Automatic penetration testing method and system

A penetration testing and automatic technology, applied in the information field, can solve problems such as inability to display vulnerability hazards, resentment, repair problems, etc., and achieve the effect of improving inspection efficiency and comprehensiveness

Inactive Publication Date: 2016-08-03
SHENZHEN ANLUO TECH CO LTD
View PDF7 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Since it is only a simple detection without in-depth verification, there will be many false positives, causing repair problems
[0011] 2: It only lists the vulnerabilities and risks of vulnerabilities. It cannot show the real danger points and the harm caused by the vulnerabilities, ...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Automatic penetration testing method and system
  • Automatic penetration testing method and system
  • Automatic penetration testing method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0081] figure 1 It is a schematic flow chart of the present invention; figure 2 It is a schematic diagram of the permeation mode of the present invention. First of all, the system is developed with the scripting language Ruby. Ruby is a popular computer language and is widely used by security personnel. It has powerful functions and good compatibility. This time the system program is semi-open source (allowing users to review the source code of the program and use it with confidence), users can add their own test scripts, use standard interfaces, can interface with other security systems, and can verify the scanning results of other scanners (WVS, Appscan, Nessus, Nexpose, etc.).

[0082] In order to meet the needs of different groups of people (novice and expert), this system supports two methods of automatic infiltration and manual infiltration. The automatic infiltration can be one-click infiltration; the single-step operation of manual infiltration is more efficient. C...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an automated penetration testing method and system, including an automatic penetration method and a manual penetration method; in the manual penetration method, it is necessary to select a penetration mode for automatic penetration; the penetration mode includes loophole penetration, brute force cracking, and WEB penetration and social engineering tests. The present invention has the advantages of loophole hazard display, comprehensive coverage inspection, and automatic penetration. By utilizing the discovered loopholes, the present invention displays the hazards caused by the loopholes, deters development and operation and maintenance personnel, forms indirect security awareness education for them, and improves personnel security. Security awareness; comprehensive coverage inspection, through security inspection of networks, applications, and personnel; through automated penetration, improve the efficiency and comprehensiveness of security personnel inspections.

Description

technical field [0001] The invention belongs to the field of information, and in particular relates to an automatic penetration testing method and system. Background technique [0002] Glossary: [0003] SMTP (SimpleMailTransferProtocol) is the Simple Mail Transfer Protocol. [0004] CMS is the abbreviation of Content Management System, which means "content management system". [0005] APT (Advanced Persistent Threat): advanced persistent threat. [0006] Domestic network security scanners are all inspection tools, which can only find vulnerabilities, without in-depth verification and utilization of vulnerabilities, there are many false positives, and they cannot intuitively reflect which vulnerabilities are real high-risk vulnerabilities that will be directly exploited by hackers. Often after the scan is completed, people need to manually verify the scan results, and if they go deeper, they will use vulnerabilities to conduct penetration tests to check the harm they can ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L12/26H04L12/24
CPCH04L63/1416H04L41/0213H04L41/0253H04L43/06H04L43/08H04L63/1425H04L63/1433H04L63/145H04L63/1483
Inventor 谢朝霞马庆贺
Owner SHENZHEN ANLUO TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap