Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Vulnerability detection tool credibility verification method and system

A vulnerability detection and credibility technology, applied in the field of network security, can solve the problems of security test strategy loading errors, human factors, and limited test environment, so as to achieve high verification efficiency, ensure accuracy, and small human factors. Effect

Pending Publication Date: 2022-01-04
QIAN JIN NETWORK INFORMATION TECH SHANGHAI LTD
View PDF0 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] First, the influence of human factors is large
Due to factors such as the working status of security engineers, security knowledge reserves, and understanding of test items, it is impossible to ensure that the security testing strategy is well implemented and the full coverage of the business functions to be tested
In addition, different businesses may adopt different development frameworks, such as native PHP mode, self-written mode based on MVC framework, third-party framework mode, etc. Different development frameworks have different testing strategies, so security engineers need to load corresponding test strategy, but in the actual operation process, security engineers may not pay attention to this, resulting in invalid detection of security test strategy loading errors
[0004] Second, the effectiveness of detection tools needs to be improved
At present, the commonly used automated application risk scanners in the security testing process, such as Appscan and NSFOCUS Jiguang, can only cover some simple security risks based on the request-response model, but cannot cover security vulnerabilities such as permissions and security vulnerabilities that require interaction such as stored XSS
[0005] Third, missed detection
Although the traditional automated scanner crawler can obtain most of the business function points, it cannot obtain highly interactive business function points, and cannot effectively solve the missing detection of business functions
[0006] Fourth, security testing experience and testing strategies cannot be shared
The testing experience and testing strategies of security engineers for historical projects can only be reused in the next test of the same project by self-recording, which cannot be shared among different engineers, and it is impossible to know whether there are missed inspections, which will eventually lead to The test period is long and the results are not reliable
[0007] Fourth, the test environment is limited
Since Party A’s security testing is usually performed on servers in the test environment, such test servers have poor performance and can only support a small number of concurrent test requests. However, mainstream scanners in the market are based on massive attack simulation requests. , cannot be completed in a finite test period
[0008] To sum up, the existing vulnerability detection modes, methods and systems still have a lot of room for improvement

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Vulnerability detection tool credibility verification method and system
  • Vulnerability detection tool credibility verification method and system
  • Vulnerability detection tool credibility verification method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0029] In the following detailed description, reference is made to the accompanying drawings which are included in the specification and which illustrate specific embodiments of the application and which are included in this application. In the drawings, like reference numerals describe substantially similar components in different views. Va...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a vulnerability detection tool credibility verification method and system. The method comprises the following steps: a function point test request is sent to a test target based on a test end browser; the manual detection tool intercepts a data packet of the test request, and a security engineer performs manual detection according to a vulnerability detection strategy to obtain a first detection result of a corresponding function point; the automatic detection tool obtains a mirror image data packet of the test request, and performs vulnerability detection on a function point corresponding to the mirror image data packet according to a preset detection strategy to obtain a second detection result; the first detection result is compared with the second detection result; and the credibility of the function point vulnerability detection is determined by the automatic detection tool according to the comparison result. According to the method, the automatic vulnerability detection tool is verified based on the manual detection result, only a security engineer needs to confirm when necessary, excessive manual participation is not needed, the influence of human factors is small, and the verification efficiency is high.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method and system for verifying the credibility of a vulnerability detection tool. Background technique [0002] In the information age, network information security is always the top priority for enterprises and individuals. Whether it is hardware, software or protocol, when there are defects or the system security strategy is insufficient, a loophole will be formed, and the attacker can use the loophole to access or destroy the system without authorization, causing the information system to be attacked by Trojan horses, worms or Control, data leakage, data tampering, deletion, etc., which will bring immeasurable losses to individuals and enterprises, especially some Internet companies, in order to ensure the normal operation of online business and protect the security of user information, usually equipped with security Engineers conduct security inspections on onlin...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57G06F21/56G06F16/955
CPCG06F21/577G06F21/563G06F16/955G06F2221/034
Inventor 马弘煜张炎杨向勇
Owner QIAN JIN NETWORK INFORMATION TECH SHANGHAI LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products