Accuracy judgment test method based on vulnerability scanning

A vulnerability scanning and testing method technology, applied in the field of network security, can solve problems such as missed scanning of vulnerabilities, failure to send packets, and discarding of data returned by the target server beyond the delay, so as to avoid missed scanning, improve accuracy, and improve manual scanning efficiency Effect

Active Publication Date: 2017-10-20
SICHUAN CHANGHONG ELECTRIC CO LTD
View PDF7 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Because during the network scan, due to the unsmooth network or other reasons, the packet cannot be sent to the target server or the returned data exceeds the delay and discarded, resulting in missed scanning of vulnerabilities. Different scanners choose different vulnerability characteristics. If a single scanning method is used, it is very likely that a safe site will report a security vulnerability.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Accuracy judgment test method based on vulnerability scanning
  • Accuracy judgment test method based on vulnerability scanning
  • Accuracy judgment test method based on vulnerability scanning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] The present invention will be further described in detail below in conjunction with examples, but the embodiments of the present invention are not limited thereto.

[0026] A method for judging testing based on vulnerability scanning accuracy, comprising:

[0027] Step 1, the scanner starts scanning;

[0028] Step 2. Call self-developed plug-ins, metasploit, w3af, openvas, and some small open source frameworks or scripts;

[0029] Step 3, the first round of scanning is over, and the vulnerability names are obtained from different modules;

[0030] Step 4, the vulnerability name is stored in the database;

[0031] Step 5. There are modules or plug-ins with different vulnerability names corresponding to the vulnerability in the database;

[0032] Step 6. Call the module or plug-in that has the vulnerability scanning capability and has not scanned the vulnerability;

[0033] Step 7, collect the secondary scanning results, and calculate the probability of the existence ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an accuracy judgment test method based on vulnerability scanning. Parallel scanning of multiple types of open source software is performed, the vulnerability scanning product is independently researched and developed, and secondary scanning is performed by unifying the vulnerability name. Multiple times of detection is performed on the same vulnerability due to scanning of multiple scanners so that leak scanning can be effectively avoided; and the same vulnerability name is used as the mark for judgment, secondary scanning is performed from different characteristics of the vulnerability and the vulnerability probability is given so that false alarm can be greatly solved, the name of the detectable third-party tool is also friendly provided and thus the workload of the penetration test personnel can be reduced and the targeted performance is higher.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method for judging and testing based on vulnerability scanning accuracy. Background technique [0002] Existing website vulnerability scanning products all have the possibility of missing scans and false positives. Because during the network scan, due to the unsmooth network or other reasons, the packet cannot be sent to the target server or the returned data exceeds the delay and discarded, resulting in missed scanning of vulnerabilities. Different scanners select different vulnerability characteristics. If there is a single scanning method, it is very likely that a safe site will report security vulnerabilities. Contents of the invention [0003] The invention overcomes the deficiencies of the prior art, and provides a method for judging and testing based on the accuracy of leak scanning, which is used to solve the technical problems such as missed scans of leaks,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1433G06F21/554
Inventor 吴思宏
Owner SICHUAN CHANGHONG ELECTRIC CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap