Vulnerability detection method and system

Abstract

The invention relates to a vulnerability detection method and system, and the method comprises the steps: configuring test parameters based on a test item, at least comprising a to-be-tested target domain name, a test end browser IP address, a proxy server port, a vulnerability and a detection strategy thereof; sending a function point test request data packet to a test target through a proxy server port based on the test end browser, and receiving a returned response data packet; enabling the automatic detection tool to obtain a mirror image data packet of the test request, and carrying out the vulnerability detection on the function points one by one according to the configured vulnerabilities and the corresponding detection strategies; and in response to meeting the ending condition, ending the vulnerability detection. According to the method and the system, the leak detection condition of the function points is avoided, the safety engineers can share the detection experience and strategy, and the dependence on the safety engineers in the detection process is remarkably reduced, so the influence of human factors is reduced.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a loophole detection method and system. Background technique [0002] In the information age, network information security is always the top priority for enterprises and individuals. Whether it is hardware, software or protocol, when there are defects or the system security strategy is insufficient, a loophole will be formed, and the attacker can use the loophole to access or destroy the system without authorization, causing the information system to be attacked by Trojan horses, worms or Control, data leakage, data tampering, deletion, etc., which will bring immeasurable losses to individuals and enterprises, especially some Internet companies, in order to ensure the normal operation of online business and protect the security of user information, usually equipped with security Engineers conduct security inspections on online business vulnerabilities to discover vulner...

AI Technical Summary

Problems solved by technology

[0004] First, the influence of human factors is large

Due to factors such as the working status of security engineers, security knowledge reserves, and understanding of test items, it is impossible to ensure that the security testing strategy is well implemented and the full coverage of the business functions to be tested

In addition, different businesses may adopt different development frameworks, such as native PHP mode, self-written mode based on MVC framework, third-party framework mode, etc. Different development frameworks have different testing strategies, so security engineers need to load corresponding test strategy, but in the actual operation process, security engineers may not pay attention to this, resulting in invalid detection of security test strategy loading errors

[0005] Second, the effectiveness of detection tools needs to be improved

At present, the commonly used automated application risk scanners in the security testing process, such as Appscan and NSFOCUS Jiguang, can only cover some simple security risks based on the request-response model, but cannot cover security vulnerabilities such as permissions and security vulnerabilities that require interaction such as stored XSS

[0006] Third, missed detection

Although the traditional automated scanner crawler can obtain most of the business function points, it cannot obtain highly interactive business function points, and cannot effectively solve the missing detection of business functions

[0007] Fourth, security testing experience and testing strategies cannot be shared

The testing experience and testing strategies of security engineers for historical projects can only be reused in the next test of the same project by self-recording, which cannot be shared among different engineers, and it is impossible to know whether there are missed inspections, which will eventually lead to The test period is long and the results are not reliable

[0008] Fourth, the test environment is limited

Since Party A’s security testing is usually performed on servers in the test environment, such test servers have poor performance and can only support a small number of concurrent test requests. However, mainstream scanners in the market are based on massive attack simulation requests. , cannot be completed in a finite test period

[0009] To sum up, the existing vulnerability detection modes, methods and systems still have a lot of room for improvement

Images