Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Automatic penetration testing system and method for WEB system

A test system and penetration technology, which is applied in the field of security scanning and automated penetration test system, can solve the problems of inaccuracy and illusion of system administrators, so as to improve accuracy, improve function and work efficiency, and achieve coherence sexual effect

Inactive Publication Date: 2010-06-16
BEIJING UNIV OF POSTS & TELECOMM
View PDF0 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0014] However, there are deficiencies in the above method: firstly, the rule base problem of system configuration
However, the rule base of this system configuration has limitations: if the rule base is not designed accurately, the accuracy of the forecast cannot be discussed
If the vulnerability database information is incomplete or cannot be updated in time, it will not only fail to play the role of vulnerability scanning, but also create an illusion for system administrators, making it impossible for them to take effective measures to eliminate potential security risks in a timely manner.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Automatic penetration testing system and method for WEB system
  • Automatic penetration testing system and method for WEB system
  • Automatic penetration testing system and method for WEB system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0044] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings.

[0045] Referring to Fig. 1, the present invention is used for the automatic penetration test system of WEB system, and this system automatically carries out penetration scanning or conventional scanning to WEB website according to the WEB scanning task that the user sets in the graphical user interface GUI presentation layer, and in conjunction with corresponding plug-in Analyze the scanning results, find out the security problems of the WEB website, and then generate a detection report; the system structure has three layers: GUI presentation layer, logic layer, and data layer, of which:

[0046] The GUI presentation layer is used to provide a GUI interface for interacting with users, including: browser, task configuration module, report and result display module, ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides an automatic permeability test system for a WEB system, comprising three layers: a GUI presentation layer for alternating interface with a user, a logical layer as runs of control core, executing scanning and confidence program of the system and associative functions, and a data layer for storing and maintaining kinds of scan rules and configuration information in a task execution process. The system can automatically carry out a penetrating scan or a conventional scan to a WEB station based on a WEB scan task in the GUI layer, analyzing the scan result combined with therelative inserters, finds the possible security problems of the WEB station, and then generates a detecting report for reporting a formed aggregate risk list. The invention is used to perform an automatic security test, is capable of replacing the present manual security test and permeability test, greatly reduces the cost of software security test in software develop at present, and also greatlyincreases accuracy of security test.

Description

technical field [0001] The invention relates to a security scanning technology of a WEB system, specifically, an automatic penetration testing system and method for a WEB system, and belongs to the technical field of software security in information security. Background technique [0002] At present, the commonly used web system security scanning tools are briefly listed as follows: [0003] Nikto, as an open source web server scanner, is used to perform comprehensive tests on web servers for multiple items (including 3500 potentially dangerous files / CGIs, over 900 server versions, and version-specific issues on more than 250 servers). Its scan items and plugins are updated frequently and can be updated automatically (if required). However, not every inspection can find security problems, although this is the case in most cases. Some items only provide information type checks, which can be used to find some items that do not have security vulnerabilities, [0004] Paros p...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/36G06F17/30
Inventor 张淼徐国爱王建杨义先
Owner BEIJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products