Penetration testing method and device

A penetration test, a technology to be tested, applied in computer security devices, machine learning, instruments, etc., can solve the problems of labor-intensive, low-efficiency, and time-consuming tests

Active Publication Date: 2020-03-24
BEIJING RZXT TECH DEV CO LTD
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Using manual methods to find vulnerabilities requires a lot of manpower, is time-consuming, and has low test efficiency; while using the existing POC method to find vulnerabilities, although it can save manpower, it can only find a relatively single vulnerability and cannot satisfy the search form. Diverse Vulnerability Requirements

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Penetration testing method and device
  • Penetration testing method and device
  • Penetration testing method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0020] figure 1 The method flow of the penetration test provided for the embodiment of the present invention Figure 1 , the execution subject of this method may be a terminal or a server with a penetration testing function. Such as figure 1 As shown, the method of penetration testing includes the following steps:

[0021] S110, acquiring the link data stream to be tested;

[0022] A link is also called a hyperlink. The so-called hyperlink refers to a connection relationship pointing to a target from a web page, and the object used for hyperlinking in a web page can be a section of text or a picture. After the text or picture, the link target will be displayed on the browser and opened or run depending on the type of the target. A hyperlink on a web page is usually implemented using a uniform resource locator (Uniform Resource Locator, URL).

[0023] The link data flow in this embodiment (hereinafter referred to as "data flow") can be understood as a collection of all dat...

Embodiment 2

[0049] existfigure 1 In the penetration testing method shown, the continuously updated POC vulnerability library plays a key role in the entire testing process, which provides a prerequisite for finding more diverse and complex vulnerabilities.

[0050] figure 2 It shows the process frame diagram of updating the POC in the vulnerability database during the penetration test, as shown in figure 2 As shown in , the entire penetration test is roughly divided into three parts, obtaining the data flow, scanning the data flow for vulnerabilities, and learning the data flow to form a POC.

[0051] Specifically, you can enter the IP address / domain name in the address input field, obtain the original URL data through crawler technology, and then perform fingerprint identification on these original URL data to remove duplicate URL data, and finally the remaining URL data The data is used as the data flow to be tested; the data flow to be tested is automatically scanned for vulnerabili...

Embodiment 3

[0096] Figure 4 Schematic diagram of the penetration test device provided for the embodiment of the present invention Figure 1 , which can be used to execute as figure 1 The method steps shown. Such as Figure 4 As shown, the device of the penetration test includes: a data acquisition module 410, a first vulnerability scanning module 420 and a vulnerability output module 430, wherein:

[0097] The data collection module 410 is used to obtain the link data stream to be tested; the first vulnerability scanning module 420 is used to scan the data stream for vulnerabilities through a preset vulnerability database; A plurality of loophole verification codes with loopholes are POC, and the POC is obtained through machine learning on historical data streams; the loophole output module 430 is configured to output the first loophole scanning result.

[0098] The penetration testing device of the embodiment of the present invention scans the data flow to be tested for vulnerabilit...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention provides a penetration testing method and a penetration testing device and relates to the field of code auditing. The method comprises the steps of obtaining to-be-tested link data flow; carrying out vulnerability scanning on the data flow according to a preset vulnerability database; storing a plurality of vulnerability validation codes POCs for validating whether a vulnerability exists in the data flow or not in the vulnerability database, and obtaining the POCs through machine learning on historical data flow; and outputting a first vulnerability scanning result. According to the penetration testing method and device, the POCs in the vulnerability database are updated through machine learning, and vulnerability scanning is carried out on the to-be-tested data flow by using the continuously updated vulnerability database, thereby meeting the requirements of searching diverse vulnerabilities.

Description

technical field [0001] The embodiment of the present invention relates to the field of code auditing, in particular to a method and device for penetration testing. Background technique [0002] As the name implies, code audit is to check the shortcomings and error information in the source code, analyze and find the security holes caused by these problems, and provide code revision measures and suggestions, so as to conduct in-depth problem finding and elimination process in the system development / operation and maintenance phase. Penetration testing is a key link in code auditing to find and fix vulnerabilities in code. [0003] The existing penetration testing process is mainly to observe the source code data flow (hereinafter referred to as "data flow") to be tested manually, and to find possible loopholes in the data flow according to the programmer's own professional level and experience . Of course, there is also an automated vulnerability finding method using a vulne...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/57G06N20/00
CPCG06F21/577G06N20/00
Inventor 姚勇谭智勇薛兆云钟锋张勇
Owner BEIJING RZXT TECH DEV CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap