CN116933265A - Vulnerability detection method and device, electronic equipment and storage medium - Google Patents

Vulnerability detection method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN116933265A
CN116933265A CN202310629166.9A CN202310629166A CN116933265A CN 116933265 A CN116933265 A CN 116933265A CN 202310629166 A CN202310629166 A CN 202310629166A CN 116933265 A CN116933265 A CN 116933265A
Authority
CN
China
Prior art keywords
vulnerability
asset
information
matching
component
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310629166.9A
Other languages
Chinese (zh)
Inventor
吴一洲
刘玉权
李蒗
苏浩
高霞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing Communication Industry Services Co ltd
Co Ltd Of Telecommunications Planning And Design Institute Hainan
Fujian Post & Telecom Planning Designing Co ltd
Guangxi Zhuang Autonomous Region Communication Industry Service Co ltd
Guizhou Communication Industry Service Co ltd
Hubei Xinchan Communication Service Co ltd
HUNAN PROVINCIAL COMMUNICATIONS CONSTRUCTION CO Ltd
Jiangxi Planning & Designing Institute Of Posts & Telecommunications Ltd
Post And Telecommunications Planning Consulting And Design Branch Of Gansu Communication Industry Service Co ltd
Qinghai Communication Service Co ltd
Shaanxi Telecommunications And Designing Institute Co ltd
Shanghai Posts & Telecommunications Designing Consulting Institute Co ltd
Xinjiang Uygur Autonomous Region Communications Industry Service Co ltd
Yunnan Communication Industry Service Co ltd
China International Telecommunication Construction Corp
Zhejiang Communications Services Co Ltd
China Communications Services Corp Ltd
Anhui Communications Services Co Ltd
Jiangsu Communications Services Co Ltd
Ningxia Hui Autonomous Region Communications Industrial Services Co Ltd
Guangdong Planning and Designing Institute of Telecommunications Co Ltd
China Comservice Enrising Information Technology Co Ltd
Original Assignee
Chongqing Communication Industry Services Co ltd
Co Ltd Of Telecommunications Planning And Design Institute Hainan
Fujian Post & Telecom Planning Designing Co ltd
Guangxi Zhuang Autonomous Region Communication Industry Service Co ltd
Guizhou Communication Industry Service Co ltd
Hubei Xinchan Communication Service Co ltd
HUNAN PROVINCIAL COMMUNICATIONS CONSTRUCTION CO Ltd
Jiangxi Planning & Designing Institute Of Posts & Telecommunications Ltd
Post And Telecommunications Planning Consulting And Design Branch Of Gansu Communication Industry Service Co ltd
Qinghai Communication Service Co ltd
Shaanxi Telecommunications And Designing Institute Co ltd
Shanghai Posts & Telecommunications Designing Consulting Institute Co ltd
Xinjiang Uygur Autonomous Region Communications Industry Service Co ltd
Yunnan Communication Industry Service Co ltd
China International Telecommunication Construction Corp
Zhejiang Communications Services Co Ltd
China Communications Services Corp Ltd
Anhui Communications Services Co Ltd
Jiangsu Communications Services Co Ltd
Ningxia Hui Autonomous Region Communications Industrial Services Co Ltd
Guangdong Planning and Designing Institute of Telecommunications Co Ltd
China Comservice Enrising Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing Communication Industry Services Co ltd, Co Ltd Of Telecommunications Planning And Design Institute Hainan, Fujian Post & Telecom Planning Designing Co ltd, Guangxi Zhuang Autonomous Region Communication Industry Service Co ltd, Guizhou Communication Industry Service Co ltd, Hubei Xinchan Communication Service Co ltd, HUNAN PROVINCIAL COMMUNICATIONS CONSTRUCTION CO Ltd, Jiangxi Planning & Designing Institute Of Posts & Telecommunications Ltd, Post And Telecommunications Planning Consulting And Design Branch Of Gansu Communication Industry Service Co ltd, Qinghai Communication Service Co ltd, Shaanxi Telecommunications And Designing Institute Co ltd, Shanghai Posts & Telecommunications Designing Consulting Institute Co ltd, Xinjiang Uygur Autonomous Region Communications Industry Service Co ltd, Yunnan Communication Industry Service Co ltd, China International Telecommunication Construction Corp, Zhejiang Communications Services Co Ltd, China Communications Services Corp Ltd, Anhui Communications Services Co Ltd, Jiangsu Communications Services Co Ltd, Ningxia Hui Autonomous Region Communications Industrial Services Co Ltd, Guangdong Planning and Designing Institute of Telecommunications Co Ltd, China Comservice Enrising Information Technology Co Ltd filed Critical Chongqing Communication Industry Services Co ltd
Priority to CN202310629166.9A priority Critical patent/CN116933265A/en
Publication of CN116933265A publication Critical patent/CN116933265A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Abstract

The application discloses a vulnerability detection method, a vulnerability detection device, electronic equipment and a storage medium. The method comprises the following steps: acquiring asset fingerprint information, matching the asset fingerprint information with a fingerprint library through an asset scanning engine to obtain asset component information, obtaining an asynchronous vulnerability matching task according to the asset component information, sending the asynchronous vulnerability matching task to a vulnerability matching engine for matching, judging whether a vulnerability exists, if not, not processing, if not, obtaining a vulnerability result, and establishing effective association between the asset fingerprint and the vulnerability information library by maintaining the asset fingerprint and the vulnerability information library, wherein in the asset discovery process, the capability of predicting asset risk can be realized, the risk assessment efficiency and accuracy of the network space asset are greatly improved, and the method can be widely applied to network security systems and network asset space mapping platforms needing asset risk assessment.

Description

Vulnerability detection method and device, electronic equipment and storage medium
Technical Field
The present application relates to the field of data processing and data transmission, and in particular, to a vulnerability detection method, a vulnerability detection device, an electronic device, and a storage medium.
Background
Traditional asset risk assessment systems are also based on scripts, i.e., for each asset component vulnerability risk, written to detect and match whether the asset characteristics match the component characteristics of the vulnerability to predict asset risk. According to the traditional scheme, the coupling degree is high, the detection efficiency is low, time and effort are consumed in writing the detection script, and therefore the vulnerability assessment coverage is incomplete, and the latest vulnerability is difficult to respond. In addition, the network asset data is huge, and all the assets are difficult to evaluate in a short period by using the traditional asset risk evaluation method, so that the practical combat value is lacked.
Therefore, the prior art has defects, and improvement is needed.
Disclosure of Invention
In view of the above problems, the present application aims to provide a vulnerability detection method, a vulnerability detection device, an electronic device and a storage medium, which can more efficiently and accurately evaluate risk of network space assets.
The first aspect of the present application provides a vulnerability detection method, including:
acquiring asset fingerprint information;
judging whether the asset fingerprint information is changed or not;
if not, not processing, if yes, sending the changed asset fingerprint information to an asset scanning engine to obtain asset component information and storing the asset component information into an asset component information base;
obtaining a vulnerability matching task according to the asset component information;
and sending the vulnerability matching task to a vulnerability matching engine for matching to obtain a vulnerability scanning result.
In this scheme, before obtaining the asset fingerprint information, still include:
obtaining vulnerability information;
judging whether the vulnerability information is changed or not;
if not, the processing is not performed, and if yes, the change vulnerability information is sent to a vulnerability matching engine.
In this scheme, before judging whether change takes place to the asset fingerprint information, still include:
acquiring asset fingerprint information;
correlating the asset fingerprint information with vulnerability component information to obtain vulnerability component characteristic correlation information;
storing the vulnerability component characteristic association information to a vulnerability component association library;
wherein, the association comprises automatic association and manual association.
In this scheme, before the vulnerability matching task is sent to the vulnerability matching engine to match, the method further includes:
acquiring an issuing vulnerability matching task;
and sending the issued vulnerability matching task to a vulnerability matching engine for matching to obtain a vulnerability scanning result.
In this scheme, still include:
the system comprises a basic information base and a result base.
The second aspect of the application provides a leak detection device. The device comprises:
the information collection module is used for vulnerability collection service, fingerprint collection service and vulnerability component association service;
the scanning engine module comprises an asset scanning engine and a vulnerability matching engine, wherein the asset scanning engine is used for analyzing asset fingerprint information to obtain asset component information, and the vulnerability matching engine is used for matching vulnerability component characteristics to obtain a vulnerability result;
the output module is used for sending the asset component information to a vulnerability matching engine and storing the vulnerability result into a vulnerability result library;
the storage module is used for storing vulnerability information, fingerprint information, vulnerability component characteristic associated information, asset component information and vulnerability results.
In this scheme, before obtaining the asset fingerprint information, still include:
obtaining vulnerability information;
judging whether the vulnerability information is changed or not;
if not, the processing is not performed, and if yes, the change vulnerability information is sent to a vulnerability matching engine.
In this scheme, before judging whether change takes place to the asset fingerprint information, still include:
acquiring asset fingerprint information;
correlating the asset fingerprint information with vulnerability component information to obtain vulnerability component characteristic correlation information;
storing the vulnerability component characteristic association information to a vulnerability component association library;
wherein, the association comprises automatic association and manual association.
In this scheme, before the vulnerability matching task is sent to the vulnerability matching engine to match, the method further includes:
acquiring an issuing vulnerability matching task;
and sending the issued vulnerability matching task to a vulnerability matching engine for matching to obtain a vulnerability scanning result.
In this scheme, still include:
the system comprises a basic information base and a result base.
In a third aspect of the present disclosure, an electronic device is provided. The electronic device includes: a memory and a processor, the memory having stored thereon a computer program, the processor implementing the method as described above when executing the program.
In a fourth aspect of the present disclosure, there is provided a computer readable storage medium having stored thereon a computer program which when executed by a processor implements a method as according to the first aspect of the present disclosure.
The application discloses a vulnerability detection method, a vulnerability detection device, electronic equipment and a storage medium. Acquiring asset fingerprint information, matching the asset fingerprint information with a fingerprint library through an asset scanning engine to obtain asset component information, obtaining an asynchronous vulnerability matching task according to the asset component information, sending the asynchronous vulnerability matching task to a vulnerability matching engine for matching, judging whether a vulnerability exists, if not, not processing, if not, obtaining a vulnerability result, and establishing effective association between the asset fingerprint and the vulnerability information library by maintaining the asset fingerprint and the vulnerability information library, wherein in the asset discovery process, the capability of predicting asset risk can be realized, the risk assessment efficiency and accuracy of the network space asset are greatly improved, and the method can be widely applied to network security systems and network asset space mapping platforms needing asset risk assessment.
Drawings
FIG. 1 is a flow chart of a vulnerability detection method of the present application;
FIG. 2 illustrates a process flow diagram of vulnerability information according to an embodiment of the disclosure;
FIG. 3 illustrates a vulnerability component association flow diagram in accordance with an embodiment of the disclosure;
fig. 4 illustrates a system block diagram of an exemplary apparatus capable of implementing embodiments of the present disclosure.
Fig. 5 shows a scheme of a vulnerability detection method of the present disclosure.
Detailed Description
In order that the above-recited objects, features and advantages of the present application will be more clearly understood, a more particular description of the application will be rendered by reference to the appended drawings and appended detailed description. It should be noted that, without conflict, the embodiments of the present application and features in the embodiments may be combined with each other.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present application, however, the present application may be practiced in other ways than those described herein, and therefore the scope of the present application is not limited to the specific embodiments disclosed below.
FIG. 1 illustrates a flow chart of an efficient network asset risk assessment method of the present application.
As shown in fig. 1, the application discloses a vulnerability detection method, which comprises the following steps:
s102, acquiring asset fingerprint information;
s104, judging whether the asset fingerprint information is changed or not;
s106, if not, processing is not performed, if yes, the changed asset fingerprint information is sent to an asset scanning engine, asset component information is obtained, and the asset component information is stored in an asset component information base;
s108, obtaining a vulnerability matching task according to the asset component information;
s110, the vulnerability matching task is sent to a vulnerability matching engine to be matched, and a vulnerability scanning result is obtained.
According to the embodiment of the application, the asset fingerprint collection service is mainly used for collecting fingerprints and verifying the validity of the Internet asset components, so that the collected fingerprints can be ensured to identify asset component information (information such as CPE, component name, manufacturer, version number and the like). When the fingerprint of the asset is changed, the change information is pushed to the asset scanning engine in real time, so that the asset scanning engine can be matched with the asset information of the corresponding fingerprint which is newly input. When a user issues an instant or periodic asset scanning task, an asset scanning engine acquires asset fingerprints and a fingerprint library to be matched by using plug-in technologies such as nmap, masscan, whatweb and crawlers, stores matched component information into an asset component information library, issues an asynchronous vulnerability matching task to a vulnerability matching engine to perform vulnerability matching, and stores matched vulnerability results into a vulnerability result library. According to the scheme, the asset scanning engine is decoupled from the fingerprint library, and the vulnerability matching engine is decoupled from the vulnerability library. When new asset components or vulnerability information appears, the new asset components can be scanned and whether the components have vulnerabilities can be timely evaluated by only maintaining a fingerprint database, a vulnerability database and a vulnerability component characteristic association database. Thereby adapting to the internet to continuously update the changed asset information and vulnerability information.
According to an embodiment of the present application, before the acquiring the asset fingerprint information, the method further includes:
s202, obtaining vulnerability information;
s204, judging whether the vulnerability information is changed or not;
s206, if not, processing is not performed, and if yes, the change vulnerability information is sent to a vulnerability matching engine.
It should be noted that, the vulnerability collection service mainly collects vulnerability information (cve number, vulnerability name, risk level, vulnerability description, vulnerability solution, affected CPE information, affected component name, vendor, version number, etc.) through crawler technology from the official network such as CVE, CNVD, CNNVD. When the vulnerability information is changed, the changed vulnerability information is pushed to a vulnerability matching engine so that the vulnerability matching engine can match the latest vulnerability.
According to an embodiment of the present application, before determining whether the change occurs to the asset fingerprint information, the method further includes:
s302, acquiring asset fingerprint information;
s304, associating the asset fingerprint information with vulnerability component information to obtain vulnerability component feature association information;
s306, storing the vulnerability component characteristic association information to a vulnerability component association library;
it should be noted that, through the vulnerability component association, the automatic association and the manual association of the component features and the fingerprint features are realized. The automatic association is realized mainly through CPE information, and the manual association is realized through manually inputting the association relation between the vulnerability component characteristics (component name, manufacturer and version number) and the fingerprint for the component characteristics without CPE information.
According to an embodiment of the present application, before the vulnerability matching task is sent to the vulnerability matching engine to match, the method further includes:
acquiring an issuing vulnerability matching task;
and sending the issued vulnerability matching task to a vulnerability matching engine for matching to obtain a vulnerability scanning result.
It should be noted that, the user may also perform full-scale vulnerability matching on the selected asset range by issuing an instant or periodic offline vulnerability matching task, and store the matched vulnerability result into the vulnerability result library.
According to an embodiment of the present application, further comprising:
the system comprises a basic information base and a result base.
It should be noted that, the basic information base mainly stores vulnerability information, component fingerprint information and vulnerability component feature associated information. Providing basic data support for the scan engine. The result library mainly stores asset information scanned by the asset scanning engine and component vulnerability result information matched by the vulnerability matching engine.
The foregoing is a description of embodiments of the method, and the following further describes embodiments of the present disclosure through examples of apparatus.
Fig. 4 shows a block diagram of a vulnerability detection apparatus according to an embodiment of the disclosure.
As shown in fig. 4, a second aspect of the application provides an apparatus. The device comprises:
the information collection module is used for vulnerability collection service, fingerprint collection service and vulnerability component association service;
the scanning engine module comprises an asset scanning engine and a vulnerability matching engine, wherein the asset scanning engine is used for analyzing asset fingerprint information to obtain asset component information, and the vulnerability matching engine is used for matching vulnerability component characteristics to obtain a vulnerability result;
the output module is used for sending the asset component information to a vulnerability matching engine and storing the vulnerability result into a vulnerability result library;
the storage module is used for storing vulnerability information, fingerprint information, vulnerability component characteristic associated information, asset component information and vulnerability results.
According to the embodiment of the application, the asset fingerprint collection service is mainly used for collecting fingerprints and verifying the validity of the Internet asset components, so that the collected fingerprints can be ensured to identify asset component information (information such as CPE, component name, manufacturer, version number and the like). When the fingerprint of the asset is changed, the change information is pushed to the asset scanning engine in real time, so that the asset scanning engine can be matched with the asset information of the corresponding fingerprint which is newly input. When a user issues an instant or periodic asset scanning task, an asset scanning engine acquires asset fingerprints and a fingerprint library to be matched by using plug-in technologies such as nmap, masscan, whatweb and crawlers, stores matched component information into an asset component information library, issues an asynchronous vulnerability matching task to a vulnerability matching engine to perform vulnerability matching, and stores matched vulnerability results into a vulnerability result library. The asset scanning engine is mainly used for matching the acquired asset fingerprints with a fingerprint library through plug-in technologies such as nmap, masscan, whatweb and crawlers aiming at asset scanning tasks configured by users, and further identifying component information. And saving the asset component information to an asset component information base. And simultaneously asynchronously issuing the online vulnerability matching task of the component. The vulnerability matching engine is used for performing feature matching of vulnerability components mainly aiming at an asset scanning task configured by a user and an online vulnerability matching task issued by the asset scanning engine, further judging whether the vulnerability exists in the asset components, and storing component information and vulnerability information with the vulnerability into a vulnerability result library. And the information collection module comprises a vulnerability collection service, a fingerprint collection service and a vulnerability component association service. According to the scheme, the asset scanning engine is decoupled from the fingerprint library, and the vulnerability matching engine is decoupled from the vulnerability library. When new asset components or vulnerability information appears, the new asset components can be scanned and whether the components have vulnerabilities can be timely evaluated by only maintaining a fingerprint database, a vulnerability database and a vulnerability component characteristic association database. Thereby adapting to the internet to continuously update the changed asset information and vulnerability information.
According to an embodiment of the present application, before the acquiring the asset fingerprint information, the method further includes:
obtaining vulnerability information;
judging whether the vulnerability information is changed or not;
if not, the processing is not performed, and if yes, the change vulnerability information is sent to a vulnerability matching engine.
It should be noted that, the vulnerability collection service mainly collects vulnerability information (cve number, vulnerability name, risk level, vulnerability description, vulnerability solution, affected CPE information, affected component name, vendor, version number, etc.) through crawler technology from the official network such as CVE, CNVD, CNNVD. When the vulnerability information is changed, the changed vulnerability information is pushed to a vulnerability matching engine so that the vulnerability matching engine can match the latest vulnerability.
According to an embodiment of the present application, before determining whether the change occurs to the asset fingerprint information, the method further includes:
acquiring asset fingerprint information;
correlating the asset fingerprint information with vulnerability component information to obtain vulnerability component characteristic correlation information;
storing the vulnerability component characteristic association information to a vulnerability component association library;
it should be noted that, through the vulnerability component association, the automatic association and the manual association of the component features and the fingerprint features are realized. The automatic association is realized mainly through CPE information, and the manual association is realized through manually inputting the association relation between the vulnerability component characteristics (component name, manufacturer and version number) and the fingerprint for the component characteristics without CPE information.
According to an embodiment of the present application, before the vulnerability matching task is sent to the vulnerability matching engine to match, the method further includes:
acquiring an issuing vulnerability matching task;
and sending the issued vulnerability matching task to a vulnerability matching engine for matching to obtain a vulnerability scanning result.
It should be noted that, the user may also perform full-scale vulnerability matching on the selected asset range by issuing an instant or periodic offline vulnerability matching task, and store the matched vulnerability result into the vulnerability result library.
According to an embodiment of the present application, further comprising:
the system comprises a basic information base and a result base.
It should be noted that, the basic information base mainly stores vulnerability information, component fingerprint information and vulnerability component feature associated information. Providing basic data support for the scan engine. The result library mainly stores asset information scanned by the asset scanning engine and component vulnerability result information matched by the vulnerability matching engine.
In a third aspect of the present disclosure, an electronic device is provided. The electronic device includes: a memory and a processor, the memory having stored thereon a computer program, the processor implementing the method as described above when executing the program.
In a fourth aspect of the present disclosure, there is provided a computer readable storage medium having stored thereon a computer program which when executed by a processor implements a method as according to the first aspect of the present disclosure.
The application discloses a vulnerability detection method, a vulnerability detection device, electronic equipment and a readable storage medium. Acquiring asset fingerprint information, matching the asset fingerprint information with a fingerprint library through an asset scanning engine to obtain asset component information, obtaining an asynchronous vulnerability matching task according to the asset component information, sending the asynchronous vulnerability matching task to a vulnerability matching engine for matching, judging whether a vulnerability exists, if not, not processing, if not, obtaining a vulnerability result, and establishing effective association between the asset fingerprint and the vulnerability information library by maintaining the asset fingerprint and the vulnerability information library, wherein in the asset discovery process, the capability of predicting asset risk can be realized, the risk assessment efficiency and accuracy of the network space asset are greatly improved, and the method can be widely applied to network security systems and network asset space mapping platforms needing asset risk assessment.
In the several embodiments provided by the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above described device embodiments are only illustrative, e.g. the division of the units is only one logical function division, and there may be other divisions in practice, such as: multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. In addition, the various components shown or discussed may be coupled or directly coupled or communicatively coupled to each other via some interface, whether indirectly coupled or communicatively coupled to devices or units, whether electrically, mechanically, or otherwise.
The units described above as separate components may or may not be physically separate, and components shown as units may or may not be physical units; can be located in one place or distributed to a plurality of network units; some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may be separately used as one unit, or two or more units may be integrated in one unit; the integrated units may be implemented in hardware or in hardware plus software functional units.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware related to program instructions, and the foregoing program may be stored in a computer readable storage medium, where the program, when executed, performs steps including the above method embodiments; and the aforementioned storage medium includes: a mobile storage device, a Read-only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk or an optical disk, or the like, which can store program codes.
Alternatively, the above-described integrated units of the present application may be stored in a computer-readable storage medium if implemented in the form of software functional modules and sold or used as separate products. Based on such understanding, the technical solutions of the embodiments of the present application may be embodied in essence or a part contributing to the prior art in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a removable storage device, ROM, RAM, magnetic or optical disk, or other medium capable of storing program code.

Claims (8)

1. A vulnerability detection method, comprising:
acquiring asset fingerprint information;
judging whether the asset fingerprint information is changed or not;
if not, not processing, if yes, sending the changed asset fingerprint information to an asset scanning engine to obtain asset component information and storing the asset component information into an asset component information base;
obtaining a vulnerability matching task according to the asset component information;
and sending the vulnerability matching task to a vulnerability matching engine for matching to obtain a vulnerability scanning result.
2. The method of claim 1, wherein prior to obtaining the asset fingerprint information, further comprising:
obtaining vulnerability information;
judging whether the vulnerability information is changed or not;
if not, the processing is not performed, and if yes, the change vulnerability information is sent to a vulnerability matching engine.
3. The method of claim 1, wherein the determining of the asset fingerprint information, before the change, further comprises:
acquiring asset fingerprint information;
correlating the asset fingerprint information with vulnerability component information to obtain vulnerability component characteristic correlation information;
storing the vulnerability component characteristic association information to a vulnerability component association library;
wherein, the association comprises automatic association and manual association.
4. The method of claim 1, wherein the sending the vulnerability matching task to a vulnerability matching engine for matching, before obtaining the vulnerability scanning result, further comprises:
acquiring an issuing vulnerability matching task;
and sending the issued vulnerability matching task to a vulnerability matching engine for matching to obtain a vulnerability scanning result.
5. The method according to claim 1, characterized in that it comprises:
the system comprises a basic information base and a result base.
6. A vulnerability detection apparatus comprising:
the information collection module is used for acquiring asset fingerprint information and vulnerability information;
the scanning engine module is used for analyzing the asset fingerprint information to obtain a vulnerability result;
the output module is used for storing the vulnerability result into a vulnerability result library;
the storage module is used for storing vulnerability information, fingerprint information, vulnerability component characteristic associated information, asset component information and vulnerability results.
7. An electronic device, comprising:
at least one processor; and a memory communicatively coupled to the at least one processor;
wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-5.
8. A non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the method of any one of claims 1-5.
CN202310629166.9A 2023-05-30 2023-05-30 Vulnerability detection method and device, electronic equipment and storage medium Pending CN116933265A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310629166.9A CN116933265A (en) 2023-05-30 2023-05-30 Vulnerability detection method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310629166.9A CN116933265A (en) 2023-05-30 2023-05-30 Vulnerability detection method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN116933265A true CN116933265A (en) 2023-10-24

Family

ID=88376401

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310629166.9A Pending CN116933265A (en) 2023-05-30 2023-05-30 Vulnerability detection method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116933265A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117376037A (en) * 2023-12-08 2024-01-09 山东星维九州安全技术有限公司 Method, device and storage medium for classifying and scanning network assets

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117376037A (en) * 2023-12-08 2024-01-09 山东星维九州安全技术有限公司 Method, device and storage medium for classifying and scanning network assets
CN117376037B (en) * 2023-12-08 2024-02-23 山东星维九州安全技术有限公司 Method, device and storage medium for classifying and scanning network assets

Similar Documents

Publication Publication Date Title
CN112637159A (en) Network asset scanning method, device and equipment based on active detection technology
CN112182588B (en) Threat information-based operating system vulnerability analysis and detection method and system
CN111401416A (en) Abnormal website identification method and device and abnormal countermeasure identification method
CN113259392B (en) Network security attack and defense method, device and storage medium
CN111104579A (en) Identification method and device for public network assets and storage medium
CN113032792A (en) System service vulnerability detection method, system, equipment and storage medium
CN112733045B (en) User behavior analysis method and device and electronic equipment
CN112818352B (en) Database detection method and device, storage medium and electronic device
CN116933265A (en) Vulnerability detection method and device, electronic equipment and storage medium
CN112491874A (en) Network asset management method and device and related equipment
CN114329448A (en) System security detection method and device, electronic equipment and storage medium
CN111985192A (en) Web attack report generation method, device, equipment and computer medium
CN112307464A (en) Fraud identification method and device and electronic equipment
KR20190099816A (en) Method and system for detecting counterfeit of web page
CN113987508A (en) Vulnerability processing method, device, equipment and medium
KR20180060616A (en) RBA based integrated weak point diagnosis method
CN111371581A (en) Method, device, equipment and medium for detecting business abnormity of Internet of things card
CN110233848B (en) Asset situation analysis method and device
CN116015800A (en) Scanner identification method and device, electronic equipment and storage medium
CN110691090A (en) Website detection method, device, equipment and storage medium
CN112347457A (en) Abnormal account detection method and device, computer equipment and storage medium
CN115643044A (en) Data processing method, device, server and storage medium
CN113806736B (en) Vulnerability detection method, system and storage medium based on mimicry intrusion
CN113297583B (en) Vulnerability risk analysis method, device, equipment and storage medium
CN113660227B (en) Quantitative calculation method and device for network security vulnerability assessment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination