CN118174963A - Web vulnerability detection method and device, computer equipment and storage medium - Google Patents

Web vulnerability detection method and device, computer equipment and storage medium Download PDF

Info

Publication number
CN118174963A
CN118174963A CN202410586512.4A CN202410586512A CN118174963A CN 118174963 A CN118174963 A CN 118174963A CN 202410586512 A CN202410586512 A CN 202410586512A CN 118174963 A CN118174963 A CN 118174963A
Authority
CN
China
Prior art keywords
web
fingerprint
vulnerability detection
updated
preset
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410586512.4A
Other languages
Chinese (zh)
Inventor
王新杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Time New Wei Information Technology Co ltd
Original Assignee
Beijing Time New Wei Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Time New Wei Information Technology Co ltd filed Critical Beijing Time New Wei Information Technology Co ltd
Priority to CN202410586512.4A priority Critical patent/CN118174963A/en
Publication of CN118174963A publication Critical patent/CN118174963A/en
Pending legal-status Critical Current

Links

Landscapes

  • Collating Specific Patterns (AREA)

Abstract

The application belongs to the technical field of network security, and relates to a Web vulnerability detection method, a Web vulnerability detection device, computer equipment and a storage medium, wherein the Web vulnerability detection method comprises the following steps: acquiring content information of a Web website corresponding to pre-stored Web fingerprint features in a preset fingerprint library at intervals of preset time; under the condition that updated Web application program information exists in the content information, new Web fingerprint characteristics are identified from the updated Web application program information through a trained Web fingerprint identification model, and the new Web fingerprint characteristics are extracted and updated into a preset fingerprint library; acquiring Web fingerprint characteristics of a Web website to be detected; matching the Web fingerprint characteristics with a preset fingerprint library to determine a target vulnerability detection script corresponding to the Web fingerprint characteristics according to the Web fingerprint characteristics updated in the preset fingerprint library; and performing vulnerability detection on the Web site to be detected according to the target vulnerability detection script. The method and the device can improve the accuracy and efficiency of vulnerability detection to a greater extent.

Description

Web vulnerability detection method and device, computer equipment and storage medium
Technical Field
The present application relates to the field of network security technologies, and in particular, to a method and apparatus for detecting Web vulnerabilities, a computer device, and a storage medium.
Background
With the development of the internet, network security attack and defense combat exercises are a crucial task, and the main purpose of the network security attack and defense combat exercises is to evaluate the security of a Web site by simulating real hacking behaviors so as to help discover and repair potential vulnerabilities.
In actual combat exercises of network security attack and defense, usually, red team personnel collect URL information of a Web website, traditional Web fingerprint recognition tools are used for carrying out Web fingerprint recognition on the URL information, and then corresponding vulnerability scanners are used for carrying out vulnerability scanning on the URL information based on the recognized Web fingerprints, so that vulnerabilities of Web application programs are detected.
However, the conventional Web fingerprint recognition tool usually relies on manual filling, is tedious and low in efficiency, and cannot timely track and adapt to the Web application program continuously changing in the network environment, so that an accurate Web fingerprint recognition result cannot be provided, and thus, the vulnerability detection is inaccurate, the scanning speed of a vulnerability scanner is low, and the attack efficiency of red team personnel is reduced.
Disclosure of Invention
In order to improve accuracy and efficiency of vulnerability detection to a greater extent, the application provides a Web vulnerability detection method, a Web vulnerability detection device, computer equipment and a storage medium.
The first object of the present application is achieved by the following technical solutions:
Acquiring content information of a Web website corresponding to pre-stored Web fingerprint features in a preset fingerprint library at intervals of preset time;
Under the condition that updated Web application program information exists in the content information, new Web fingerprint characteristics are identified from the updated Web application program information through a trained Web fingerprint identification model, and the new Web fingerprint characteristics are extracted and updated into the preset fingerprint library;
Acquiring Web fingerprint characteristics of a Web website to be detected;
Matching the Web fingerprint characteristics with the preset fingerprint library to determine a target vulnerability detection script corresponding to the Web fingerprint characteristics according to the Web fingerprint characteristics updated in the preset fingerprint library;
and performing vulnerability detection on the Web site to be detected according to the target vulnerability detection script.
By adopting the technical scheme, the accuracy and the efficiency of the leak detection are improved to a greater extent.
The application may in an example be further configured to: the step of matching the Web fingerprint features with the preset fingerprint library to determine a target vulnerability detection script corresponding to the Web fingerprint features according to the updated Web fingerprint features in the preset fingerprint library, including:
and comparing the Web fingerprint characteristics with the preset fingerprint library to determine a target vulnerability detection script corresponding to the Web fingerprint characteristics based on the mapping relation between the Web fingerprint characteristics updated in the preset fingerprint library and the vulnerability detection script.
By adopting the technical scheme, the target vulnerability detection script corresponding to the Web fingerprint characteristic can be rapidly and accurately determined.
The application may in an example be further configured to: comparing the Web fingerprint feature with the preset fingerprint library to determine a target vulnerability detection script corresponding to the Web fingerprint feature based on a mapping relation between the Web fingerprint feature updated in the preset fingerprint library and the vulnerability detection script, including:
comparing the Web fingerprint characteristics with the preset fingerprint database, and determining updated Web fingerprint characteristics consistent with the Web fingerprint characteristics in the preset fingerprint database;
Determining a vulnerability detection script corresponding to the updated Web fingerprint feature consistent with the Web fingerprint feature based on the mapping relation of the updated Web fingerprint feature and the vulnerability detection script;
and taking the determined vulnerability detection script as the target vulnerability detection script.
By adopting the technical scheme, the accuracy of Web fingerprint matching in the subsequent Web vulnerability detection task can be ensured.
The application may in an example be further configured to: after obtaining the content information of the Web site corresponding to the pre-stored Web fingerprint features in the pre-stored fingerprint library at each interval of pre-set time, the method further comprises the following steps:
Extracting keywords in the content information through a trained keyword extraction model;
And determining whether updated Web application program information exists in the content information according to the keywords.
By adopting the technical scheme, the method can realize the preliminary screening of the content information, and is favorable for quickly and accurately identifying new Web fingerprint characteristics subsequently.
The application may in an example be further configured to: the trained Web fingerprint recognition model includes a trained improved transducer model.
By adopting the technical scheme, the trained improved transducer model has higher accuracy in Web fingerprint feature recognition application.
The application may in an example be further configured to: the step of identifying new Web fingerprint features from the updated Web application information through the trained Web fingerprint identification model comprises the following steps:
Performing syntactic analysis on the updated Web application information to obtain a syntactic analysis tree of the updated Web application information;
And inputting the updated Web application program information and the syntax analysis tree into the trained improved transducer model for entity identification to obtain the new Web fingerprint characteristics.
By adopting the technical scheme, the novel Web fingerprint feature can be identified more rapidly and accurately.
The application may in an example be further configured to: after performing vulnerability detection on the Web site to be detected according to the target vulnerability detection script, the method further includes:
and generating and outputting a vulnerability detection result, wherein the vulnerability detection result comprises vulnerability detail information, vulnerability risk assessment information and vulnerability repair measure suggestion information.
By adopting the technical scheme, the red team attacker can be helped to improve the attack efficiency and the success rate.
The second object of the present application is achieved by the following technical solutions:
a Web vulnerability detection apparatus, the Web vulnerability detection apparatus comprising:
The first acquisition module is used for acquiring content information of the Web website corresponding to pre-stored Web fingerprint features in a preset fingerprint library at each interval of preset time;
The updating module is used for identifying new Web fingerprint characteristics from the updated Web application program information through a trained Web fingerprint identification model under the condition that the updated Web application program information exists in the content information, and extracting the new Web fingerprint characteristics to update to the preset fingerprint library;
the second acquisition module acquires Web fingerprint characteristics of a Web website to be detected;
The matching module is used for matching the Web fingerprint characteristics with the preset fingerprint library so as to determine a target vulnerability detection script corresponding to the Web fingerprint characteristics according to the Web fingerprint characteristics updated in the preset fingerprint library;
And the detection module is used for carrying out vulnerability detection on the Web website to be detected according to the target vulnerability detection script.
The third object of the present application is achieved by the following technical solutions:
A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the Web vulnerability detection method described above when the computer program is executed.
The fourth object of the present application is achieved by the following technical solutions:
A computer readable storage medium storing a computer program which when executed by a processor implements the steps of the Web vulnerability detection method described above.
In summary, the application has the following beneficial technical effects:
The method can update the pre-stored Web fingerprint characteristics in the preset fingerprint library along with the network change at regular intervals, thereby continuously realizing the self-intelligent update of the preset fingerprint library, providing a more comprehensive and accurate basis along with the network change for the Web vulnerability detection task, improving the accuracy of Web fingerprint matching in the Web vulnerability detection task, further realizing faster and more accurate vulnerability detection, and improving the accuracy and efficiency of vulnerability detection to a greater extent.
Drawings
Fig. 1 is a schematic flow chart of a Web vulnerability detection method provided by an embodiment of the present application;
FIG. 2 is another flow chart of a Web vulnerability detection method according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a Web vulnerability detection system according to an embodiment of the present application;
FIG. 4 is a schematic block diagram of a Web vulnerability detection apparatus provided by an embodiment of the present application;
Fig. 5 is a schematic block diagram of a computer device according to an embodiment of the present application.
The achievement of the objects, functional features and advantages of the present application will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
The flow diagrams depicted in the figures are merely illustrative and not necessarily all of the elements and operations/steps are included or performed in the order described. For example, some operations/steps may be further divided, combined, or partially combined, so that the order of actual execution may be changed according to actual situations.
It is to be understood that the terminology used in the description of the application herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should also be understood that the term "and/or" as used in the present specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations.
The embodiment of the application provides a Web vulnerability detection method, a Web vulnerability detection device, computer equipment and a storage medium. According to the Web vulnerability detection method, prestored Web fingerprint features in the preset fingerprint library can be updated regularly along with network changes, so that self-intelligent updating of the preset fingerprint library is continuously realized, a more comprehensive and accurate basis along with network changes is provided for a Web vulnerability detection task, the accuracy of Web fingerprint matching in the Web vulnerability detection task can be improved, faster and more accurate vulnerability detection is realized, and the accuracy and efficiency of vulnerability detection are improved to a greater extent.
Some embodiments of the present application are described in detail below with reference to the accompanying drawings. The following embodiments and features of the embodiments may be combined with each other without conflict.
Referring to fig. 1, fig. 1 is a flow chart of a Web vulnerability detection method according to an embodiment of the application. The Web vulnerability detection method is mainly applied to computer equipment, such as PC (Personal Computer ) or server and other terminal equipment with a data processing function.
The server may be an independent server, or may be a cloud server that provides cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communications, middleware services, domain name services, security services, content delivery networks (CoNteNt Delivery Network, CDN), and basic cloud computing services such as big data and data analysis platforms.
As shown in fig. 1, the Web vulnerability detection method includes steps S101 to S105.
Step S101, acquiring content information corresponding to the Web websites in a preset fingerprint library at intervals of preset time.
The method comprises the steps of setting a fingerprint library in advance according to URL information of a Web website, timely tracking changes of Web application programs of the Web website corresponding to pre-stored Web fingerprint features in the pre-set fingerprint library, and updating the pre-stored Web fingerprint features in the pre-set fingerprint library regularly to realize rapid and accurate vulnerability detection based on the updated Web fingerprint features in the pre-set fingerprint library, so that the vulnerability detection can adapt to network changes, and accuracy and efficiency of the vulnerability detection are improved.
It can be understood that the preset fingerprint library has good expandability, and can be pre-stored and maintained according to the Web fingerprint characteristics of the newly added Web website in actual need.
Specifically, content information of the Web site corresponding to pre-stored Web fingerprint features in a preset fingerprint library can be obtained at intervals of preset time.
For example, the content information may be acquired every half month or one month, and the preset time may be flexibly set according to actual needs, which is not limited herein.
The content information comprises information issued by a manufacturer or a developer of the Web website corresponding to the pre-stored Web fingerprint features, a public fingerprint library, web page content of the Web website corresponding to the pre-stored Web fingerprint features and the like, so that the comprehensiveness of the content information is improved.
For example, the manner of acquiring the content information may be to monitor information published by a manufacturer or a developer, so as to crawl information of announcements, blogs and social media published by a company or a developer's official network, and so on; the method can also be used for crawling the published fingerprint library; or directly crawling the Web page content of the Web site corresponding to the pre-stored Web fingerprint features.
For example, in order to improve the convenience of acquiring the content information, the content information may be crawled through an automatic crawling script pre-written by a preset web crawler library, a developer, a maintainer, or other users.
In an embodiment, after step S101, keywords in the content information may also be extracted through a trained keyword extraction model; and determining whether updated Web application information exists in the content information according to the keywords.
After acquiring the Content information corresponding to the Web site in the preset fingerprint library, an analysis manner based on Natural Language Processing (NLP) may be used to analyze the Content information to determine whether information related to Web application update (defined as updated Web application information) exists in the Content information, where the updated Web application information is, for example, information related to a newly released CMS (Content MANAGEMENT SYSTEM ).
By way of example, the trained keyword extraction model may be a trained BERT (Bidirectional Encoder Representation from Transformers, bi-directional attention neural network) model, which is a text sentence-level language model employing a Transformer as one end-to-end of the subject model structure.
It can be understood that the pre-set first Web application information sample may be adopted in advance to train the BERT model, so as to improve the feature expression capability of the BERT model on the vector of the keyword in the Web application information sample, so as to improve the performance of the BERT model on the keyword extraction task.
The content information is analyzed through a trained BERT (Bidirectional Encoder Representation from Transformers, bi-directional attention neural network) model, and the version number, update time stamp and the like of the Web application program are extracted as keywords.
And comparing the extracted version number and/or the update timestamp with the version number and/or the update timestamp of the Web application program corresponding to the pre-stored Web fingerprint characteristics in the preset fingerprint library, and determining that updated Web application program information exists in the content information under the condition that the extracted version number and/or the update timestamp is more recent.
Thus, the preliminary screening of the content information is realized, and a foundation is laid for quickly and accurately identifying new Web fingerprint features in the follow-up process.
Step S102, under the condition that updated Web application program information exists in the content information, new Web fingerprint characteristics are identified from the updated Web application program information through a trained Web fingerprint identification model, and the new Web fingerprint characteristics are extracted and updated into a preset fingerprint library.
And under the condition that the updated Web application program information exists in the content information, identifying new Web fingerprint characteristics from the updated Web application program information through a trained Web fingerprint identification model.
In one embodiment, the trained Web fingerprint recognition model includes a trained modified transducer model; the new Web fingerprint characteristics can be identified from the updated Web application information through the trained Web fingerprint identification model by carrying out syntactic analysis on the updated Web application information to obtain a syntactic analysis tree of the updated Web application information; and inputting the updated Web application program information and the syntax analysis tree into the trained improved Transformer model for entity identification to obtain new Web fingerprint characteristics.
Considering that the transducer model relies entirely on the Attention mechanism to calculate its input and output characterizations, the original Attention mechanism of the transducer model is enhanced, resulting in an improved transducer model.
The improved attention mechanism of the converter model can effectively gather the attention of the characters of the updated Web application program information and aim at training, so that the training speed and the training precision can be improved, and the trained improved converter model has higher accuracy in Web fingerprint feature recognition application.
The improved transducer model with the enhanced attention mechanism can be trained by presetting a second Web application information sample in advance.
Specifically, a preset Stanford syntax analysis tool may be used to perform syntax analysis on a preset second Web application information sample, so as to obtain a syntax analysis tree corresponding to the preset second Web application information sample, where leaf nodes of the syntax analysis tree correspond to each character in the preset second Web application information sample. Inputting a preset second Web application information sample and a corresponding syntax analysis tree thereof into the improved transducer model, so that an attention mechanism after the enhancement of the improved transducer model generates a query matrix, a key matrix and a value matrix according to the preset second Web application information sample, and constructs a covering matrix according to the syntax analysis tree corresponding to the second Web application information sample; then, obtaining an enhanced attention matrix according to the query matrix, the key matrix, the value matrix and the mask matrix; and finally, based on the enhanced attention matrix, taking the Web fingerprint feature entity in the preset second Web application program information sample as a training target, training the improved transducer model, and adjusting parameters of the improved transducer model until the improved transducer model converges to obtain a trained improved transducer model.
In this way, the updated Web application information can be subjected to entity identification through the trained improved transducer model, and new Web fingerprint characteristics can be identified.
Specifically, a preset Stanford syntax analysis tool is adopted to carry out syntax analysis on updated Web application information, and a syntax analysis tree of the updated Web application information is obtained; and then inputting the updated Web application information and the syntax analysis tree corresponding to the updated Web application information into a trained improved transducer model, wherein the trained improved transducer model firstly generates a target query matrix, a target key matrix and a target value matrix based on the updated Web application information through an enhanced attention mechanism, and constructs a target covering matrix based on the syntax analysis tree corresponding to the updated Web application information, so that the enhanced target attention matrix is obtained according to the target query matrix, the target key matrix, the target value matrix and the target covering matrix, and a new Web fingerprint feature entity corresponding to the updated Web application information is identified based on the enhanced target attention matrix.
Therefore, the new Web fingerprint features can be identified more quickly and accurately through the trained improved transducer model.
Further, new Web fingerprint features are extracted and updated into a preset fingerprint library, and original pre-stored Web fingerprint features corresponding to the new Web fingerprint features are deleted.
Therefore, the self-intelligent updating of the preset fingerprint library is continuously realized, so that a more comprehensive and accurate basis along with the change of the network can be provided for the Web vulnerability detection task, the accuracy of Web fingerprint matching in the Web vulnerability detection task can be further improved, and the accuracy of vulnerability detection is improved.
Step S103, acquiring Web fingerprint characteristics of the Web site to be detected.
Then, under the condition that the vulnerability detection request is received, the Web fingerprint characteristics of the Web website to be detected in the vulnerability detection request can be obtained through a trained improved transducer model.
Step S104, the Web fingerprint features are matched with a preset fingerprint library, so that a target vulnerability detection script corresponding to the Web fingerprint features of the Web website to be detected is determined based on the mapping relation between the Web fingerprint features updated in the preset fingerprint library and the vulnerability detection script.
And then, matching the Web fingerprint characteristics of the Web website to be detected with a preset fingerprint library so as to quickly determine a target vulnerability detection script corresponding to the Web fingerprint characteristics of the Web website to be detected based on the mapping relation between the Web fingerprint characteristics updated in the preset fingerprint library and the vulnerability detection script.
In an embodiment, step S104 may be to compare the Web fingerprint feature with a preset fingerprint library, so as to determine a target vulnerability detection script corresponding to the Web fingerprint feature based on the mapping relationship between the Web fingerprint feature updated in the preset fingerprint library and the vulnerability detection script.
Users such as developers or maintainers correspondingly write vulnerability detection Scripts (POCs) required by Web application programs corresponding to updated Web fingerprint features in the preset fingerprint library along with the update of the preset fingerprint library. It is understood that each vulnerability detection script is designed for a specific vulnerability, and can simulate an attack or detection means to confirm the existence of the vulnerability.
And establishing a mapping relation between the updated Web fingerprint characteristics and the corresponding vulnerability detection scripts, so that the vulnerability detection scripts can be continuously updated along with the change of the Web application program.
Therefore, the Web fingerprint characteristics of the Web website to be detected can be compared with the preset fingerprint database, so that the target vulnerability detection script corresponding to the Web fingerprint characteristics can be rapidly determined based on the mapping relation between the Web fingerprint characteristics updated in the preset fingerprint database and the vulnerability detection script.
In an embodiment, as shown in fig. 2, the comparison is performed between the Web fingerprint feature and the preset fingerprint library, so as to determine the target vulnerability detection script corresponding to the Web fingerprint feature based on the mapping relationship between the Web fingerprint feature updated in the preset fingerprint library and the vulnerability detection script, which includes sub-steps S1041 to S1043.
Step S1041, comparing the Web fingerprint characteristics with a preset fingerprint database, and determining updated Web fingerprint characteristics consistent with the Web fingerprint characteristics in the preset fingerprint database;
And comparing the Web fingerprint characteristics of the Web website to be detected with a preset fingerprint library to determine updated Web fingerprint characteristics consistent with the Web fingerprint characteristics in the predicted fingerprint library.
Step S1042, determining a vulnerability detection script corresponding to the updated Web fingerprint feature consistent with the Web fingerprint feature based on the mapping relation between the updated Web fingerprint feature and the vulnerability detection script;
And then, determining the vulnerability detection script corresponding to the updated Web fingerprint feature consistent with the Web fingerprint feature of the Web website to be detected based on the mapping relation between the updated Web fingerprint feature in the preset fingerprint library and the vulnerability detection script.
And step S1043, taking the determined vulnerability detection script as a target vulnerability detection script.
The determined vulnerability detection script is the target vulnerability detection script corresponding to the Web fingerprint characteristics of the Web website to be detected. Thus, the accuracy of Web fingerprint matching in the Web vulnerability detection task can be ensured.
Step S105, performing vulnerability detection on the Web site to be detected according to the target vulnerability detection script.
After the target vulnerability detection script corresponding to the Web fingerprint characteristics of the Web site to be detected is determined, executing the target vulnerability detection script to perform vulnerability detection on the Web site to be detected. During execution, the target vulnerability detection script may send a series of carefully constructed requests to the Web application of the Web site to be detected, which are intended to trigger or identify specific vulnerability behaviors without disrupting the normal operation of the Web application.
In an embodiment, after step S105, a vulnerability detection result may also be generated and output, where the vulnerability detection result includes vulnerability detail information, vulnerability risk assessment information, and vulnerability repair measure suggestion information.
After executing the target vulnerability detection script to perform vulnerability detection, generating and outputting a vulnerability detection result, wherein the vulnerability detection result comprises vulnerability detail information, vulnerability risk assessment information and vulnerability repair measure suggestion information.
Illustratively, vulnerability details such as vulnerability type, location, severity, etc.; the vulnerability risk assessment information is, for example, a hazard level assessed by severity of vulnerability risk.
And under the condition that the target vulnerability detection script is not successfully executed, outputting a vulnerability detection result in a normal or unknown state.
The vulnerability detection result can help red team attacker to utilize the vulnerability in network security attack and defense actual combat exercises pertinently, and attack efficiency and success rate are greatly improved.
According to the Web vulnerability detection method provided by the embodiment, content information of a Web website corresponding to pre-stored Web fingerprint features in a preset fingerprint library is acquired at intervals of preset time; under the condition that updated Web application program information exists in the content information, new Web fingerprint characteristics are identified from the updated Web application program information through a trained Web fingerprint identification model, and the new Web fingerprint characteristics are extracted and updated into a preset fingerprint library; acquiring Web fingerprint characteristics of a Web website to be detected; matching the Web fingerprint characteristics with a preset fingerprint library to determine a target vulnerability detection script corresponding to the Web fingerprint characteristics according to the Web fingerprint characteristics updated in the preset fingerprint library; and performing vulnerability detection on the Web site to be detected according to the target vulnerability detection script. By the method, prestored Web fingerprint features in the preset fingerprint library can be updated regularly along with network changes, so that self-intelligent updating of the preset fingerprint library is continuously realized, a more comprehensive and accurate basis along with network changes is provided for a Web vulnerability detection task, the accuracy of Web fingerprint matching in the Web vulnerability detection task can be improved, faster and more accurate vulnerability detection is realized, and the accuracy and efficiency of vulnerability detection are improved to a greater extent.
In an embodiment, the computer device may carry a Web vulnerability detection system, and fig. 3 is a schematic architecture diagram of the Web vulnerability detection system.
As shown in FIG. 3, the Web vulnerability detection system mainly comprises an information source acquisition module, a Web application program identification module, a Web fingerprint feature identification and extraction module, a fingerprint library management module, a vulnerability intelligent sensor and other functional modules.
The information source acquisition module is used for acquiring content information of the Web website corresponding to the pre-stored Web fingerprint features in the preset fingerprint library at each interval of preset time.
And the Web application program identification module is used for analyzing the content information acquired by the information source acquisition module by an analysis mode based on Natural Language Processing (NLP) and screening updated Web application program information from the content information.
The Web fingerprint feature recognition and extraction module is used for extracting new Web fingerprint features from updated Web application program information through a trained machine learning model;
and the fingerprint library management module is used for updating the new Web fingerprint characteristics into a preset fingerprint library.
And the vulnerability intelligent sensor is used for matching the Web fingerprint characteristics of the Web website to be detected with a preset fingerprint library under the condition of receiving the vulnerability detection task, so as to determine a target vulnerability detection script corresponding to the Web fingerprint characteristics of the Web website to be detected according to the Web fingerprint characteristics updated in the preset fingerprint library, so as to perform vulnerability detection on the Web website to be detected according to the target vulnerability detection script, and generate and output a vulnerability detection result.
For example, the above functional modules may be integrated in advance, and smooth interaction between the functional modules is ensured. In order to ensure that the Web vulnerability detection system can stably operate in various environments and has certain anti-interference capability, actual operation tests and functional optimization can be performed on the Web vulnerability detection system in advance.
Therefore, the computer equipment can execute the technical scheme of the embodiment (refer to each embodiment of the Web vulnerability detection method of the application, and the description is omitted here) based on the Web vulnerability detection system, so that the accuracy and the efficiency of vulnerability detection are improved to a greater extent.
It can be appreciated that the Web vulnerability detection system also has good expandability, and can increase or decrease functional modules according to actual requirements.
Referring to fig. 4, fig. 4 is a schematic block diagram of a Web vulnerability detection apparatus according to an embodiment of the present application.
As shown in fig. 4, the Web vulnerability detection apparatus 400 includes: a first acquisition module 401, an update module 402, a second acquisition module 403, a matching module 404, and a detection module 405.
A first obtaining module 401, configured to obtain content information of a Web site corresponding to pre-stored Web fingerprint features in a preset fingerprint library at each interval of preset time;
The updating module 402 is configured to identify new Web fingerprint features from the updated Web application information through a trained Web fingerprint identification model, and extract the new Web fingerprint features to update to the preset fingerprint library when the updated Web application information exists in the content information;
a second obtaining module 403, configured to obtain a Web fingerprint feature of a Web site to be detected;
The matching module 404 is configured to match the Web fingerprint feature with the preset fingerprint library, so as to determine a target vulnerability detection script corresponding to the Web fingerprint feature according to the Web fingerprint feature updated in the preset fingerprint library;
And the detection module 405 is configured to perform vulnerability detection on the Web site to be detected according to the target vulnerability detection script.
The apparatus provided by the above embodiments may be implemented in the form of a computer program which may be run on a computer device as shown in fig. 5.
Referring to fig. 5, fig. 5 is a schematic block diagram of a computer device according to an embodiment of the present application.
As shown in fig. 5, the computer device 500 includes a processor 502, a memory 503, and a communication interface 504 connected by a system bus 501, wherein the memory may include a non-volatile storage medium and an internal memory.
The non-volatile storage medium may store an operating system and a computer program. The computer program comprises program instructions that, when executed, cause a processor to perform any of a number of Web vulnerability detection methods.
The processor is used to provide computing and control capabilities to support the operation of the entire computer device.
The internal memory provides an environment for the execution of a computer program in a non-volatile storage medium that, when executed by a processor, causes the processor to perform any one of a number of Web vulnerability detection methods.
The communication interface is used for network communication, such as sending assigned tasks, etc. It will be appreciated by those skilled in the art that the structure shown in FIG. 5 is merely a block diagram of some of the structures associated with the present inventive arrangements and is not limiting of the computer device to which the present inventive arrangements may be applied, and that a particular computer device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.
It should be appreciated that the Processor may be a central processing unit (Central Processing Unit, CPU), it may also be other general purpose processors, digital signal processors (DIGITAL SIGNAL Processor, DSP), application SPECIFIC INTEGRATED Circuit (ASIC), field-Programmable gate array (Field-Programmable GATE ARRAY, FPGA) or other Programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. Wherein the general purpose processor may be a processor or the processor may be any conventional processor or the like.
Wherein in one embodiment the processor is configured to run a computer program stored in the memory to implement the steps of:
Acquiring content information of a Web website corresponding to pre-stored Web fingerprint features in a preset fingerprint library at intervals of preset time;
Under the condition that updated Web application program information exists in the content information, new Web fingerprint characteristics are identified from the updated Web application program information through a trained Web fingerprint identification model, and the new Web fingerprint characteristics are extracted and updated into the preset fingerprint library;
Acquiring Web fingerprint characteristics of a Web website to be detected;
Matching the Web fingerprint characteristics with the preset fingerprint library to determine a target vulnerability detection script corresponding to the Web fingerprint characteristics according to the Web fingerprint characteristics updated in the preset fingerprint library;
and performing vulnerability detection on the Web site to be detected according to the target vulnerability detection script.
In an embodiment, the processor is configured to implement, when the matching the Web fingerprint feature with the preset fingerprint library is implemented to determine, according to the Web fingerprint feature updated in the preset fingerprint library, a target vulnerability detection script corresponding to the Web fingerprint feature, the method includes:
and comparing the Web fingerprint characteristics with the preset fingerprint library to determine a target vulnerability detection script corresponding to the Web fingerprint characteristics based on the mapping relation between the Web fingerprint characteristics updated in the preset fingerprint library and the vulnerability detection script.
In an embodiment, the processor is configured to compare the Web fingerprint feature with the preset fingerprint library, so as to determine, based on a mapping relationship between the Web fingerprint feature updated in the preset fingerprint library and the vulnerability detection script, a target vulnerability detection script corresponding to the Web fingerprint feature, where the target vulnerability detection script is implemented by:
comparing the Web fingerprint characteristics with the preset fingerprint database, and determining updated Web fingerprint characteristics consistent with the Web fingerprint characteristics in the preset fingerprint database;
Determining a vulnerability detection script corresponding to the updated Web fingerprint feature consistent with the Web fingerprint feature based on the mapping relation of the updated Web fingerprint feature and the vulnerability detection script;
and taking the determined vulnerability detection script as the target vulnerability detection script.
In an embodiment, after the processor obtains content information of the Web site corresponding to the pre-stored Web fingerprint features in the preset fingerprint library at each preset interval, the processor is further configured to:
Extracting keywords in the content information through a trained keyword extraction model;
And determining whether updated Web application program information exists in the content information according to the keywords.
In one embodiment, the trained Web fingerprinting model comprises a trained modified transducer model.
In an embodiment, the processor implements the trained Web fingerprint recognition model, and when identifying new Web fingerprint features from the updated Web application information, the processor is configured to implement:
Performing syntactic analysis on the updated Web application information to obtain a syntactic analysis tree of the updated Web application information;
And inputting the updated Web application program information and the syntax analysis tree into the trained improved transducer model for entity identification to obtain the new Web fingerprint characteristics.
In an embodiment, after implementing the vulnerability detection on the Web site to be detected according to the target vulnerability detection script, the processor is further configured to implement:
and generating and outputting a vulnerability detection result, wherein the vulnerability detection result comprises vulnerability detail information, vulnerability risk assessment information and vulnerability repair measure suggestion information.
The embodiment of the application also provides a computer readable storage medium, and a computer program is stored on the computer readable storage medium, and the computer program comprises program instructions, and the method implemented by the program instructions when being executed can refer to various embodiments of the Web vulnerability detection method.
The computer readable storage medium may be an internal storage unit of the computer device according to the foregoing embodiment, for example, a hard disk or a memory of the computer device. The computer readable storage medium may also be an external storage device of the computer device, such as a plug-in hard disk, a smart memory card (SMART MEDIA CARD, SMC), a Secure Digital (SD) card, a flash memory card (FLASH CARD), or the like, which are provided on the computer device.
Further, the computer-readable storage medium may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created from the use of blockchain nodes, and the like.
The blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanism, encryption algorithm and the like. The blockchain (Blockchain), essentially a de-centralized database, is a string of data blocks that are generated in association using cryptographic methods, each of which contains information from a batch of network transactions for verifying the validity (anti-counterfeit) of its information and generating the next block. The blockchain may include a blockchain underlying platform, a platform product services layer, an application services layer, and the like.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The foregoing embodiment numbers of the present application are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments. While the application has been described with reference to certain preferred embodiments, it will be understood by those skilled in the art that various changes and substitutions of equivalents may be made and equivalents will be apparent to those skilled in the art without departing from the scope of the application. Therefore, the protection scope of the application is subject to the protection scope of the claims.

Claims (10)

1. A Web vulnerability detection method, the method comprising:
Acquiring content information of a Web website corresponding to pre-stored Web fingerprint features in a preset fingerprint library at intervals of preset time;
Under the condition that updated Web application program information exists in the content information, new Web fingerprint characteristics are identified from the updated Web application program information through a trained Web fingerprint identification model, and the new Web fingerprint characteristics are extracted and updated into the preset fingerprint library;
Acquiring Web fingerprint characteristics of a Web website to be detected;
Matching the Web fingerprint characteristics with the preset fingerprint library to determine a target vulnerability detection script corresponding to the Web fingerprint characteristics according to the Web fingerprint characteristics updated in the preset fingerprint library;
and performing vulnerability detection on the Web site to be detected according to the target vulnerability detection script.
2. The Web vulnerability detection method of claim 1, wherein the matching the Web fingerprint feature with the preset fingerprint library to determine a target vulnerability detection script corresponding to the Web fingerprint feature according to the Web fingerprint feature updated in the preset fingerprint library comprises:
and comparing the Web fingerprint characteristics with the preset fingerprint library to determine a target vulnerability detection script corresponding to the Web fingerprint characteristics based on the mapping relation between the Web fingerprint characteristics updated in the preset fingerprint library and the vulnerability detection script.
3. The method of claim 2, wherein the comparing the Web fingerprint feature with the preset fingerprint library to determine the target vulnerability detection script corresponding to the Web fingerprint feature based on the mapping relationship between the Web fingerprint feature updated in the preset fingerprint library and the vulnerability detection script comprises:
comparing the Web fingerprint characteristics with the preset fingerprint database, and determining updated Web fingerprint characteristics consistent with the Web fingerprint characteristics in the preset fingerprint database;
Determining a vulnerability detection script corresponding to the updated Web fingerprint feature consistent with the Web fingerprint feature based on the mapping relation of the updated Web fingerprint feature and the vulnerability detection script;
and taking the determined vulnerability detection script as the target vulnerability detection script.
4. The method for detecting Web vulnerabilities according to claim 1, further comprising, after obtaining content information of a Web site corresponding to pre-stored Web fingerprint features in a pre-set fingerprint library at each interval of pre-set time:
Extracting keywords in the content information through a trained keyword extraction model;
And determining whether updated Web application program information exists in the content information according to the keywords.
5. The Web vulnerability detection method of claim 1, wherein the trained Web fingerprint recognition model comprises a trained improved transducer model.
6. The Web vulnerability detection method of claim 5, wherein the identifying new Web fingerprint features from the updated Web application information via a trained Web fingerprint identification model comprises:
Performing syntactic analysis on the updated Web application information to obtain a syntactic analysis tree of the updated Web application information;
And inputting the updated Web application program information and the syntax analysis tree into the trained improved transducer model for entity identification to obtain the new Web fingerprint characteristics.
7. The Web vulnerability detection method of claim 1, wherein after performing vulnerability detection on the Web site to be detected according to the target vulnerability detection script, further comprises:
and generating and outputting a vulnerability detection result, wherein the vulnerability detection result comprises vulnerability detail information, vulnerability risk assessment information and vulnerability repair measure suggestion information.
8. A Web vulnerability detection apparatus, characterized in that the Web vulnerability detection apparatus comprises:
The first acquisition module is used for acquiring content information of the Web website corresponding to pre-stored Web fingerprint features in a preset fingerprint library at each interval of preset time;
The updating module is used for identifying new Web fingerprint characteristics from the updated Web application program information through a trained Web fingerprint identification model under the condition that the updated Web application program information exists in the content information, and extracting the new Web fingerprint characteristics to update to the preset fingerprint library;
the second acquisition module acquires Web fingerprint characteristics of a Web website to be detected;
The matching module is used for matching the Web fingerprint characteristics with the preset fingerprint library so as to determine a target vulnerability detection script corresponding to the Web fingerprint characteristics according to the Web fingerprint characteristics updated in the preset fingerprint library;
And the detection module is used for carrying out vulnerability detection on the Web website to be detected according to the target vulnerability detection script.
9. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the Web vulnerability detection method according to any one of claims 1-7 when the computer program is executed by the processor.
10. A computer readable storage medium, wherein the computer readable storage medium stores a computer program, wherein the computer program when executed by a processor implements the steps of the Web vulnerability detection method of any one of claims 1 to 7.
CN202410586512.4A 2024-05-13 2024-05-13 Web vulnerability detection method and device, computer equipment and storage medium Pending CN118174963A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410586512.4A CN118174963A (en) 2024-05-13 2024-05-13 Web vulnerability detection method and device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410586512.4A CN118174963A (en) 2024-05-13 2024-05-13 Web vulnerability detection method and device, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN118174963A true CN118174963A (en) 2024-06-11

Family

ID=91357003

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410586512.4A Pending CN118174963A (en) 2024-05-13 2024-05-13 Web vulnerability detection method and device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN118174963A (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110265077A1 (en) * 2010-04-26 2011-10-27 Vmware, Inc. Rapid updating of cloud applications
US8566589B1 (en) * 2007-09-27 2013-10-22 Symantec Corporation Method and apparatus for identifying a web server
CN105210352A (en) * 2013-03-15 2015-12-30 微软技术许可有限责任公司 Fingerprint-based, intelligent, content pre-fetching
CN109375945A (en) * 2018-08-28 2019-02-22 中国人民解放军国防科技大学 Firmware version detection method and vulnerability repair rate evaluation method for Internet of things equipment
CN112287355A (en) * 2020-10-30 2021-01-29 腾讯科技(深圳)有限公司 Vulnerability detection method and device, computer equipment and storage medium
CN112989256A (en) * 2021-05-08 2021-06-18 北京华云安信息技术有限公司 Method and device for identifying web fingerprint in response information
CN113946566A (en) * 2021-12-20 2022-01-18 北京大学 Web system fingerprint database construction method and device and electronic equipment
CN114143086A (en) * 2021-11-30 2022-03-04 北京天融信网络安全技术有限公司 Web application identification method and device, electronic equipment and storage medium

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8566589B1 (en) * 2007-09-27 2013-10-22 Symantec Corporation Method and apparatus for identifying a web server
US20110265077A1 (en) * 2010-04-26 2011-10-27 Vmware, Inc. Rapid updating of cloud applications
CN105210352A (en) * 2013-03-15 2015-12-30 微软技术许可有限责任公司 Fingerprint-based, intelligent, content pre-fetching
CN109375945A (en) * 2018-08-28 2019-02-22 中国人民解放军国防科技大学 Firmware version detection method and vulnerability repair rate evaluation method for Internet of things equipment
CN112287355A (en) * 2020-10-30 2021-01-29 腾讯科技(深圳)有限公司 Vulnerability detection method and device, computer equipment and storage medium
CN112989256A (en) * 2021-05-08 2021-06-18 北京华云安信息技术有限公司 Method and device for identifying web fingerprint in response information
CN114143086A (en) * 2021-11-30 2022-03-04 北京天融信网络安全技术有限公司 Web application identification method and device, electronic equipment and storage medium
CN113946566A (en) * 2021-12-20 2022-01-18 北京大学 Web system fingerprint database construction method and device and electronic equipment

Similar Documents

Publication Publication Date Title
CN107918733B (en) System and method for detecting malicious elements of web page
JP7528166B2 (en) System and method for direct in-browser markup of elements in internet content - Patents.com
US9614862B2 (en) System and method for webpage analysis
US8943588B1 (en) Detecting unauthorized websites
US8954955B2 (en) Standard commands for native commands
CN108268635B (en) Method and apparatus for acquiring data
CN113342639B (en) Applet security risk assessment method and electronic device
US11836069B2 (en) Methods and systems for assessing functional validation of software components comparing source code and feature documentation
CN111737692B (en) Application program risk detection method and device, equipment and storage medium
CN110765459A (en) Malicious script detection method and device and storage medium
CN104956372A (en) Determining coverage of dynamic security scans using runtime and static code analyses
CN104992117A (en) Abnormal behavior detection method and behavior model establishment method of HTML5 mobile application program
KR102362516B1 (en) Apparatus for processing cyber threat information, method for processing cyber threat information, and medium for storing a program processing cyber threat information
CN112579476B (en) Method and device for aligning vulnerability and software and storage medium
CN113360800A (en) Method and device for processing featureless data, computer equipment and storage medium
JP2018041442A (en) System and method for detecting web page abnormal element
US11797617B2 (en) Method and apparatus for collecting information regarding dark web
US11297091B2 (en) HTTP log integration to web application testing
CN107786529B (en) Website detection method, device and system
CN112817877B (en) Abnormal script detection method and device, computer equipment and storage medium
CN110874475A (en) Vulnerability mining method, vulnerability mining platform and computer readable storage medium
US20240111891A1 (en) Systems and methods for sanitizing sensitive data and preventing data leakage using on-demand artificial intelligence models
US20240111892A1 (en) Systems and methods for facilitating on-demand artificial intelligence models for sanitizing sensitive data
KR102447279B1 (en) Apparatus for processing cyber threat information, method for processing cyber threat information, and medium for storing a program processing cyber threat information
KR102411383B1 (en) Apparatus for processing cyber threat information, method for processing cyber threat information, and medium for storing a program processing cyber threat information

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination