Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Automated safety penetration test method

A penetration testing and security technology, applied in the field of network security, can solve the problems of inconsistent data format, lack of test platform, and inability to carry out autonomous interaction, so as to improve efficiency and automation, realize automatic invocation and execution, improve integrity and The effect of accuracy

Active Publication Date: 2017-12-01
CHINA INFOMRAITON CONSULTING & DESIGNING INST CO LTD
View PDF7 Cites 32 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] (1) The penetration testing process requires the use of a variety of security analysis tools. Due to the different penetration strategies, functions and usage methods of various tools, this situation cannot meet the needs of efficient and automated penetration testing
[0006] (2) There is a lack of an effective test platform that combines manual and automated testing. The data formats among the various tools required for testing are not uniform, and independent interaction cannot be performed. It requires testers to spend a lot of time and energy on data integration to drive penetration testing. process, unable to meet high-frequency penetration testing requirements

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Automated safety penetration test method
  • Automated safety penetration test method
  • Automated safety penetration test method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0057] The present invention will be further described below in conjunction with the accompanying drawings and embodiments.

[0058] Such as figure 1 , figure 2 and image 3 As shown, the method of the present invention adopts the scripting language Ruby to develop, adopts the standard interface, and can be docked with other security systems (Nessus, Nexpose, Appscan, WVS, etc.). The invention supports the combination of manual and automatic penetration methods, covers common penetration testing methods, and can perform penetration testing on networks, WEB applications, databases, network equipment, mobile terminals, and the like. All functions of the present invention are modeled development, support multi-user and multi-task operation, and can meet different penetration testing requirements. The specific process is as follows:

[0059] Step 0: Automatically respond to model training and establish a corresponding model.

[0060] Step 0.1: Continuously collect process inf...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an automated safety penetration test method, comprising: step 1, training an automated response model, establishing a corresponding model; step 2, scanning a target information system, obtaining host information; step 3, scanning vulnerability of the target information system, obtaining vulnerability information; step 4, according to the host information and the vulnerability information obtained in the step 2 and step 3, combined with an attack strategy library, establishing an attack model, according to the attack model, trying to attack the target information system, obtaining an attack feedback result; step 5, performing comprehensive analysis on a penetration test overall process, generating a penetration test report and teasing test steps and intermediate results, analyzing system security, providing a related solution; step 6, the response model updating in an adaptive manner, and regulating a response strategy.

Description

technical field [0001] The invention belongs to the field of network security and relates to an automatic security penetration test method. Background technique [0002] With the rapid development of information technology, security vulnerabilities have caused great security risks to information systems, and have become the entrance and way for malicious codes such as Trojan horses to spread. In order to discover the security problems existing in the information system as early as possible and determine the degree of harm, it is necessary to periodically conduct penetration tests on the information systems and perform system security repairs based on the results of the penetration tests. [0003] Penetration testing refers to the process in which security engineers simulate the information detection technology, vulnerability assessment technology and attack means used by hackers, conduct in-depth detection of the security of the target, and find the most vulnerable part of t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L12/26H04L12/24G06F17/30G06F21/57
Inventor 王小鹏石启良王涵杨盾高丽芬叶伟杨波
Owner CHINA INFOMRAITON CONSULTING & DESIGNING INST CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com