80 results about "Vulnerability scanner" patented technology

The system and method for three-dimensional visualization of vulnerability and asset data described herein may provide a management console that integrates various active vulnerability scanners, various passive vulnerability scanners, and a log correlation engine distributed in a network. In particular, the management console may include a three-dimensional visualization tool that can be used to generate three-dimensional visualizations that graphically represent vulnerabilities and assets in the network from the integrated information that management console collects the active vulnerability scanners, the passive vulnerability scanners, and the log correlation engine distributed in the network. As such, the three-dimensional visualization tool may generate three-dimensional representations of the vulnerabilities and assets in the network that can be used to substantially simplify management of the network.

The invention provides a WEB vulnerability scanning method and a vulnerability scanner based on fingerprint recognition technology. Since a feature library based security scanning scheme is used to replace a common site security vulnerability scanning scheme based on fully crawling, the scanner is improved in terms of accuracy of vulnerability scanning, flexibility of further processing after detecting vulnerabilities, efficiency of discovering vulnerabilities, and the like, and accordingly a new scheme is provided for the system security scanning and the network vulnerability scanning. The scanner comprises a user side, a browser, a scanning host and a WEB server. According to the abstract appended drawing, the scanning host comprises a control module, a scan parameter setting module, a scan engine module, a WEB fingerprint library module and a WEB vulnerability library module. The user sets scanning parameters in the scan parameter setting module through the control module, the scanning engine is firstly used for fingerprint recognition on the basis of sent parameters, and finally, the vulnerability library is used for testing site vulnerabilities and sending a test report. The scanner is capable of accurately and rapidly helping users to test and analyze vulnerability of the target website, and directly perform corresponding operations on the browser with no need of installation of client side software.

The invention provides a web vulnerability scanning method and device based on an infiltration technology. The scanning device comprises a client, a Web browser, a scanning host and a Web server which are sequentially connected and is characterized in that the scanning host comprises a control platform, a scanning mode setting module, a scanning module and a vulnerability library, a scanning modeis set in the scanning mode setting module by a user through the control platform, a scanning depth is extended from a first-class scanning to a second-class scanning or even a deeper scanning in thescanning module, and finally, a target website is scanned by using the vulnerability library and a test report is given. By virtue of the complete crawling-based website security vulnerability scanning method, improvements on a further treatment (strengthening the depth of detection) after vulnerabilities are detected and the flexibility of a detection mode are realized, and a comprehensive and effective solution is provided for system/network vulnerability scanning and processing.

The invention discloses a device and method for assessing the risk of computer network, the device in invention includes: gateway, which can obtain the network topology structure information; loophole scanner, which can obtain the network topology structure information from the scanning agent sever, and builds the scanning strategy according to the network topology structure information and the allocation. The method in the invention includes following steps: step1. The scanning agent sever obtains the network topology structure information from the gateway; step 2, loophole scanner obtains the network topology structure information from the scanning agent sever; step 3, the loophole scanner builds the scanning strategy according to the network topology structure information, and scans according to the scanning strategy; step 4, the loophole scanner analyzes the scanning result, and generates the loophole report and/or remedy report. Using the invention it can protect the risk in the internal web effectively.

The present invention discloses a method for scanning loophole which is realized by a loophole scanner comprising a user end, a browser, a scanning host machine and a destination host, wherein the scanning host machine portion comprises a control platform, a scanning mode configuration module, a scanning module and a loophole library, the scanning mode configuration module is embedded in the control platform, the user end performs remote control to the remote scanning host machine through Web browsers.

Prioritizing vulnerability scan results is provided. Vulnerability scan results data corresponding to a network of data processing systems are received from a vulnerability scanner. The vulnerability scan results data are parsed to group the vulnerability scan results data by vulnerability identifiers. A corresponding security threat information identifier is associated with each vulnerability identifier. A correlation of each associated security threat information identifier is performed with a set of current vulnerability exploit data that corresponds to that particular security threat information identifier. Current security threat information that affects host data processing systems in the network is determined based on the correlation between each associated security threat information identifier and its corresponding set of current vulnerability exploit data. The current security threat information is prioritized based on a number of corresponding current vulnerability exploit attacks.

The invention relates to systems and methods for management of internet and computer network security threats comprising: a centralized monitoring service; a security management center, wherein the security management center is engineered with rule based and non-linear adaptive analytics to provide intrusion detection, automated response to intrusion attempts, virus detection scanner, spyware scanner, a virtual private network engine, network vulnerability scanner, network activity logger, content filter, SPAM prevention, email activity log and filter, and TBD threat vectors; a remote client; and a hardware device located at the client, wherein the hardware self boots and automatically initiates a virtual private network session with the hosted monitoring and management center after connection to the internet and electrical power.

The invention provides a vulnerability scanner and a plug-in scheduling method thereof. The plug-in scheduling method includes: loading a preset general plug-in into an internal memory after the vulnerability scanner is started up; recognizing the category of an operation system of a target device after receiving the vulnerability scanning task; selecting a preset scanning template according to the category of the operation system; and invoking plugs-in recorded in the selected scanning template. According to the plug-in scheduling method, the general plug-in is invoked first, the category of the operation system of the target device is then recognized, and the corresponding plugs-in are loaded into the internal memory for invoking. Compared with the mode of loading all plugs-in into the internal memory in one time in the prior art, the plug-in scheduling method shortens loading time, accordingly improves scanning speed, reduces requirements for capacity of the internal memory, and accordingly is favorable for reducing hardware cost.

The present application provides a vulnerability detection method and device. According to the vulnerability detection method and device of the invention, a step for converting a field of the JSON format in a first request message to a field of the URL format is added in a vulnerability detection process, and therefore, with an existing URL format-based vulnerability scanner engine unmodified, a test load is added to the field of the URL format, and the test load-added field in the URL format is converted into a field of the JSON format; a second request message is generated and is sent to a server, so that the server can identify the second request message; a second response message which is corresponding to the second request message and returned by the server is directly compared with afirst response message which is returned by the server after a first request message is sent to the server; and a vulnerability detection result is obtained on the basis of vulnerability judgment reset rules in a vulnerability knowledge base; and thus, JSON format-based automatic vulnerability detection is realized, development costs are saved, and vulnerability detection efficiency can be improved.

The invention relates to the technical field of vulnerability scanning and provides a vulnerability scanning method and a vulnerability scanning device. The method is applied to a detector which is mounted between terminal equipment and a server. The method includes: the detector acquires an asset vulnerability scanning request sent by a user, wherein the asset vulnerability scanning request includes asset name information; the detector reads asset address information according to the name information, wherein the address information is established in advance on the basis of historical access information of the user, and the historical access information includes historical access asset name information and address information; the detector pushes the address information to an asset vulnerability scanner to make it convenient for the vulnerability scanner to perform asset vulnerability scanning. The vulnerability scanning method and the vulnerability scanning device have advantages that the technical problem of high manpower cost in vulnerability scanning with a traditional vulnerability scanner is alleviated.

The invention belongs to the field of network security, in particular to a vulnerability scanner and a plug-in scheduling method thereof. The method comprises the following steps that: starting the vulnerability scanner, and identifying whether a target to be scanned is a host or network security equipment after a vulnerability scanning task is received; if the target to be scanned is the host, detecting the operating system of the host and a deployed service type, and selecting a preset scanning module according to the operating system and the service type; and if the target to be scanned isthe network security equipment, detecting the system type and the equipment type of the network security equipment, selecting a preset scanning module, and calling a plug-in recorded in the selected scanning module. The invention also discloses a scanner. On the basis of the above operating system type of the host, the service type or the operating system type and the equipment type of the networkequipment, the corresponding plug-in module can be selected and called, then, the corresponding plug-in is loaded into memory, and finally, the plug-in in the memory is read to be executed. Therefore, memory space is saved, and scanning speed is quickened.

The invention discloses a method and device for scanning a plug-in and determining the rule scheduling sequence in the plug-in. The method includes: during the determining stage of the rule scheduling sequence in the plug-in, determining the resource consumption of each independent rule in rule channels and the hit rate of loophole scanning of the rule channels; determining the scheduling sequence of each rule channel according to the resource consumption and the hit rate; during a scanning stage, sequentially performing loophole scanning according to the scheduling sequence of each rule channel. The method has the advantages that the plug-in is granulated according to the independent rules, the minimum unit of scanning scheduling is granulated into the rule channels, the reasonable rule channel scheduling sequence is determined automatically, plug-in scanning speed and efficiency are increased, computer resources are saved at the same time, and the overall scanning performance of a loophole scanner is increased.

The present invention proposes an anti-scan detection method and system based on various URL changes. The method comprises: acquiring an original code accessed by a user through a Web application request; when it is detected that the user accesses the original code for the first time, modifying a real URL address and an access topic in the original code according to a fault URL obfuscation algorithm; and when it is detected that the user accesses the original code for the second time or for many times, continuing to modify the real URL address and the access topic in the original code according to the fault URL obfuscation algorithm, so that a vulnerability scanner cannot obtain the real URL address, and then cannot obtain the web page, wherein results of modifying the real URL address and the access topic for each time are different. According to the method and system proposed by the present invention, a crawler module, the core module of the scanner is disturbed, the detection mechanism of the vulnerability scanning is avoided, and the scanning problem is completely eliminated, so that the current scanner is invalid, and the security of the target system is ensured as much as possible.

An interface system for securing devices on a network gaining access to an external wide area network, such as Internet. The interface system includes a gateway, a vulnerability scanner, switch, cameras, network access controller, and machine learning module. The interface system detects any unusual activity from a device on the network and can take autonomous decisions based on calculated scores to allow or block the unusual activity.