CN116975856B - Safety management method and system of API (application program interface) - Google Patents
Safety management method and system of API (application program interface) Download PDFInfo
- Publication number
- CN116975856B CN116975856B CN202311228169.8A CN202311228169A CN116975856B CN 116975856 B CN116975856 B CN 116975856B CN 202311228169 A CN202311228169 A CN 202311228169A CN 116975856 B CN116975856 B CN 116975856B
- Authority
- CN
- China
- Prior art keywords
- information
- type
- matched
- api
- preset
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000007726 management method Methods 0.000 title claims abstract description 32
- 238000000034 method Methods 0.000 claims abstract description 56
- 238000001914 filtration Methods 0.000 claims abstract description 8
- 238000002347 injection Methods 0.000 claims description 40
- 239000007924 injection Substances 0.000 claims description 40
- 238000013475 authorization Methods 0.000 claims description 30
- 238000003860 storage Methods 0.000 claims description 11
- 238000004458 analytical method Methods 0.000 claims description 7
- 230000008859 change Effects 0.000 claims description 5
- 230000006399 behavior Effects 0.000 claims description 4
- 238000001514 detection method Methods 0.000 claims description 4
- 238000004519 manufacturing process Methods 0.000 claims description 4
- 238000012795 verification Methods 0.000 claims description 4
- 239000008186 active pharmaceutical agent Substances 0.000 claims 60
- 230000001681 protective effect Effects 0.000 claims 2
- 238000012544 monitoring process Methods 0.000 abstract description 3
- 230000006870 function Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 7
- 230000008901 benefit Effects 0.000 description 6
- 238000004590 computer program Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 238000012545 processing Methods 0.000 description 5
- 230000009471 action Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 4
- 238000011161 development Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 239000000203 mixture Substances 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000004075 alteration Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000005728 strengthening Methods 0.000 description 2
- 238000007792 addition Methods 0.000 description 1
- 230000003542 behavioural effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000000354 decomposition reaction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000006798 recombination Effects 0.000 description 1
- 238000005215 recombination Methods 0.000 description 1
- 238000012502 risk assessment Methods 0.000 description 1
- 239000000523 sample Substances 0.000 description 1
- 239000000243 solution Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000013024 troubleshooting Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Computing Systems (AREA)
- Computer And Data Communications (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the disclosure discloses a safety management method and system of an API (application program interface). The method comprises the following steps: acquiring input type information of an API interface; filtering the API interface based on the type information and a preset standard to generate API interface asset information; analyzing the API interface asset information to obtain an API risk degree; if the API risk exceeds a preset risk threshold, judging that the risk exists in the API interface; the method can monitor the API interface in real time and timely acquire the risk of the API, and the method can realize automatic association of the API interface with threat information, alarm information and security events, timely discover the risk of the API and realize full life cycle monitoring of the API interface.
Description
Technical Field
The disclosure relates to the technical field of data security, in particular to a security management method and system of an API (application program interface).
Background
With the development of information technology, the API (Application Programming Interface ) technology is rapidly developed and applied, the API can greatly reduce the redundancy of codes, strengthen the reusability of software, and can better support a distributed system and a micro-service architecture, and is widely applied to business systems by various industries.
However, security vulnerabilities existing in the design, development or implementation process of the API interface may cause malicious attackers to use the vulnerabilities to implement malicious behaviors such as unauthorized access, data falsification, denial of service, and the like.
Disclosure of Invention
In view of this, the embodiments of the present disclosure provide a method and a system for managing security of an API interface, which can solve the problem of blank risk assessment of the API interface in the prior art.
In a first aspect, an embodiment of the present disclosure provides a method for security management of an API interface, including:
acquiring input type information of an API interface;
filtering the API interface based on the type information and a preset standard to generate API interface asset information;
analyzing the API interface asset information to acquire an API risk;
and if the API risk degree exceeds a preset risk threshold, judging that the risk exists in the API interface.
Optionally, the API interface includes information of province, unit, industry, business, user, and applicable platform;
the type information comprises one or more of province type information, city type information, unit type information, main service type information and sub service type information;
The preset standard comprises ordering information and preset retrieval target information; the preset retrieval target information is any one of the type information.
Optionally, the API risk is X, x=a×b×c% (1/D);
wherein A is threat level of security event, B is possibility of security event, C is importance of API, D is protection capability of API;
0≤A≤100;
0≤B≤100;
0≤C≤100;
1≤D≤100。
optionally, the method for acquiring the threat level of the security event includes:
acquiring a plurality of log information in a preset period corresponding to the API interface asset information;
judging whether first preset threat information exists in the log information or not, if yes, A=100;
if not, judging whether all the log information belongs to a preset white list, if so, A=0;
if not, matching the log information with second preset threat information to obtain matching times, corresponding credibility and corresponding threat level;
and obtaining the threat level of the security event based on the matching times, the corresponding credibility and the corresponding threat level.
Optionally, the method for acquiring the security event possibility includes:
obtaining vulnerability information of the API interface asset information and corresponding vulnerability scores;
Judging whether the vulnerability information is matched with the preset weak authentication, if so, acquiring the matching times Q with the preset weak authentication, judging whether Q is more than 59, and if so, judging that B=59; if not, b=q;
if not, judging whether the vulnerability information is matched with a preset authorization anomaly, if so, acquiring the times G1 matched with the preset authorization anomaly, and if B=60+2×G1;
the preset authorization exception comprises an authorization file error exception, an authorization date error exception, a system IP address error exception, a system MAC address error exception and an authorization version inconsistency exception;
if not, judging whether the vulnerability information is matched with a preset injection vulnerability, if so, acquiring the times G2 matched with the preset injection vulnerability, and if B=70+2×G2;
the preset injection holes comprise SQL injection holes, HTTP injection holes, HTML injection holes, XPATH injection holes and Xml external entity injection holes;
if not, judging whether the vulnerability information is matched with preset data leakage, if so, acquiring the times G3 matched with the preset data leakage, wherein B=80+2×G3;
the preset data leakage comprises a hacking leakage class, a social engineering attack leakage class, a software exception leakage class, a human error leakage class and a data backup leakage class;
If not, judging whether the vulnerability information is matched with a preset security configuration error, if so, acquiring the times G4 matched with the preset security configuration error, wherein B=90+2×G4;
the preset security configuration errors comprise an application server management error, an account password change error, a catalog index error, a blacklist strategy error and an application error.
Optionally, the method for acquiring the API importance includes:
judging whether the API interface asset information is matched with a first type asset information set, if yes, acquiring the number E1 of times matched with the first type asset information set, and if yes, acquiring the number E1 of times matched with the first type asset information set
;
The first type asset information set comprises a common business system, a security business system and a county-level key unit;the weight of the common business system is occupied; />The weight of the security service system is occupied; />The occupied weight of the county-level key units;
if not, judging whether the API interface asset information is matched with a second type asset information set, if so, acquiring the number E2 of times matched with the second type asset information set, and if so, judging whether the API interface asset information is matched with the second type asset information set
;
Wherein the second type of asset information set comprises basic service system information, conventional service system information and market-level key unit information; Occupied weight of basic service system information, < +.>Weights occupied for conventional service system information、/>The weight of the key unit information of the market level is occupied;
if not, judging whether the API interface asset information is matched with a third type asset information set, if so, acquiring the matching times E3 with the third type asset information set, and if so, judging whether the API interface asset information is matched with the third type asset information set
;
Wherein the third type of asset information set comprises information of a related base service system, information of a reinsurance service system and provincial key unit information;weight of information about basic service system, +.>Weight occupied by the information of the heavy-duty service system, < ->The occupied weight of the provincial key unit information is calculated.
Optionally, the method for acquiring the API protection capability includes:
judging whether the API interface asset information is matched with a first type protection capability information set, if yes, acquiring the number F1 of times matched with the first type protection capability information set, and if yes, acquiring the number F1 of times matched with the first type protection capability information set
;
Wherein,a number of types of protection capabilities included for the first set of protection capability information;
if not, judging whether the API interface asset information is matched with a second type of protection capability information set, if so, acquiring the number F2 of times matched with the second type of protection capability information set, and if so, judging whether the API interface asset information is matched with the second type of protection capability information set
;
Wherein,a number of types of protection capabilities included for the second set of protection capability information;
judging whether the API interface asset information is matched with a third type of protection capability information set, if yes, acquiring the number F3 of times matched with the third type of protection capability information set, and if yes, acquiring the number F3 of times matched with the third type of protection capability information set
;
Wherein,the number of types of protection capabilities included for the third type of protection capability information set.
Optionally, the first type of protection capability information set includes an access control protection capability, a risk API asset protection capability, and a behavior analysis protection capability;=3;
the second type of protection capability information set comprises output mode verification protection capability, protection sensitive data protection capability and security configuration management protection capability;=3;
the third type of protection capability information set comprises malicious user detection protection capability, security policy execution protection capability and DDOS protection capability;=3。
optionally, the preset risk threshold is 5 points;
if the API risk degree is in the first range, determining that the API risk degree is low-level risk, and triggering a first-level alarm;
if the API risk degree is in the second range, judging the API risk degree to be a medium-level risk, and triggering a second-level alarm;
if the API risk degree is in the third range, judging that the API risk degree is high-level risk, and triggering three-level alarm;
The first range is: x is more than 5 and less than or equal to 59;
the second range is: x is more than 59 and less than or equal to 79;
the third range is: x is more than 79 and less than or equal to 100;
the alarm urgency of the third-level alarm, the alarm urgency of the second-level alarm and the alarm urgency of the first-level alarm decrease in sequence.
In a second aspect, an embodiment of the present disclosure further provides a security management system of an API interface, including:
the first acquisition module is configured to acquire type information of an input API interface;
the generation module is configured to filter the API interface based on the type information and a preset standard to generate API interface asset information;
the second acquisition module is configured to analyze the API interface asset information and acquire the API risk;
and the judging module is configured to judge that the risk exists in the API if the risk degree of the API exceeds a preset risk threshold.
In a third aspect, an embodiment of the present disclosure further provides an electronic device, which adopts the following technical scheme:
an electronic device includes:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of security management of the API interface of any of the above.
In a fourth aspect, the presently disclosed embodiments also provide a computer-readable storage medium storing computer instructions for causing a computer to perform the method of security management of an API interface of any of the above.
The safety management method of the API interface can monitor the API interface in real time and timely acquire the risk of the API, specifically, the input type information of the API interface can be acquired, so that developers, administrators and the like can clearly know the purpose and function of each interface; the filtering generates API interface asset information, which is helpful for arranging and managing a large number of API interfaces, and improves the development efficiency and maintainability of the system; evaluating the risk by comprehensively considering the threat level of the security event, the possibility of the security event, the importance of the API and the protection capability of the API, which is helpful for quickly identifying potential security risks and weak points, and is helpful for timely taking measures such as repairing loopholes, strengthening security protection and the like so as to protect the data security of the system and users; the method and the system can realize automatic association of the API interface with threat information, alarm information and security events, discover the risk of the API in time and realize full life cycle monitoring of the API interface.
In summary, the method for managing the security of the API interface can provide comprehensive security management functions through acquisition, filtering, analysis and judgment, thereby being beneficial to ensuring the security of the API interface, reducing potential risks and improving the reliability and stability of the system.
The foregoing description is only an overview of the disclosed technology, and may be implemented in accordance with the disclosure of the present disclosure, so that the above-mentioned and other objects, features and advantages of the present disclosure can be more clearly understood, and the following detailed description of the preferred embodiments is given with reference to the accompanying drawings.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings that are needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present disclosure, and other drawings may be obtained according to these drawings without inventive effort to a person of ordinary skill in the art.
Fig. 1 is a flow chart of a security management method of an API provided in the present application.
Fig. 2 is a flow chart of a method for acquiring threat degrees of security events in the present application.
Fig. 3 is a flow chart of a method for acquiring a security event possibility in the present application.
Fig. 4 is a flow chart of a method for acquiring the importance of the API in the present application.
Fig. 5 is a flow chart of a method for acquiring API protection capability in the present application.
Fig. 6 is a functional block diagram of a security management system of an API interface provided by an embodiment of the present disclosure.
Fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
Embodiments of the present disclosure are described in detail below with reference to the accompanying drawings.
It should be appreciated that the following specific embodiments of the disclosure are described in order to provide a better understanding of the present disclosure, and that other advantages and effects will be apparent to those skilled in the art from the present disclosure. It will be apparent that the described embodiments are merely some, but not all embodiments of the present disclosure. The disclosure may be embodied or practiced in other different specific embodiments, and details within the subject specification may be modified or changed from various points of view and applications without departing from the spirit of the disclosure. It should be noted that the following embodiments and features in the embodiments may be combined with each other without conflict. All other embodiments, which can be made by one of ordinary skill in the art without inventive effort, based on the embodiments in this disclosure are intended to be within the scope of this disclosure.
It is noted that various aspects of the embodiments are described below within the scope of the following claims. It should be apparent that the aspects described herein may be embodied in a wide variety of forms and that any specific structure and/or function described herein is merely illustrative. Based on the present disclosure, one skilled in the art will appreciate that one aspect described herein may be implemented independently of any other aspect, and that two or more of these aspects may be combined in various ways. For example, an apparatus may be implemented and/or a method practiced using any number of the aspects set forth herein. In addition, such apparatus may be implemented and/or such methods practiced using other structure and/or functionality in addition to one or more of the aspects set forth herein.
It should also be noted that the illustrations provided in the following embodiments merely illustrate the basic concepts of the disclosure by way of illustration, and only the components related to the disclosure are shown in the drawings and are not drawn according to the number, shape and size of the components in actual implementation, and the form, number and proportion of the components in actual implementation may be arbitrarily changed, and the layout of the components may be more complicated.
In addition, in the following description, specific details are provided in order to provide a thorough understanding of the examples. However, it will be understood by those skilled in the art that aspects may be practiced without these specific details.
Referring to fig. 1, the present application discloses a security management method of an API interface, the method comprising the steps of:
s100, acquiring input type information of an API interface.
The API interface comprises province information, unit information, industry information, business information, user information and applicable platform information.
The type information comprises one or more of province type information, city type information, unit type information, main service type information and sub service type information.
And S200, filtering the API interface based on the type information and a preset standard to generate API interface asset information.
The preset standard comprises ordering information and preset retrieval target information; the preset retrieval target information is any one of the type information.
The API interface asset information is preferably in the form of a tree diagram or list.
S300, analyzing the API interface asset information to obtain the API risk.
API risk is X, x=a×b×c% (1/D); wherein A is threat level of security event, B is possibility of security event, C is importance of API, and D is protection capability of API.
Wherein A is more than or equal to 0 and less than or equal to 100; b is more than or equal to 0 and less than or equal to 100; c is more than or equal to 0 and less than or equal to 100; d is more than or equal to 1 and less than or equal to 100.
And S400, if the API risk exceeds a preset risk threshold, judging that the risk exists in the API interface.
The safety management method of the API interface can monitor the API interface in real time and timely acquire the risk of the API, specifically, the input type information of the API interface can be acquired, so that developers, administrators and the like can clearly know the purpose and function of each interface; the filtering generates API interface asset information, which is helpful for arranging and managing a large number of API interfaces, and improves the development efficiency and maintainability of the system; evaluating the risk by comprehensively considering the threat level of the security event, the possibility of the security event, the importance of the API and the protection capability of the API, which is helpful for quickly identifying potential security risks and weak points, and is helpful for timely taking measures such as repairing loopholes, strengthening security protection and the like so as to protect the data security of the system and users; the method and the system can realize automatic association of the API interface with threat information, alarm information and security events, discover the API risk in time, realize full life cycle monitoring of the API interface, for example, monitor the API service and each API interface, and remind the API service domain interface with an ultrahigh baseline.
In summary, the method for managing the security of the API interface can provide comprehensive security management functions through acquisition, filtering, analysis and judgment, thereby being beneficial to ensuring the security of the API interface, reducing potential risks and improving the reliability and stability of the system.
Referring to fig. 2, the method for acquiring the threat level of the security event includes the following:
acquiring a plurality of log information in a preset period corresponding to the API interface asset information according to the flow probe equipment;
judging whether first preset threat information exists in the log information or not, if yes, A=100;
if not, judging whether all the log information belongs to a preset white list, if so, A=0;
if not, matching the log information with second preset threat information to obtain the matching times, the corresponding credibility and the corresponding threat level;
and obtaining the threat level of the security event based on the matching times, the corresponding credibility and the corresponding threat level.
In this embodiment, the first preset threat intelligence information is IOC (Indicators of Compromise) threat intelligence or a blacklist with a confidence level not less than 90%; the second preset threat intelligence information is IOC (Indicators of Compromise) threat intelligence with a confidence level lower than 90%.
Referring to fig. 3, the method for acquiring the security event possibility includes:
acquiring vulnerability information of the API interface asset information by using an API vulnerability scanner;
judging whether the vulnerability information is matched with the preset weak authentication, if so, acquiring the matching times Q with the preset weak authentication, judging whether Q is more than 59, and if so, judging that B=59; if no (i.e. 0.ltoreq.Q.ltoreq.59), then B=Q;
if not (i.e. the vulnerability information is not matched with the preset weak authentication), judging whether the vulnerability information is matched with the preset authorization anomaly, if so, obtaining the times G1 matched with the preset authorization anomaly, and then B=60+2×G1;
if not, judging whether the vulnerability information is matched with the preset injection vulnerability, if so, acquiring the times G2 matched with the preset injection vulnerability, and if so, obtaining B=70+2×G2;
if not, judging whether the vulnerability information is matched with the preset data leakage, if so, acquiring the times G3 matched with the preset data leakage, and if so, obtaining B=80+2×G3;
if not, judging whether the vulnerability information is matched with the preset security configuration error, if so, acquiring the number G4 of times of matching with the preset data leakage, and if so, obtaining B=90+2×G4.
In this embodiment, the preset authorization exceptions include an authorization file error exception, an authorization date error exception, a system IP address error exception, a system MAC address error exception, and an authorization version inconsistency exception.
The preset injection holes comprise SQL injection holes, HTTP injection holes, HTML injection holes, XPATH injection holes and Xml external entity injection holes.
The preset data leakage comprises a hacking leakage class, a social engineering attack leakage class, a software exception leakage class, a human error leakage class and a data backup leakage class.
The preset security configuration errors include application server management errors, account password change errors, directory index errors, blacklist policy errors, and application errors.
Referring to fig. 4, the method of acquiring the importance of the api includes the following:
if not (i.e. the vulnerability information is not matched with the preset weak authentication), judging whether the vulnerability information is matched with the preset authorization anomaly, if so, obtaining the times G1 matched with the preset authorization anomaly, and then B=60+2×G1;
if not, judging whether the vulnerability information is matched with the preset injection vulnerability, if so, acquiring the times G2 matched with the preset injection vulnerability, and if so, obtaining B=70+2×G2;
if not, judging whether the vulnerability information is matched with the preset data leakage, if so, acquiring the times G3 matched with the preset data leakage, and if so, obtaining B=80+2×G3;
if not, judging whether the vulnerability information is matched with the preset security configuration error, if so, acquiring the number G4 of times of matching with the preset data leakage, and if so, obtaining B=90+2×G4.
In this embodiment, the preset authorization exceptions include an authorization file error exception, an authorization date error exception, a system IP address error exception, a system MAC address error exception, and an authorization version inconsistency exception.
The preset injection holes comprise SQL injection holes, HTTP injection holes, HTML injection holes, XPATH injection holes and Xml external entity injection holes.
The preset data leakage comprises a hacking leakage class, a social engineering attack leakage class, a software exception leakage class, a human error leakage class and a data backup leakage class.
The preset security configuration errors include application server management errors, account password change errors, directory index errors, blacklist policy errors, and application errors.
Referring to fig. 4, the method of acquiring the importance of the api includes the following:
judging whether the API interface asset information is matched with the first type asset information set, if so, acquiring the number of times E1 of matching with the first type asset information set, and if so, acquiring the number of times E1 of matching with the first type asset information set
。
That is, when E1 is 1, c=60×h1 or c=60×h2 or c=60×h3; when E1 is 2, c=60× (h1+h2) or c=60× (h1+h3) or c=60× (h2+h3); when E1 is 3, c=60.
The first type of asset information set comprises a common business system, a security business system and county-level key units; The weight of the common business system is occupied; />The weight of the security service system is occupied; />The occupied weight of the county-level key units.
If not (the API interface asset information is not matched with the first type asset information set), judging whether the API interface asset information is matched with the second type asset information set, if so, acquiring the number E2 of times matched with the second type asset information set, otherwise, judging whether the API interface asset information is matched with the second type asset information set or not
。
That is, when E2 is 1, c=60+20×k1 or c=60+20×k2 or c=60+20×k3; when E2 is 2, c=60+20× (k1+k2) or c=60+20× (k1+k3) or c=60+20× (k2+k3); when E2 is 3, c=80.
The second type of asset information set comprises basic service system information, conventional service system information and market-level key unit information;occupied weight of basic service system information, < +.>The weight of the conventional business system information, </i >>And the weight of the key unit information is the weight of the key unit information of the market level.
If not (the API interface asset information is not matched with the second type asset information set), judging whether the API interface asset information is matched with the third type asset information set, if so, acquiring the matching times E3 with the third type asset information set, otherwise, judging whether the API interface asset information is matched with the third type asset information set
。
That is, when E3 is 1, c=80+20×l1 or c=80+20×l2 or c=80+20×l3; when E3 is 2, c=80+20× (l1+l2) or c=80+20× (l1+l3) or c=80+20× (l2+l3); when E3 is 3, c=100.
The third type of asset information set comprises information of a related basic service system, information of a reinsurance service system and provincial key unit information;weight of information about basic service system, +.>Weight occupied by the information of the heavy-duty service system, < ->The occupied weight of the provincial key unit information is calculated.
Further, in the present embodiment, the first and second embodiments,=/>=/>=20%,/>=/>2=/>2=60%,/>=/>3=/>3=20%。
referring to fig. 5, the method for acquiring the api protection capability includes:
judging whether the API interface asset information is matched with the first type protection capability information set, if so, acquiring the number F1 of times of matching with the first type protection capability information set, and if so, acquiring the number F1 of times of matching with the first type protection capability information set
。
Namely, when 1.ltoreq.F1.ltoreq.N1, D= (60/N1). Times.F1; when f1=n1, d=59.
Wherein,the number of types of protection capabilities included for the first type of protection capability information set.
If not, judging whether the API interface asset information is matched with the second type of protection capability information set, if so, acquiring the number F2 of times matched with the second type of protection capability information set, and if so, judging whether the API interface asset information is matched with the second type of protection capability information set
。
That is, when 1.ltoreq.F2.ltoreq.N2, D=60+ (20/(N2-1))X (F2-1); when f2=n2, d=79.
Wherein,the number of types of protection capabilities included for the second set of protection capability information
Judging whether the API interface asset information is matched with the third-class protection capability information set, if yes, acquiring the number F3 of times matched with the third-class protection capability information set, and if yes, acquiring the number F3 of times matched with the third-class protection capability information set
。
That is, when 1.ltoreq.F3.ltoreq.N3, D=80+ (20/(N3-1))X (F3-1); when f3=n3, d=79.
Wherein,the number of types of protection capabilities included for the third type of protection capability information set.
Further, in a preferred embodiment, the first type of protection capability information set includes access control protection capability, risk API asset protection capability, and behavioral analysis protection capability;=3。
the second type of protection capability information set comprises output mode verification protection capability, protection sensitive data protection capability and security configuration management protection capability;=3。
the third type of protection capability information set comprises malicious user detection protection capability, security policy execution protection capability and DDOS protection capability;=3。
in this embodiment, the preset risk threshold is preferably 5 minutes.
If the risk degree is in the first range, judging that the risk degree is low-level risk, and triggering a first-level alarm;
if the risk degree is in the second range, judging the risk degree to be a medium-level risk, and triggering a second-level alarm;
and if the risk degree is in the third range, judging the risk degree to be a high-level risk, and triggering a three-level alarm.
The alarm urgency of the third-level alarm, the alarm urgency of the second-level alarm and the alarm urgency of the first-level alarm decrease in sequence.
The first range is: x is more than 5 and less than or equal to 59;
The second range is: x is more than 59 and less than or equal to 79;
the third range is: x is more than 79 and less than or equal to 100.
The risk degree of three-level alarming can be repaired by API risk manually, and modification accuracy is guaranteed.
Further, the three-level alarm can comprise measures such as one-key blocking, network breaking and the like by applying the SOAR function; the secondary alarm can comprise sending a mail, notifying and checking the risk by a short message, and performing temporary processing through a blacklist; the primary alert may include a risk prompt, a risk troubleshooting.
In this application, input of the API interface may be manual input, batch import, interface transmission, or the like.
Furthermore, through the safety management method of the API interface disclosed by the application, an API asset supervision analysis report can be generated regularly, so that the report is convenient to view and archive.
Referring to fig. 6, the present application further discloses a security management system of an API interface, including:
the first acquisition module is configured to acquire type information of an input API interface;
the generation module is configured to filter the API interface based on the type information and a preset standard to generate API interface asset information;
the second acquisition module is configured to analyze the API interface asset information and acquire the API risk;
And the judging module is configured to judge that the risk exists in the API if the risk degree of the API exceeds a preset risk threshold.
An electronic device according to an embodiment of the present disclosure includes a memory and a processor. The memory is for storing non-transitory computer readable instructions. In particular, the memory may include one or more computer program products, which may include various forms of computer-readable storage media, such as volatile memory and/or non-volatile memory. The volatile memory may include, for example, random Access Memory (RAM) and/or cache memory (cache), and the like. The non-volatile memory may include, for example, read Only Memory (ROM), hard disk, flash memory, and the like.
The processor may be a Central Processing Unit (CPU) or other form of processing unit having data processing and/or instruction execution capabilities, and may control other components in the electronic device to perform the desired functions. In one embodiment of the present disclosure, the processor is configured to execute the computer readable instructions stored in the memory, so that the electronic device performs all or part of the steps of the method for managing the security of the API interface of the embodiments of the present disclosure described above.
It should be understood by those skilled in the art that, in order to solve the technical problem of how to obtain a good user experience effect, the present embodiment may also include well-known structures such as a communication bus, an interface, and the like, and these well-known structures are also included in the protection scope of the present disclosure.
Fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the disclosure. A schematic diagram of an electronic device suitable for use in implementing embodiments of the present disclosure is shown. The electronic device shown in fig. 4 is merely an example and should not be construed to limit the functionality and scope of use of the disclosed embodiments.
As shown in fig. 7, the electronic device may include a processor (e.g., a central processing unit, a graphic processor, etc.) that may perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) or a program loaded from a storage device into a Random Access Memory (RAM). In the RAM, various programs and data required for the operation of the electronic device are also stored. The processor, ROM and RAM are connected to each other by a bus. An input/output (I/O) interface is also connected to the bus.
In general, the following devices may be connected to the I/O interface: input means including, for example, sensors or visual information gathering devices; output devices including, for example, display screens and the like; storage devices including, for example, magnetic tape, hard disk, etc.; a communication device. The communication means may allow the electronic device to communicate wirelessly or by wire with other devices, such as edge computing devices, to exchange data. While fig. 7 shows an electronic device having various means, it is to be understood that not all of the illustrated means are required to be implemented or provided. More or fewer devices may be implemented or provided instead.
In particular, according to embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a non-transitory computer readable medium, the computer program comprising program code for performing the method shown in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via a communication device, or installed from a storage device, or installed from ROM. All or part of the steps of the security management method of the API interface of the presently disclosed embodiments are performed when the computer program is executed by the processor.
The detailed description of the present embodiment may refer to the corresponding description in the foregoing embodiments, and will not be repeated herein.
A computer-readable storage medium according to an embodiment of the present disclosure has stored thereon non-transitory computer-readable instructions. All or part of the steps of the method of security management of an API interface of embodiments of the present disclosure described above are performed when the non-transitory computer readable instructions are executed by a processor.
The computer-readable storage medium described above includes, but is not limited to: optical storage media (e.g., CD-ROM and DVD), magneto-optical storage media (e.g., MO), magnetic storage media (e.g., magnetic tape or removable hard disk), media with built-in rewritable non-volatile memory (e.g., memory card), and media with built-in ROM (e.g., ROM cartridge).
The detailed description of the present embodiment may refer to the corresponding description in the foregoing embodiments, and will not be repeated herein.
The basic principles of the present disclosure have been described above in connection with specific embodiments, however, it should be noted that the advantages, benefits, effects, etc. mentioned in the present disclosure are merely examples and not limiting, and these advantages, benefits, effects, etc. are not to be considered as necessarily possessed by the various embodiments of the present disclosure. Furthermore, the specific details disclosed herein are for purposes of illustration and understanding only, and are not intended to be limiting, since the disclosure is not necessarily limited to practice with the specific details described.
In this disclosure, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions, and the block diagrams of devices, apparatuses, devices, systems involved in this disclosure are merely illustrative examples and are not intended to require or implicate that connections, arrangements, configurations must be made in the manner shown in the block diagrams. As will be appreciated by one of skill in the art, the devices, apparatuses, devices, systems may be connected, arranged, configured in any manner. Words such as "including," "comprising," "having," and the like are words of openness and mean "including but not limited to," and are used interchangeably therewith. The terms "or" and "as used herein refer to and are used interchangeably with the term" and/or "unless the context clearly indicates otherwise. The term "such as" as used herein refers to, and is used interchangeably with, the phrase "such as, but not limited to.
In addition, as used herein, the use of "or" in the recitation of items beginning with "at least one" indicates a separate recitation, such that recitation of "at least one of A, B or C" for example means a or B or C, or AB or AC or BC, or ABC (i.e., a and B and C). Furthermore, the term "exemplary" does not mean that the described example is preferred or better than other examples.
It is also noted that in the systems and methods of the present disclosure, components or steps may be disassembled and/or assembled. Such decomposition and/or recombination should be considered equivalent to the present disclosure.
Various changes, substitutions, and alterations are possible to the techniques herein without departing from the teachings as defined by the appended claims. Furthermore, the scope of the claims is not limited to the exact aspects of the process, machine, manufacture, composition of matter, means, methods and acts described above. The processes, machines, manufacture, compositions of matter, means, methods, or acts, presently existing or later to be developed that perform substantially the same function or achieve substantially the same result as the corresponding aspects herein may be utilized. Accordingly, the appended claims are intended to include within their scope such processes, machines, manufacture, compositions of matter, means, methods, or acts.
The previous description of the disclosed aspects is provided to enable any person skilled in the art to make or use the present disclosure. Various modifications to these aspects will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other aspects without departing from the scope of the disclosure. Thus, the present disclosure is not intended to be limited to the aspects shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
The foregoing description has been presented for purposes of illustration and description. Furthermore, this description is not intended to limit the embodiments of the disclosure to the form disclosed herein. Although a number of example aspects and embodiments have been discussed above, a person of ordinary skill in the art will recognize certain variations, modifications, alterations, additions, and subcombinations thereof.
Claims (6)
1. A method for security management of an API interface, comprising:
acquiring input type information of an API interface;
filtering the API interface based on the type information and a preset standard to generate API interface asset information;
analyzing the API interface asset information to acquire an API risk;
if the API risk degree exceeds a preset risk threshold, judging that the risk exists in the API interface;
Wherein the API risk is X, x=a×b×c% (1/D);
wherein A is threat level of security event, B is possibility of security event, C is importance of API, D is protection capability of API;
0≤A≤100;
0≤B≤100;
0≤C≤100;
1≤D≤100;
the method for acquiring the threat degree of the security event comprises the following steps:
acquiring a plurality of log information in a preset period corresponding to the API interface asset information;
judging whether first preset threat information exists in the log information or not, if yes, A=100;
if not, judging whether all the log information belongs to a preset white list, if so, A=0;
if not, matching the log information with second preset threat information to obtain matching times, corresponding credibility and corresponding threat level;
acquiring the threat level of the security event based on the matching times, the corresponding credibility and the corresponding threat level;
the method for acquiring the security event possibility comprises the following steps:
obtaining vulnerability information of the API interface asset information;
judging whether the vulnerability information is matched with the preset weak authentication, if so, acquiring the matching times Q with the preset weak authentication, judging whether Q is more than 59, and if so, judging that B=59; if not, b=q;
If not, judging whether the vulnerability information is matched with a preset authorization anomaly, if so, acquiring the times G1 matched with the preset authorization anomaly, and if B=60+2×G1;
the preset authorization exception comprises an authorization file error exception, an authorization date error exception, a system IP address error exception, a system MAC address error exception and an authorization version inconsistency exception;
if not, judging whether the vulnerability information is matched with a preset injection vulnerability, if so, acquiring the times G2 matched with the preset injection vulnerability, and if B=70+2×G2;
the preset injection holes comprise SQL injection holes, HTTP injection holes, HTML injection holes, XPATH injection holes and Xml external entity injection holes;
if not, judging whether the vulnerability information is matched with preset data leakage, if so, acquiring the times G3 matched with the preset data leakage, wherein B=80+2×G3;
the preset data leakage comprises a hacking leakage class, a social engineering attack leakage class, a software exception leakage class, a human error leakage class and a data backup leakage class;
if not, judging whether the vulnerability information is matched with a preset security configuration error, if so, acquiring the times G4 matched with the preset security configuration error, wherein B=90+2×G4;
The preset security configuration errors comprise application server management errors, account password change errors, catalog index errors, blacklist policy errors and application errors;
the method for acquiring the API importance comprises the following steps:
judging whether the API interface asset information is matched with a first type asset information set, if yes, acquiring the number E1 of times matched with the first type asset information set, and if yes, acquiring the number E1 of times matched with the first type asset information set
;
Wherein the first kind of resourceThe production information set comprises a common business system, a security business system and a county-level key unit;the weight of the common business system is occupied; />The weight of the security service system is occupied; />The occupied weight of the county-level key units;
if not, judging whether the API interface asset information is matched with a second type asset information set, if so, acquiring the number E2 of times matched with the second type asset information set, and if so, judging whether the API interface asset information is matched with the second type asset information set
;
Wherein the second type of asset information set comprises basic service system information, conventional service system information and market-level key unit information;occupied weight of basic service system information, < +.>The weight of the conventional business system information, </i >>The weight of the key unit information of the market level is occupied;
If not, judging whether the API interface asset information is matched with a third type asset information set, if so, acquiring the matching times E3 with the third type asset information set, and if so, judging whether the API interface asset information is matched with the third type asset information set
;
Wherein the third type of asset information set comprises information of a related base service system, information of a reinsurance service system and provincial key unit information;weight of information about basic service system, +.>Weight occupied by the information of the heavy-duty service system, < ->The occupied weight of the provincial key unit information is calculated;
the method for acquiring the API protection capability comprises the following steps:
judging whether the API interface asset information is matched with a first type protection capability information set, if yes, acquiring the number F1 of times matched with the first type protection capability information set, and if yes, acquiring the number F1 of times matched with the first type protection capability information set
;
Wherein,a number of types of protection capabilities included for the first set of protection capability information;
if not, judging whether the API interface asset information is matched with a second type of protection capability information set, if so, acquiring the number F2 of times matched with the second type of protection capability information set, and if so, judging whether the API interface asset information is matched with the second type of protection capability information set
;
Wherein,a number of types of protection capabilities included for the second set of protection capability information;
judging whether the API interface asset information is matched with a third type of protection capability information set, if yes, acquiring the number F3 of times matched with the third type of protection capability information set, and if yes, acquiring the number F3 of times matched with the third type of protection capability information set
;
Wherein,a number of types of protection capabilities included for the third type of protection capability information set;
the first type of protection capability information set comprises access control protection capability, risk API asset protection capability and behavior analysis protection capability;=3;
the second type of protection capability information set comprises output mode verification protection capability, protection sensitive data protection capability and security configuration management protection capability;=3;
the third type of protection capability information set comprises malicious user detection protection capability, security policy execution protection capability and DDOS protection capability;=3。
2. the method for managing the security of an API according to claim 1, wherein said API includes province information, unit information, industry information, business information, user information, and applicable platform information;
the type information comprises one or more of province type information, city type information, unit type information, main service type information and sub service type information;
the preset standard comprises ordering information and preset retrieval target information; the preset retrieval target information is any one of the type information.
3. The method for managing security of an API according to claim 1, characterized in that said preset risk threshold is 5 points;
If the API risk degree is in the first range, determining that the API risk degree is low-level risk, and triggering a first-level alarm;
if the API risk degree is in the second range, judging the API risk degree to be a medium-level risk, and triggering a second-level alarm;
if the API risk degree is in the third range, judging that the API risk degree is high-level risk, and triggering three-level alarm;
the first range is: x is more than 5 and less than or equal to 59;
the second range is: x is more than 59 and less than or equal to 79;
the third range is: x is more than 79 and less than or equal to 100;
the alarm urgency of the third-level alarm, the alarm urgency of the second-level alarm and the alarm urgency of the first-level alarm decrease in sequence.
4. A security management system for an API interface comprising:
the first acquisition module is configured to acquire type information of an input API interface;
the generation module is configured to filter the API interface based on the type information and a preset standard to generate API interface asset information;
the second acquisition module is configured to analyze the API interface asset information and acquire the API risk;
the judging module is configured to judge that the risk exists in the API if the risk degree of the API exceeds a preset risk threshold;
wherein the API risk is X, x=a×b×c% (1/D);
wherein A is threat level of security event, B is possibility of security event, C is importance of API, D is protection capability of API;
0≤A≤100;
0≤B≤100;
0≤C≤100;
1≤D≤100;
The method for acquiring the threat degree of the security event comprises the following steps:
acquiring a plurality of log information in a preset period corresponding to the API interface asset information;
judging whether first preset threat information exists in the log information or not, if yes, A=100;
if not, judging whether all the log information belongs to a preset white list, if so, A=0;
if not, matching the log information with second preset threat information to obtain matching times, corresponding credibility and corresponding threat level;
acquiring the threat level of the security event based on the matching times, the corresponding credibility and the corresponding threat level;
the method for acquiring the security event possibility comprises the following steps:
obtaining vulnerability information of the API interface asset information;
judging whether the vulnerability information is matched with the preset weak authentication, if so, acquiring the matching times Q with the preset weak authentication, judging whether Q is more than 59, and if so, judging that B=59; if not, b=q;
if not, judging whether the vulnerability information is matched with a preset authorization anomaly, if so, acquiring the times G1 matched with the preset authorization anomaly, and if B=60+2×G1;
The preset authorization exception comprises an authorization file error exception, an authorization date error exception, a system IP address error exception, a system MAC address error exception and an authorization version inconsistency exception;
if not, judging whether the vulnerability information is matched with a preset injection vulnerability, if so, acquiring the times G2 matched with the preset injection vulnerability, and if B=70+2×G2;
the preset injection holes comprise SQL injection holes, HTTP injection holes, HTML injection holes, XPATH injection holes and Xml external entity injection holes;
if not, judging whether the vulnerability information is matched with preset data leakage, if so, acquiring the times G3 matched with the preset data leakage, wherein B=80+2×G3;
the preset data leakage comprises a hacking leakage class, a social engineering attack leakage class, a software exception leakage class, a human error leakage class and a data backup leakage class;
if not, judging whether the vulnerability information is matched with a preset security configuration error, if so, acquiring the times G4 matched with the preset security configuration error, wherein B=90+2×G4;
the preset security configuration errors comprise application server management errors, account password change errors, catalog index errors, blacklist policy errors and application errors;
The method for acquiring the API importance comprises the following steps:
judging whether the API interface asset information is matched with a first type asset information set, if yes, acquiring the number E1 of times matched with the first type asset information set, and if yes, acquiring the number E1 of times matched with the first type asset information set
;
The first type asset information set comprises a common business system, a security business system and a county-level key unit;the weight of the common business system is occupied; />The weight of the security service system is occupied; />The occupied weight of the county-level key units;
if not, judging whether the API interface asset information is matched with a second type asset information set, if so, acquiring the number E2 of times matched with the second type asset information set, and if so, judging whether the API interface asset information is matched with the second type asset information set
;
Wherein the second type of asset information set comprises basic service system information, conventional service system information and market-level key unit information;occupied weight of basic service system information, < +.>The weight of the conventional business system information, </i >>The weight of the key unit information of the market level is occupied;
if not, judging whether the API interface asset information is matched with a third type asset information set,
if yes, acquiring the number of times E3 matched with the third type asset information set
;
Wherein the third type of asset information set comprises information of a related base service system, information of a reinsurance service system and provincial key unit information; Weight of information about basic service system, +.>Weight occupied by the information of the heavy-duty service system, < ->The occupied weight of the provincial key unit information is calculated;
the method for acquiring the API protection capability comprises the following steps:
judging whether the API interface asset information is matched with a first type protection capability information set, if yes, acquiring the number F1 of times matched with the first type protection capability information set, and if yes, acquiring the number F1 of times matched with the first type protection capability information set
;
Wherein,a number of types of protection capabilities included for the first set of protection capability information;
if not, judging whether the API interface asset information is matched with a second type of protection capability information set, if so, acquiring the number F2 of times matched with the second type of protection capability information set, and if so, judging whether the API interface asset information is matched with the second type of protection capability information set
;
Wherein,a number of types of protection capabilities included for the second set of protection capability information;
judging whether the API interface asset information is matched with a third type of protection capability information set, if yes, acquiring the number F3 of times matched with the third type of protection capability information set, and if yes, acquiring the number F3 of times matched with the third type of protection capability information set
;
Wherein,a number of types of protection capabilities included for the third type of protection capability information set;
wherein the first type of protection capability information set comprises access control protection capability and risk API asset protection Protective capability and behavior analysis protective capability;=3;
the second type of protection capability information set comprises output mode verification protection capability, protection sensitive data protection capability and security configuration management protection capability;=3;
the third type of protection capability information set comprises malicious user detection protection capability, security policy execution protection capability and DDOS protection capability;=3。
5. an electronic device, comprising:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of security management of an API interface according to any one of claims 1-3.
6. A computer readable storage medium storing computer instructions for causing a computer to perform the method of security management of an API interface according to any one of claims 1-3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311228169.8A CN116975856B (en) | 2023-09-22 | 2023-09-22 | Safety management method and system of API (application program interface) |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311228169.8A CN116975856B (en) | 2023-09-22 | 2023-09-22 | Safety management method and system of API (application program interface) |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116975856A CN116975856A (en) | 2023-10-31 |
| CN116975856B true CN116975856B (en) | 2024-02-02 |
Family
ID=88485341
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311228169.8A Active CN116975856B (en) | 2023-09-22 | 2023-09-22 | Safety management method and system of API (application program interface) |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116975856B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113919664A (en) * | 2021-09-23 | 2022-01-11 | 上海浦东发展银行股份有限公司 | API asset risk control method and device, computer equipment and storage medium |
| CN116208415A (en) * | 2023-02-27 | 2023-06-02 | 深圳市安络科技有限公司 | Method, device and equipment for managing API (application program interface) assets |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2575069B1 (en) * | 2011-09-30 | 2016-10-19 | Tata Consultancy Services Ltd. | Security vulnerability correction |
-
2023
- 2023-09-22 CN CN202311228169.8A patent/CN116975856B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113919664A (en) * | 2021-09-23 | 2022-01-11 | 上海浦东发展银行股份有限公司 | API asset risk control method and device, computer equipment and storage medium |
| CN116208415A (en) * | 2023-02-27 | 2023-06-02 | 深圳市安络科技有限公司 | Method, device and equipment for managing API (application program interface) assets |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116975856A (en) | 2023-10-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20210294905A1 (en) | Evaluation of processes of a system or portion thereof | |
| US9424426B2 (en) | Detection of malicious code insertion in trusted environments | |
| Kafali et al. | How good is a security policy against real breaches? A HIPAA case study | |
| Vaidya et al. | Security issues in language-based software ecosystems | |
| CN110602135B (en) | Network attack processing method and device and electronic equipment | |
| CN112995236B (en) | Internet of things equipment safety management and control method, device and system | |
| Abbass et al. | Using EBIOS for risk management in critical information infrastructure | |
| CN115277490A (en) | Network target range evaluation method, system, equipment and storage medium | |
| CN116155531A (en) | Method and device for network equipment security management based on SOAR and electronic equipment | |
| CN116975856B (en) | Safety management method and system of API (application program interface) | |
| Griffioen et al. | Assessing risks and modeling threats in the internet of things | |
| Madan et al. | Security standards perspective to fortify web database applications from code injection attacks | |
| CN115640581A (en) | Data security risk assessment method, device, medium and electronic equipment | |
| Fung et al. | Electronic information security documentation | |
| Muller | Risk monitoring with intrusion detection for industrial control systems | |
| CN106355089A (en) | Secret-associated information analysis method and device | |
| Zakaria et al. | Review of cybersecurity audit management and execution approaches | |
| Cram | Data security and quality | |
| CN117290823B (en) | APP intelligent detection and safety protection method, computer equipment and medium | |
| Rudolph et al. | Security indicators–a state of the art survey public report | |
| Jaidi et al. | A Comprehensive Formal Solution for Access Control Policies Management: Defect Detection, Analysis and Risk Assessment. | |
| CN113627808B (en) | Security assessment method and system for third-party intelligent electric power Internet of things equipment of power distribution network | |
| Chim et al. | A RISK-BASED LAYERED DEFENCE FOR MANAGING THE TRUSTED INSIDER THREAT. | |
| CN106650432A (en) | Secret-related information analysis method and apparatus | |
| Doinea | Open Source Security–Quality Requests |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |