Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Web vulnerability scanning system

A vulnerability scanning and vulnerability technology, applied in the field of web vulnerability scanning systems, can solve problems such as difficulty in meeting the vulnerability scanning requirements of large-scale web systems, and achieve the effects of solving the inefficiency of crawlers, improving elasticity, and improving flexibility

Inactive Publication Date: 2016-07-20
SHANGHAI CTRIP COMMERCE CO LTD
View PDF5 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] The technical problem to be solved by the present invention is to provide a web vulnerability scanning system in order to overcome the defect that the commercial scanning software in the prior art is difficult to meet the vulnerability scanning requirements of the current large-scale web system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Web vulnerability scanning system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] The present invention is further illustrated below by means of examples, but the present invention is not limited to the scope of the examples.

[0024] Such as figure 1 As shown, the web vulnerability scanning system of the present invention includes a traffic acquisition module 1 , a traffic storage module 2 , a scanning module 3 , a vulnerability information storage module 4 , a deduplication module 5 and a rule configuration module 6 .

[0025] Wherein, the traffic acquisition module 1 is used to acquire the traffic of the user accessing the web system through the traffic mirroring port of the switch, so as to obtain the url list of the web system through the bypass mode of the switch, and solve the problem that the scanner in the prior art obtains the web system through a crawler. The problem of low efficiency of the url list of the web system; specifically, in the present invention, the traffic acquisition module 1 can acquire the traffic based on the preset black...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a web vulnerability scanning system, comprising a flow acquisition module, used for acquiring web system access flow of a user by a flow mirror image port of a switch; a flow storage module, used for storing the flow in a first message queue; a scanning module, used for scanning the flow according to a scanning rule; and a vulnerability information storage module, used for storing vulnerability information scanned by the scanning module. According to the web vulnerability scanning system disclosed by the invention, the flow is acquired by the switch in a bypass mode, the problem of low crawler efficiency of a traditional web vulnerability scanner is solved, an effective user cookie can be loaded to simulate a real request of a user, meanwhile, the distributed scanning mechanism of the web vulnerability scanning system disclosed by the invention improves the elasticity of the scanning system, and moreover, the web vulnerability scanning system improves the scanning logic to a rule level, so the flexibility of the scanning system is improved.

Description

technical field [0001] The invention relates to a web vulnerability scanning system, in particular to a flow replay-based distributed web vulnerability scanning system. Background technique [0002] There are already several very mature web (web page) vulnerability scanning products in the prior art, such as AcunetixWebVulnerScanner, IBMWatchFireAppScan, W3AF, etc., among which AcunetixWebVulnerScanner and IBMWatchFireAppScan are very mature commercial scanning software, and W3AF is a very popular open source scanning project in the open source community , these products are difficult to meet the current vulnerability scanning needs of large web systems, the main reasons are: [0003] 1. These scanners use crawlers to obtain the url (uniform resource locator) list of the web system. The crawler method cannot obtain island pages in the system (this page has no links in other pages) and JavaScript (a A literal translation scripting language) rendered pages. In addition, pseu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L12/931
CPCH04L63/1433H04L49/208H04L63/1408H04L63/1466
Inventor 章锦成李天爽凌云陈莹朱伟元
Owner SHANGHAI CTRIP COMMERCE CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com