, the present invention provides a method for inspecting an environment of an enterprise internet deployment product, including the following steps:
establishing an asset fingerprint feature library of the enterprise recorded assets; the asset fingerprint feature library comprises fingerprint feature information of each recorded asset, wherein the fingerprint feature information comprises standard website product identifiers, standard website address information and standard website home page pictures;
searching the assets by using at least one element of fingerprint feature information in the asset fingerprint feature library as a search condition respectively by using each asset search engine, and filling the asset information searched by each asset search engine into an enterprise asset scanning table; wherein the asset information includes actual website product identification and actual website address information; not less than two asset search engines;
Performing cross analysis and verification on asset information in an enterprise asset scanning table, screening out the asset information of which the actual website address information can be searched by at least two asset search engines and the asset information which corresponds to the actual website product identification and exists in an asset fingerprint feature library is recorded as asset information to be determined;
and comparing the actual website address information contained in the asset information to be determined with the standard website address information in the asset fingerprint feature library, and if the actual website address information contained in the asset information to be determined does not exist in the asset fingerprint feature library, checking the asset information to be determined as suspicious asset.
In an alternative embodiment, establishing an asset fingerprint feature library of the enterprise's recorded assets specifically includes:
inquiring an enterprise recorded asset information table;
extracting fingerprint characteristic information of each asset in the recorded asset information table by means of web crawlers and manual analysis;
and adding the extracted asset fingerprint feature information to an asset fingerprint feature library.
In an optional implementation manner, cross analysis and verification are performed on asset information in an enterprise asset scanning table, the screened actual website address information can be searched by at least two asset search engines, and the asset information which exists in an asset fingerprint feature library corresponding to the actual website product identification is recorded as the asset information to be determined, and the method specifically comprises the following steps:
Screening out asset information of which the actual website address information only appears once in an enterprise asset scanning table and storing the asset information into an asset difference table, and storing the asset information of which the actual website address information appears at least twice into an asset aggregation table;
the initial value of the number of times of the cross analysis is obtained for the address information of each actual website in the asset difference table and the asset aggregation table; wherein the initial value of the number of times of cross analysis is 0;
sequentially extracting all asset information in the asset aggregation table, and comparing the actual website product identifiers contained in the current asset information with standard website product identifiers in the asset fingerprint feature library; the number of times of cross analysis of the actual website address information is increased by 1;
detecting the cross analysis times of the actual website address contained in the current asset information in response to the actual website product identifier contained in the current asset information not being contained in the asset fingerprint feature library;
if the number of times of cross analysis of the actual website address contained in the current asset information is 1, the current asset information is transferred to an asset difference table, otherwise, the current asset information is deleted;
sequentially extracting all asset information in the asset difference table, taking actual website address information contained in the current asset information as input, and calling other asset search engines to search the asset; other asset search engines refer to other asset search engines other than the asset search engine fingerprint to which the current asset information pertains;
If the actual website address information contained in the current asset information can be searched by other asset search engines, the current asset information searched by the other asset search engines is transferred to an asset aggregation table;
if the other asset search engines cannot search the actual website address information contained in the current asset information, deleting the current asset information;
the asset information finally contained in the asset aggregation table is the asset information to be determined.
In an alternative embodiment, the website product identifier includes a website title and a website icon hash value;
correspondingly, the actual website product identifier contained in the current asset information is not contained in the asset fingerprint feature library, which means that the website title and the website icon hash value contained in the current asset information are not contained in the asset fingerprint feature library.
In an optional implementation manner, the asset information in which the actual website address information appears only once is screened out from the enterprise asset scanning table and stored into the asset difference table, and the asset information in which the actual website address information appears at least twice is stored into the asset aggregation table, which specifically comprises:
extracting the actual website address information of the first asset information corresponding to the first asset search engine in the enterprise asset scanning table;
Detecting whether the asset information searched by other asset search engines contains the same actual website address information;
if not, storing the first asset information corresponding to the first asset search engine into an asset difference table; otherwise, storing the first asset information corresponding to the first asset search engine into an asset aggregation table;
and so on until all asset information in the enterprise asset scan table has been traversed.
In an alternative embodiment, the website address information includes website IP address and port information.
In an alternative embodiment, comparing actual website address information contained in the asset information to be determined with standard website address information in the asset fingerprint feature library, and if the actual website address information contained in the asset information to be determined does not exist in the asset fingerprint feature library, checking the corresponding asset information to be determined as suspicious asset, specifically including:
comparing the actual website address information contained in the asset information in the asset aggregation table with the standard website address information in the asset fingerprint feature library;
if the standard website address information in the asset fingerprint feature library does not exist in the asset aggregation table, marking the corresponding asset information as a first type of suspicious asset, and storing the suspicious asset information into an enterprise asset information confirmation table;
If the actual website address information in the asset aggregation table does not exist in the asset fingerprint feature library, marking the corresponding asset information as a second type of suspicious asset, and storing the second type of suspicious asset information into an enterprise asset information confirmation table;
judging whether the website IP address contained in the actual website address information is in an enterprise public network IP network segment or not according to the second type of suspicious assets in the enterprise asset information confirmation table;
if yes, still recording as second-class suspicious assets, otherwise, recording as third-class suspicious assets;
and outputting the final enterprise asset information confirmation table with the suspicious asset class.
In a second aspect, the present invention provides an enterprise internet deployed product environment screening system, comprising,
fingerprint feature library establishment module: establishing an asset fingerprint feature library of the enterprise recorded assets; the asset fingerprint feature library comprises fingerprint feature information of each recorded asset, wherein the fingerprint feature information comprises standard website product identifiers, standard website address information and standard website home page pictures;
asset search module: searching the assets by using at least one element of fingerprint feature information in the asset fingerprint feature library as a search condition respectively by using each asset search engine, and filling the asset information searched by each asset search engine into an enterprise asset scanning table; wherein the asset information includes actual website product identification and actual website address information; not less than two asset search engines;
Asset screening module: performing cross analysis and verification on asset information in an enterprise asset scanning table, screening out the asset information of which the actual website address information can be searched by at least two asset search engines and the asset information which corresponds to the actual website product identification and exists in an asset fingerprint feature library is recorded as asset information to be determined;
asset investigation module: and comparing the actual website address information contained in the asset information to be determined with the standard website address information in the asset fingerprint feature library, and if the actual website address information contained in the asset information to be determined does not exist in the asset fingerprint feature library, checking the asset information to be determined as suspicious asset.
In a third aspect, a technical solution of the present invention provides a terminal, including:
the storage is used for storing an enterprise internet deployment product environment checking program;
and the processor is used for realizing the steps of the enterprise internet deployment product environment checking method when executing the enterprise internet deployment product environment checking program.
In a fourth aspect, the present invention provides a computer readable storage medium, where an enterprise internet deployment product environment checking program is stored, where the enterprise internet deployment product environment checking program when executed by a processor implements the steps of the enterprise internet deployment product environment checking method according to any one of the above.
Compared with the prior art, the method, the device, the terminal and the medium for inspecting the environment of the enterprise Internet deployment product have the following beneficial effects: the fingerprint feature library of the recorded assets of the enterprise is pre-configured, then a plurality of asset searching tools are used for scanning, and the asset information scanned by the plurality of asset searching tools is analyzed and verified by combining with the fingerprint feature library to check out suspicious assets. The invention uses a plurality of asset searching tools to carry out aggregation searching, analyzes and verifies the searching result to find out suspicious assets, improves the accuracy and efficiency of finding out products deployed in the Internet by enterprises, and reduces the risk of the enterprises being attacked. Meanwhile, the invention realizes automatic investigation of suspicious assets without a large amount of manual analysis, and improves the investigation efficiency. In addition, the invention performs asset screening in a mode of performing cross analysis and verification on the scanned information of each asset searching tool, thereby improving screening accuracy and further improving the accuracy and the effectiveness of suspicious asset investigation. Meanwhile, suspicious assets are classified, subsequent processing is facilitated, and processing efficiency is improved.
Drawings
For a clearer description of embodiments of the invention or of the prior art, the drawings that are used in the description of the embodiments or of the prior art will be briefly described, it being apparent that the drawings in the description below are only some embodiments of the invention, and that other drawings can be obtained from them without inventive effort for a person skilled in the art.
Fig. 1 is a schematic flow chart of an enterprise internet product deployment environment investigation method provided by an embodiment of the invention.
Fig. 2 is a schematic flow chart of a principle of an embodiment of an enterprise internet product environment inspection method according to an embodiment of the present invention.
FIG. 3 is a schematic diagram of an enterprise asset analysis flow in the embodiment shown in FIG. 2.
FIG. 4 is a schematic diagram of a suspicious asset screening process for the enterprise of the embodiment shown in FIG. 2.
Fig. 5 is a schematic block diagram of an enterprise internet product environment inspection system according to an embodiment of the present invention.
Fig. 6 is a schematic structural diagram of a terminal according to an embodiment of the present invention.
Detailed Description
In order to better understand the aspects of the present invention, the present invention will be described in further detail with reference to the accompanying drawings and detailed description. It will be apparent that the described embodiments are only some, but not all, embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used herein in the description of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention.
The following explains key terms appearing in the present invention.
URL: uniform Resource Locator the uniform resource locator is a compact representation of the location and access method of resources available on the internet, and is the address of a standard resource on the internet.
Fig. 1 is a schematic flow chart of an enterprise internet product environment inspection method according to an embodiment of the present invention, where the execution body of fig. 1 may be an enterprise internet product environment inspection system. The method for checking the product environment of the enterprise Internet deployment provided by the embodiment of the invention is executed by the computer equipment, and correspondingly, the system for checking the product environment of the enterprise Internet deployment runs in the computer equipment. The order of the steps in the flow chart may be changed and some may be omitted according to different needs.
As shown in fig. 1, the method includes the following steps.
S1, establishing an asset fingerprint feature library of the enterprise recorded assets.
The asset fingerprint feature library comprises fingerprint feature information of each recorded asset, wherein the fingerprint feature information comprises standard website product identification, standard website address information and standard website home page pictures. It should be noted that, the standard website product identifier, the standard website address information, and the standard website top page picture refer to the website product identifier, the website address information, and the website top page picture of the recorded asset, and the website product identifier generally includes a website title and a website icon hash value. The standard website, website address information may be a website specific URL.
The fingerprint feature information is used for uniquely identifying the assets, each asset has one piece of fingerprint feature information, and the fingerprint feature information can contain other information, such as JS files and the like, besides standard website product identification, standard website address information and standard website top page pictures.
S2, searching the assets by using at least one element of fingerprint feature information in the asset fingerprint feature library as a search condition and using each asset search engine, and filling the asset information searched by each asset search engine into an enterprise asset scanning table.
The asset information comprises actual website product identification and actual website address information; there are no fewer than two asset search engines, such as the fofa, quatke, etc.
The actual website product identification and the actual website address information refer to the website product identification and the website address information of the asset actually searched by the asset search engine.
And taking elements of fingerprint characteristic information in the asset fingerprint characteristic library as search conditions, wherein the fingerprint characteristic information comprises a plurality of elements, and a user selects corresponding fingerprint characteristic elements for searching according to the use rules or specifications of each asset search engine.
And S3, performing cross analysis and verification on the asset information in the enterprise asset scanning table, screening out the asset information of which the actual website address information can be searched by at least two asset search engines and the asset information which corresponds to the actual website product identification and exists in the asset fingerprint feature library is recorded as the asset information to be determined.
And screening the asset information by using the actual website address information and the actual website product identifier contained in the asset information, and screening out the asset information to be determined for subsequent investigation, wherein the asset information to be determined refers to the asset information of which the actual website address information can be searched by at least two asset search engines and which corresponds to the actual website product identifier and exists in an asset fingerprint feature library. It should be noted that, since the search condition of the asset search engine is not necessarily the website product identifier, the actual website product identifier searched is not necessarily in the fingerprint feature library.
S4, comparing the actual website address information contained in the asset information to be determined with the standard website address information in the asset fingerprint feature library, and if the actual website address information contained in the asset information to be determined does not exist in the asset fingerprint feature library, checking the asset information to be determined as suspicious asset.
The last step has screened out the actual website product identification and included the asset information in the asset fingerprint feature library, compare the actual website address information of these asset information, if the actual website address information exists in the asset fingerprint feature library, demonstrate the asset is the asset already recorded normally, if the actual website address information does not exist in the asset fingerprint feature library, demonstrate the asset is the suspicious asset, the product has been disposed on the website address not recorded yet.
According to the enterprise Internet deployment product environment checking method, fingerprint feature libraries of recorded assets of enterprises are pre-configured, then multiple asset searching tools are used for scanning, and the asset information scanned by the multiple asset searching tools is analyzed and verified by combining the fingerprint feature libraries to check suspicious assets. In the embodiment, a plurality of asset searching tools are used for conducting aggregation searching, and the searching results are analyzed and verified to find out suspicious assets, so that the accuracy and the efficiency of finding out products deployed in the Internet by enterprises are improved, and the risk of the enterprises being attacked is reduced. Meanwhile, the method and the device realize automatic investigation of suspicious assets without a large amount of manual analysis, and improve investigation efficiency.
In order to further understand the present invention, a specific embodiment is provided below to further explain the present invention in detail, and fig. 2 is a schematic flow chart of the specific embodiment, firstly, an asset fingerprint feature library is built based on an enterprise already-recorded asset information table, then asset aggregation scanning is performed, then assets are analyzed through cross analysis and cross verification, suspicious assets are inspected based on the analyzed results, and finally, an enterprise asset information confirmation table is output.
And step 1, establishing an asset fingerprint feature library.
The method comprises the steps that an enterprise recorded asset information table is filled in by an enterprise recorded asset, the enterprise recorded asset information table is firstly queried to obtain all recorded assets, fingerprint feature information of each recorded asset is extracted through a website crawler and a manual analysis mode, and the extracted asset fingerprint feature information is added to an asset fingerprint feature library.
The fingerprint feature information should be capable of accurately describing enterprise assets, and the fingerprint feature information includes a website product identifier, a website specific address (i.e. website feature URL), a website top page picture, a website JS file and the like, wherein the website identifier can be a website title (title) and a website icon hash (hash) value.
The website specific URL includes website IP address and port information, which are website address information.
And 2, enterprise asset aggregation scanning.
And scanning the enterprise assets by using each asset search engine respectively, and filling asset information extracted by each scanning into an enterprise asset scanning table. The asset information includes actual website product identification and actual website address information.
Specifically, according to different fingerprint features in the asset fingerprint feature library, different asset search engine interfaces, such as fofa, quat and the like, fingerprint combination operation is established by using OR operation or AND operation respectively, enterprise asset aggregation scanning is carried out, and aggregation scanning result analysis is carried out, information such as IP, port, website title, website icon hash value and the like is extracted and stored in an enterprise asset scanning table, and the description needs to be that the enterprise asset scanning table contains asset search engine number information.
It should be noted that the operations used by different asset search engines are different, some asset search engines use "or operation", some asset search engines use "and operation", and the user selects the operation rule and the specific input condition according to the usage rule of the asset search engine.
Because the scanning results of different asset search engine interfaces are different, if information such as a website icon hash value cannot be extracted, relevant interfaces can be extracted by executing a crawler and the like on a scanned website, the website icon hash value is obtained by using a hash calculation tool, and the website icon hash value is stored in an enterprise asset scanning table.
And 3, enterprise asset analysis.
And analyzing the enterprise assets, namely cross analysis and cross verification, and finally screening out the asset information to be determined.
FIG. 3 is a schematic illustration of an enterprise asset analysis flow in this particular embodiment, including the steps of steps S302-S304 being a cross analysis portion and steps S305-S307 being a cross validation portion.
And S300, screening out asset information of which the actual website address information only appears once in the enterprise asset scanning table, storing the asset information of which the actual website address information appears at least twice in the asset aggregation table, and storing the asset information of which the actual website address information appears at least twice in the asset difference table.
The website address information comprises website IP address and port information, firstly, IP and port are analyzed, assets with the same IP and port in any two asset search engine numbers are extracted, the assets are stored in an asset aggregation table, and other assets are stored in an asset difference table.
In an alternative embodiment, the classified storage of asset information is accomplished by the following process: extracting the actual website address information of the first asset information corresponding to the first asset search engine in the enterprise asset scanning table; detecting whether the asset information searched by other asset search engines contains the same actual website address information; if not, storing the first asset information corresponding to the first asset search engine into an asset difference table; otherwise, storing the first asset information corresponding to the first asset search engine into an asset aggregation table; and so on until all asset information in the enterprise asset scan table has been traversed.
S301, the initial value of the number of times of the cross analysis is obtained for each actual website address information in the asset difference table and the asset aggregation table.
Wherein, the initial value of the cross analysis times is 0.
The crossover analysis times are to record the crossover analysis times of asset information containing the same website address information, and each time the crossover analysis is completed, the crossover analysis times are increased by 1.
S302, sequentially extracting all asset information in the asset aggregation table, and comparing the actual website product identifiers contained in the current asset information with standard website product identifiers in the asset fingerprint feature library; and the number of times of cross analysis of the actual website address information is increased by 1.
S303, detecting the cross analysis times of the actual website address contained in the current asset information in response to the actual website product identifier contained in the current asset information not being contained in the asset fingerprint feature library.
The website product identifier includes a website title and a website icon hash value.
The actual website product identifier contained in the current asset information is not contained in the asset fingerprint feature library, which means that the website title and the website icon hash value contained in the current asset information are not contained in the asset fingerprint feature library.
If any one of the website title and the website icon hash value exists in the asset fingerprint feature library, the corresponding asset information is reserved in the asset aggregation table.
S304, if the number of times of cross analysis of the actual website address contained in the current asset information is 1, the current asset information is transferred to an asset difference table, otherwise, the current asset information is deleted.
If the website title and the website icon hash value are not contained in the asset fingerprint feature library, detecting the cross analysis times of the actual website address information contained in the asset information, and if the cross analysis times are 1, the description is the first analysis of the current actual website address, and the asset difference table transferred from the asset information is subjected to cross verification. If the identification is not 1, at most 2, and the second analysis is aimed at the current actual website address, the second analysis or the actual website product identification is not in the asset fingerprint feature library, the current asset information is directly deleted. The second analysis is to transfer the asset information from the asset aggregation table to the asset difference table, and to meet the cross-validation condition in the asset difference table. The asset information transferred again into the asset aggregation table is new asset information obtained by searching using other asset search engines and using the actual website address information contained in the original asset information (i.e., the asset information transferred from the asset aggregation table into the asset difference table) as an input condition. The actual website product identification contained by the new asset information may be different from the actual website product identification contained by the original asset information.
S305, sequentially extracting all asset information in the asset difference table, taking the actual website address information contained in the current asset information as input, and calling other asset search engines to search the asset.
Other asset search engines refer to other asset search engines that are in addition to the asset search engine fingerprint to which the current asset information pertains.
Steps S302-S304 described above are cross-analysis of asset information in the asset aggregation table, and steps S305-S307 are cross-validation of asset information in the asset difference table. Since the asset information searched by the asset search engine is typically the asset information before a period of time that is buffered, the asset information in the asset difference table is searched using the actual website address information as a search condition to verify whether the actual website address survives.
The asset information in the asset difference table contains the initial asset information in the table and the asset information transferred from the asset aggregation table. And for the cross verification of the asset information in the asset difference table, taking the actual website address information contained in the current asset information as input, calling other asset search engines to search for the asset, wherein the other asset search engines refer to other asset search engines except the asset search engine fingerprints to which the current asset information belongs. The asset information transferred from the asset aggregation table is originally searchable by a plurality of asset search engines, and can be transferred to any one of the asset search engines when transferred.
S306, if other asset search engines can search the actual website address information contained in the current asset information, the current asset information searched by the other asset search engines is transferred to an asset aggregation table.
S307, if other asset search engines cannot search the actual website address information contained in the current asset information, deleting the current asset information.
If other asset search engines can search the actual website address information contained in the current asset information, the actual website address information contained in the current asset information is survived, and new current asset information searched by the other asset search engines is transferred to an asset aggregation table for cross analysis again, and the number of times of cross analysis of the actual website address information contained in the asset information is increased.
And finally, the asset information contained in the asset aggregation table is the asset information to be determined through the cross analysis and the cross verification.
And 4, checking suspicious assets of the enterprise.
FIG. 4 is a schematic diagram of the suspicious asset examination flow of the enterprise according to the embodiment, which specifically includes the following steps.
S401, comparing actual website address information contained in the asset information in the asset aggregation table with standard website address information in the asset fingerprint feature library.
S402, if the standard website address information in the asset fingerprint feature library does not exist in the asset aggregation table, the corresponding asset information is marked as a first type suspicious asset, and the suspicious asset information is stored in the enterprise asset information confirmation table.
If the standard website address information in the asset fingerprint library is not present in the asset aggregation table, then the asset service may have been removed from use, noted as a suspicious asset of the first type,
s403, if the actual website address information in the asset aggregation table does not exist in the asset fingerprint feature library, the corresponding asset information is marked as a second type suspicious asset, and the second type suspicious asset is stored in the enterprise asset information confirmation table.
If the actual website address information in the asset aggregate table does not exist in the asset fingerprint feature library, the asset may be a personal deployment service for the employee, marked as a second type of suspicious asset.
S404, judging whether the website IP address contained in the actual website address information is in the enterprise public network IP network segment aiming at the second type suspicious asset in the enterprise asset information confirmation table.
S405, if yes, still recording as suspicious assets of the second type, otherwise, recording as suspicious assets of the third type.
S406, outputting the final enterprise asset information confirmation table with the suspicious asset class.
After the first type of suspicious assets are confirmed, if the service is stopped, the suspicious assets are removed from the enterprise recorded asset information table, after the second type of suspicious assets are confirmed, related service is forbidden or the enterprise recorded asset information table is recorded after recording, the third type of suspicious assets can be client assets or public cloud deployment enterprise assets, if the public cloud deployment enterprise assets are recorded, the enterprise recorded asset information table is recorded after recording, and if the client assets are informed of related security risks of the client.
The embodiment of the method for checking the product environment of the enterprise Internet deployment is described in detail above, and the embodiment of the invention also provides a system for checking the product environment of the enterprise Internet deployment corresponding to the method based on the method for checking the product environment of the enterprise Internet deployment described in the embodiment.
Fig. 5 is a schematic block diagram of an enterprise internet-deployed product environment inspection system according to an embodiment of the present invention, where the enterprise internet-deployed product environment inspection system 500 may be divided into a plurality of functional modules according to functions performed by the system, as shown in fig. 5. The functional module may include: fingerprint feature library establishment module 501, asset search module 502, asset screening module 503, asset screening module 504. The module referred to in the present invention refers to a series of computer program segments capable of being executed by at least one processor and of performing a fixed function, stored in a memory.
Fingerprint feature library creation module 501: establishing an asset fingerprint feature library of the enterprise recorded assets; the asset fingerprint feature library comprises fingerprint feature information of each recorded asset, wherein the fingerprint feature information comprises standard website product identification, standard website address information and standard website home page pictures.
Asset search module 502: searching the assets by using at least one element of fingerprint feature information in the asset fingerprint feature library as a search condition respectively by using each asset search engine, and filling the asset information searched by each asset search engine into an enterprise asset scanning table; wherein the asset information includes actual website product identification and actual website address information; the asset search engine is not less than two.
Asset screening module 503: and carrying out cross analysis and verification on asset information in the enterprise asset scanning table, screening out the asset information of the actual website address information, wherein the asset information which is searched by at least two asset search engines and exists in the asset fingerprint feature library corresponding to the actual website product identification is recorded as the asset information to be determined.
Asset investigation module 504: and comparing the actual website address information contained in the asset information to be determined with the standard website address information in the asset fingerprint feature library, and if the actual website address information contained in the asset information to be determined does not exist in the asset fingerprint feature library, checking the asset information to be determined as suspicious asset.
In an alternative embodiment, fingerprint feature library creation module 501 is specifically configured to query an enterprise record asset information table; extracting fingerprint characteristic information of each asset in the recorded asset information table by means of web crawlers and manual analysis; and adding the extracted asset fingerprint feature information to an asset fingerprint feature library.
In an alternative embodiment, asset screening module 503 is specifically configured to:
screening out asset information of which the actual website address information only appears once in an enterprise asset scanning table and storing the asset information into an asset difference table, and storing the asset information of which the actual website address information appears at least twice into an asset aggregation table;
the initial value of the number of times of the cross analysis is obtained for the address information of each actual website in the asset difference table and the asset aggregation table; wherein the initial value of the number of times of cross analysis is 0;
sequentially extracting all asset information in the asset aggregation table, and comparing the actual website product identifiers contained in the current asset information with standard website product identifiers in the asset fingerprint feature library; the number of times of cross analysis of the actual website address information is increased by 1;
detecting the cross analysis times of the actual website address contained in the current asset information in response to the actual website product identifier contained in the current asset information not being contained in the asset fingerprint feature library;
If the number of times of cross analysis of the actual website address contained in the current asset information is 1, the current asset information is transferred to an asset difference table, otherwise, the current asset information is deleted;
sequentially extracting all asset information in the asset difference table, taking actual website address information contained in the current asset information as input, and calling other asset search engines to search the asset; other asset search engines refer to other asset search engines other than the asset search engine fingerprint to which the current asset information pertains;
if the actual website address information contained in the current asset information can be searched by other asset search engines, the current asset information searched by the other asset search engines is transferred to an asset aggregation table;
and if the other asset search engines cannot search the actual website address information contained in the current asset information, deleting the current asset information.
And finally, the asset information contained in the asset aggregation table is the asset information to be determined.
In an alternative embodiment, the website product identifier includes a website title and a website icon hash value; correspondingly, the actual website product identifier contained in the current asset information is not contained in the asset fingerprint feature library, which means that the website title and the website icon hash value contained in the current asset information are not contained in the asset fingerprint feature library.
In an alternative embodiment, the asset filtering module 503 filters asset information in the enterprise asset scan table, where the asset information with the actual website address information only appears once is stored in the asset difference table, and the asset information with the actual website address information appearing at least twice is stored in the asset aggregation table, which specifically includes:
extracting the actual website address information of the first asset information corresponding to the first asset search engine in the enterprise asset scanning table;
detecting whether the asset information searched by other asset search engines contains the same actual website address information;
if not, storing the first asset information corresponding to the first asset search engine into an asset difference table; otherwise, storing the first asset information corresponding to the first asset search engine into an asset aggregation table;
and so on until all asset information in the enterprise asset scan table has been traversed.
In an alternative embodiment, the website address information includes website IP address and port information.
In an alternative embodiment, asset investigation module 504 is specifically configured to:
comparing the actual website address information contained in the asset information in the asset aggregation table with the standard website address information in the asset fingerprint feature library;
If the standard website address information in the asset fingerprint feature library does not exist in the asset aggregation table, marking the corresponding asset information as a first type of suspicious asset, and storing the suspicious asset information into an enterprise asset information confirmation table;
if the actual website address information in the asset aggregation table does not exist in the asset fingerprint feature library, marking the corresponding asset information as a second type of suspicious asset, and storing the second type of suspicious asset information into an enterprise asset information confirmation table;
judging whether the website IP address contained in the actual website address information is in an enterprise public network IP network segment or not according to the second type of suspicious assets in the enterprise asset information confirmation table;
if yes, still recording as second-class suspicious assets, otherwise, recording as third-class suspicious assets;
and outputting the final enterprise asset information confirmation table with the suspicious asset class.
Because the enterprise internet deployment product environment inspection system of the embodiment is used for implementing the enterprise internet deployment product environment inspection method, the function of the enterprise internet deployment product environment inspection system corresponds to that of the method, and the description is omitted herein.
Fig. 6 is a schematic structural diagram of a terminal 600 according to an embodiment of the present invention, including: processor 610, memory 620, and communication unit 630. The processor 610 is configured to implement the enterprise internet deployment product environment review program stored in the memory 620 by:
Establishing an asset fingerprint feature library of the enterprise recorded assets; the asset fingerprint feature library comprises fingerprint feature information of each recorded asset, wherein the fingerprint feature information comprises standard website product identifiers, standard website address information and standard website home page pictures;
searching the assets by using at least one element of fingerprint feature information in the asset fingerprint feature library as a search condition respectively by using each asset search engine, and filling the asset information searched by each asset search engine into an enterprise asset scanning table; wherein the asset information includes actual website product identification and actual website address information; not less than two asset search engines;
performing cross analysis and verification on asset information in an enterprise asset scanning table, screening out the asset information of which the actual website address information can be searched by at least two asset search engines and the asset information which corresponds to the actual website product identification and exists in an asset fingerprint feature library is recorded as asset information to be determined;
and comparing the actual website address information contained in the asset information to be determined with the standard website address information in the asset fingerprint feature library, and if the actual website address information contained in the asset information to be determined does not exist in the asset fingerprint feature library, checking the asset information to be determined as suspicious asset.
The invention uses a plurality of asset searching tools to carry out aggregation searching, analyzes and verifies the searching result to find out suspicious assets, improves the accuracy and efficiency of finding out products deployed in the Internet by enterprises, and reduces the risk of the enterprises being attacked. Meanwhile, the invention realizes automatic investigation of suspicious assets without a large amount of manual analysis, and improves the investigation efficiency.
The terminal 600 includes a processor 610, a memory 620, and a communication unit 630. The components may communicate via one or more buses, and it will be appreciated by those skilled in the art that the configuration of the server as shown in the drawings is not limiting of the invention, as it may be a bus-like structure, a star-like structure, or include more or fewer components than shown, or may be a combination of certain components or a different arrangement of components.
The memory 620 may be used to store instructions for execution by the processor 610, and the memory 620 may be implemented by any type of volatile or non-volatile memory terminal or combination thereof, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic disk, or optical disk. The execution of the instructions in memory 620, when executed by processor 610, enables terminal 600 to perform some or all of the steps in the method embodiments described below.
The processor 610 is a control center of the storage terminal, connects various parts of the entire electronic terminal using various interfaces and lines, and performs various functions of the electronic terminal and/or processes data by running or executing software programs and/or modules stored in the memory 620, and invoking data stored in the memory. The processor may be comprised of an integrated circuit (Integrated Circuit, simply referred to as an IC), for example, a single packaged IC, or may be comprised of a plurality of packaged ICs connected to the same function or different functions. For example, the processor 610 may include only a central processing unit (Central Processing Unit, simply CPU). In the embodiment of the invention, the CPU can be a single operation core or can comprise multiple operation cores.
A communication unit 630, configured to establish a communication channel, so that the storage terminal can communicate with other terminals. Receiving user data sent by other terminals or sending the user data to other terminals.
The invention also provides a computer storage medium, which can be a magnetic disk, an optical disk, a read-only memory (ROM) or a random access memory (random access memory, RAM) and the like.
The computer storage medium stores an enterprise internet deployment product environment screening program which when executed by the processor performs the steps of:
establishing an asset fingerprint feature library of the enterprise recorded assets; the asset fingerprint feature library comprises fingerprint feature information of each recorded asset, wherein the fingerprint feature information comprises standard website product identifiers, standard website address information and standard website home page pictures;
searching the assets by using at least one element of fingerprint feature information in the asset fingerprint feature library as a search condition respectively by using each asset search engine, and filling the asset information searched by each asset search engine into an enterprise asset scanning table; wherein the asset information includes actual website product identification and actual website address information; not less than two asset search engines;
performing cross analysis and verification on asset information in an enterprise asset scanning table, screening out the asset information of which the actual website address information can be searched by at least two asset search engines and the asset information which corresponds to the actual website product identification and exists in an asset fingerprint feature library is recorded as asset information to be determined;
and comparing the actual website address information contained in the asset information to be determined with the standard website address information in the asset fingerprint feature library, and if the actual website address information contained in the asset information to be determined does not exist in the asset fingerprint feature library, checking the asset information to be determined as suspicious asset.
The invention uses a plurality of asset searching tools to carry out aggregation searching, analyzes and verifies the searching result to find out suspicious assets, improves the accuracy and efficiency of finding out products deployed in the Internet by enterprises, and reduces the risk of the enterprises being attacked. Meanwhile, the invention realizes automatic investigation of suspicious assets without a large amount of manual analysis, and improves the investigation efficiency.
It will be apparent to those skilled in the art that the techniques of embodiments of the present invention may be implemented in software plus a necessary general purpose hardware platform. Based on such understanding, the technical solution in the embodiments of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium such as a U-disc, a mobile hard disc, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk or an optical disk, etc. various media capable of storing program codes, including several instructions for causing a computer terminal (which may be a personal computer, a server, or a second terminal, a network terminal, etc.) to execute all or part of the steps of the method described in the embodiments of the present invention.
In the several embodiments provided by the present invention, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The foregoing disclosure is merely illustrative of the preferred embodiments of the invention and the invention is not limited thereto, since modifications and variations may be made by those skilled in the art without departing from the principles of the invention.

Claims (10)

1. An enterprise internet deployment product environment investigation method is characterized by comprising the following steps:
establishing an asset fingerprint feature library of the enterprise recorded assets; the asset fingerprint feature library comprises fingerprint feature information of each recorded asset, wherein the fingerprint feature information comprises standard website product identifiers, standard website address information and standard website home page pictures;
searching the assets by using at least one element of fingerprint feature information in the asset fingerprint feature library as a search condition respectively by using each asset search engine, and filling the asset information searched by each asset search engine into an enterprise asset scanning table; wherein the asset information includes actual website product identification and actual website address information; not less than two asset search engines;
performing cross analysis and verification on asset information in an enterprise asset scanning table, screening out the asset information of which the actual website address information can be searched by at least two asset search engines and the asset information which corresponds to the actual website product identification and exists in an asset fingerprint feature library is recorded as asset information to be determined;
And comparing the actual website address information contained in the asset information to be determined with the standard website address information in the asset fingerprint feature library, and if the actual website address information contained in the asset information to be determined does not exist in the asset fingerprint feature library, checking the asset information to be determined as suspicious asset.
2. The method for inspecting an enterprise internet deployment product environment according to claim 1, wherein establishing an asset fingerprint feature library of the enterprise-documented asset comprises:
inquiring an enterprise recorded asset information table;
extracting fingerprint characteristic information of each asset in the recorded asset information table by means of web crawlers and manual analysis;
and adding the extracted asset fingerprint feature information to an asset fingerprint feature library.
3. The method for inspecting an enterprise internet deployment product environment according to claim 1 or 2, wherein the cross analysis and verification are performed on the asset information in the enterprise asset scanning table, the screened actual website address information can be searched by at least two asset search engines, and the asset information corresponding to the actual website product identifier and existing in the asset fingerprint feature library is recorded as the asset information to be determined, and the method specifically comprises the following steps:
Screening out asset information of which the actual website address information only appears once in an enterprise asset scanning table and storing the asset information into an asset difference table, and storing the asset information of which the actual website address information appears at least twice into an asset aggregation table;
the initial value of the number of times of the cross analysis is obtained for the address information of each actual website in the asset difference table and the asset aggregation table; wherein the initial value of the number of times of cross analysis is 0;
sequentially extracting all asset information in the asset aggregation table, and comparing the actual website product identifiers contained in the current asset information with standard website product identifiers in the asset fingerprint feature library; the number of times of cross analysis of the actual website address information is increased by 1;
detecting the cross analysis times of the actual website address contained in the current asset information in response to the actual website product identifier contained in the current asset information not being contained in the asset fingerprint feature library;
if the number of times of cross analysis of the actual website address contained in the current asset information is 1, the current asset information is transferred to an asset difference table, otherwise, the current asset information is deleted;
sequentially extracting all asset information in the asset difference table, taking actual website address information contained in the current asset information as input, and calling other asset search engines to search the asset; other asset search engines refer to other asset search engines other than the asset search engine fingerprint to which the current asset information pertains;
If the actual website address information contained in the current asset information can be searched by other asset search engines, the current asset information searched by the other asset search engines is transferred to an asset aggregation table;
if the other asset search engines cannot search the actual website address information contained in the current asset information, deleting the current asset information;
the asset information finally contained in the asset aggregation table is the asset information to be determined.
4. The method of claim 3, wherein the web site product identifier comprises a web site title and a web site icon hash value;
correspondingly, the actual website product identifier contained in the current asset information is not contained in the asset fingerprint feature library, which means that the website title and the website icon hash value contained in the current asset information are not contained in the asset fingerprint feature library.
5. The method for inspecting an environment of an enterprise internet deployment product according to claim 4, wherein asset information in which actual website address information appears only once is stored in the asset difference table, and asset information in which actual website address information appears at least twice is stored in the asset aggregation table, by screening out the asset scan table of the enterprise, comprising:
Extracting the actual website address information of the first asset information corresponding to the first asset search engine in the enterprise asset scanning table;
detecting whether the asset information searched by other asset search engines contains the same actual website address information;
if not, storing the first asset information corresponding to the first asset search engine into an asset difference table; otherwise, storing the first asset information corresponding to the first asset search engine into an asset aggregation table;
and so on until all asset information in the enterprise asset scan table has been traversed.
6. The method of claim 5, wherein the web site address information includes web site IP address and port information.
7. The method for inspecting an enterprise internet deployment product environment according to claim 6, wherein comparing the actual website address information included in the asset information to be determined with the standard website address information in the asset fingerprint feature library, and if the actual website address information included in the asset information to be determined does not exist in the asset fingerprint feature library, inspecting the corresponding asset information to be determined as a suspicious asset, specifically comprising:
Comparing the actual website address information contained in the asset information in the asset aggregation table with the standard website address information in the asset fingerprint feature library;
if the standard website address information in the asset fingerprint feature library does not exist in the asset aggregation table, marking the corresponding asset information as a first type of suspicious asset, and storing the suspicious asset information into an enterprise asset information confirmation table;
if the actual website address information in the asset aggregation table does not exist in the asset fingerprint feature library, marking the corresponding asset information as a second type of suspicious asset, and storing the second type of suspicious asset information into an enterprise asset information confirmation table;
judging whether the website IP address contained in the actual website address information is in an enterprise public network IP network segment or not according to the second type of suspicious assets in the enterprise asset information confirmation table;
if yes, still recording as second-class suspicious assets, otherwise, recording as third-class suspicious assets;
and outputting the final enterprise asset information confirmation table with the suspicious asset class.
8. An enterprise Internet deployment product environment screening system, comprising,
fingerprint feature library establishment module: establishing an asset fingerprint feature library of the enterprise recorded assets; the asset fingerprint feature library comprises fingerprint feature information of each recorded asset, wherein the fingerprint feature information comprises standard website product identifiers, standard website address information and standard website home page pictures;
Asset search module: searching the assets by using at least one element of fingerprint feature information in the asset fingerprint feature library as a search condition respectively by using each asset search engine, and filling the asset information searched by each asset search engine into an enterprise asset scanning table; wherein the asset information includes actual website product identification and actual website address information; not less than two asset search engines;
asset screening module: performing cross analysis and verification on asset information in an enterprise asset scanning table, screening out the asset information of which the actual website address information can be searched by at least two asset search engines and the asset information which corresponds to the actual website product identification and exists in an asset fingerprint feature library is recorded as asset information to be determined;
asset investigation module: and comparing the actual website address information contained in the asset information to be determined with the standard website address information in the asset fingerprint feature library, and if the actual website address information contained in the asset information to be determined does not exist in the asset fingerprint feature library, checking the asset information to be determined as suspicious asset.
9. A terminal, comprising:
the storage is used for storing an enterprise internet deployment product environment checking program;
A processor for implementing the steps of the enterprise internet deployment product environment screening method of any one of claims 1-7 when executing the enterprise internet deployment product environment screening program.
10. A computer readable storage medium, wherein an enterprise internet deployment product environment inspection program is stored on the readable storage medium, which when executed by a processor, implements the steps of the enterprise internet deployment product environment inspection method of any of claims 1-7.
CN202310866986.XA 2023-07-14 2023-07-14 Method, system, terminal and medium for inspecting enterprise Internet deployment product environment Pending CN116894581A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310866986.XA CN116894581A (en) 2023-07-14 2023-07-14 Method, system, terminal and medium for inspecting enterprise Internet deployment product environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310866986.XA CN116894581A (en) 2023-07-14 2023-07-14 Method, system, terminal and medium for inspecting enterprise Internet deployment product environment

Publications (1)

Publication Number Publication Date
CN116894581A true CN116894581A (en) 2023-10-17

Family

ID=88310398

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310866986.XA Pending CN116894581A (en) 2023-07-14 2023-07-14 Method, system, terminal and medium for inspecting enterprise Internet deployment product environment

Country Status (1)

Country Link
CN (1) CN116894581A (en)

Similar Documents

Publication Publication Date Title
CN112491602B (en) Behavior data monitoring method and device, computer equipment and medium
CN103888490A (en) Automatic WEB client man-machine identification method
CN111835756B (en) APP privacy compliance detection method and device, computer equipment and storage medium
CN111339151B (en) Online examination method, device, equipment and computer storage medium
CN113810408B (en) Network attack organization detection method, device, equipment and readable storage medium
CN113132311A (en) Abnormal access detection method, device and equipment
CN114003794A (en) Asset collection method, device, electronic equipment and medium
CN111488594A (en) Authority checking method and device based on cloud server, storage medium and terminal
CN110083581A (en) A kind of method, apparatus, storage medium and the computer equipment of log retrospect
CN112528295B (en) Vulnerability restoration method and device for industrial control system
CN112433936A (en) Test method, test device and storage medium
CN115766258B (en) Multi-stage attack trend prediction method, equipment and storage medium based on causal relationship graph
CN112685255A (en) Interface monitoring method and device, electronic equipment and storage medium
CN111046382A (en) Database auditing method, device, storage medium and device
CN111046393A (en) Vulnerability information uploading method and device, terminal equipment and storage medium
CN116894581A (en) Method, system, terminal and medium for inspecting enterprise Internet deployment product environment
CN111241547A (en) Detection method, device and system for unauthorized vulnerability
CN114003916A (en) Method, system, terminal and storage medium for testing WEB role longitudinal override vulnerability
CN112347328A (en) Network platform identification method, device, equipment and readable storage medium
WO2023073952A1 (en) Security analysis device, security analysis method, and computer-readable recording medium
JP2019128616A (en) Evaluation program, evaluation method and information processing device
CN115187250B (en) Detection method, terminal and storage medium for ether house privacy transaction
CN116527303B (en) Industrial control equipment information extraction method and device based on marked flow comparison
US20230418939A1 (en) Method for managing externally imported files, apparatus for the same, computer program for the same, and recording medium storing computer program thereof
CN117272308A (en) Software security test method, device, equipment, storage medium and program product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination