A security vulnerability automatic verification system based on a crowd test platform

Abstract

The invention discloses a security vulnerability automatic verification system based on a crowd testing platform. The system executes the following steps of 1, collecting the verification information;2, implementing the authentication information encapsulation, classifying all kinds of vulnerabilities collected by security vulnerability automatic verification system according to their types, extracting the key information from vulnerability detection results for each type of vulnerabilities, taking the key information as the necessary field data to submit the vulnerabilities, collecting the required data according to the fields, and packaging the data in a unified interface modularly; 3, searching for an authentication strategy, and selecting an appropriate attack script template and a vulnerability utilization tool according to suspicious vulnerability identification and type information; 4, carrying out automatic vulnerability verification; 5, clearing the verification trace; 6, generating a scanning report.

Description

technical field [0001] The invention belongs to the field of network security, and in particular relates to an automatic security loophole verification system based on a public testing platform. Background technique [0002] In recent years, malicious Internet attacks have occurred frequently, and the number of attack samples captured by major security platforms has continued to increase. Malicious sample analysis has become the focus of Internet security research. Vulnerability verification refers to verifying whether a sample uses a software vulnerability to attack, and the specific verification content includes the type of vulnerability and the means of attack. Most of the existing security public testing platforms, for the security vulnerabilities submitted by users, the process of verifying the vulnerabilities usually adopts manual review and verification. And the processing efficiency is low, and the response is not timely. Therefore, it is meaningful to study a new ...

AI Technical Summary

Problems solved by technology

This kind of defect may be a simple software bug at first, such as incomplete coverage of test cases and chaotic software business logic, but after artificial research and utilization, it becomes a vulnerability that makes the software break away from the normal operation process or high-level permissions are exploited

[0004] Today's major security platforms and security vulnerability scanning tools are equipped with automatic or manual vulnerability discovery and vulnerability collection functions, but users of most platforms and tools lack a set of efficient vulnerability verification methods and processes, and fail to identify vulnerabilities. timely disposal

From a practical point of view, although the hidden security risks in the network can be found by using the missing scanning tool, there are quite a few false positives in the current vulnerability scanning results. To verify the existence of vulnerabilities, testers need to have high professional quality. Have a certain understanding of various vulnerability principles and utilization tools, put forward high requirements for the ability of testers, and spend a lot of time to verify one by one, it is difficult to realize large-scale vulnerability discovery and verification

Images