Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Agent-based vulnerability scanning method

A vulnerability scanning and vulnerability technology, applied in the field of network security, can solve the problems such as the inability to obtain login status information, the inability to discover security vulnerabilities, and the inability to scan IOT devices, and achieve the effect of high scalability.

Pending Publication Date: 2020-01-07
上海赛可出行科技服务有限公司
View PDF2 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The current common practice is to scan websites through automated vulnerability scanning tools, but traditional vulnerability scanning tools generally cannot scan mobile apps, IOT devices, etc., and cannot bypass man-machine verification and SMS verification. Therefore, the login status information cannot be obtained, and most of the links will be missed, resulting in security holes that cannot be found

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Agent-based vulnerability scanning method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0007] The present invention will be further described below in conjunction with the accompanying drawings and embodiments.

[0008] figure 1 It is a schematic diagram of the architecture of the agent-based vulnerability scanning system of the present invention.

[0009] See figure 1 , the agent-based vulnerability scanning method provided by the present invention mainly includes two core modules, an agent module and a vulnerability scanning module,

[0010] The proxy module provides an http(s) proxy to format the target traffic accessed by users, and extracts the information needed for scanning nodes, including url, cookies, headers, request parameters, etc.

[0011] The vulnerability scanning module performs vulnerability scanning on the information provided by the agent node, and stores the vulnerability information in the database.

[0012] Concrete operation process of the present invention is as follows:

[0013] Step 1: User configures proxy authorization and CA cer...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a vulnerability scanning method based on agency, which comprises the following steps: S1), establishing an IP agency node, and configuring agency authorization and a CA certificate; S2), after the configuration is completed, accessing a target website or a mobile app, and responding to the request; S3), formatting the information of the user access flow by the agent node, and sending the formatted information to a Redis queue; S4), monitoring the redis queue by adopting distributed vulnerability scanning nodes, consuming if a task exists, and performing vulnerability scanning on a target in the task; and S5), if the vulnerability scanning is matched with the vulnerability rule, inputting the vulnerability information into the database. According to the agent-based vulnerability scanning method provided by the invention, the problem that a traditional vulnerability scanning tool cannot bypass blind spots of man-machine and short message verification can be solved, so that the situations of full-flow and full-terminal scanning of services and missing scanning reduction are achieved, the scanning efficiency is improved, the vulnerability discovery difficulty isreduced, and everyone can carry out security testing.

Description

technical field [0001] The invention relates to a vulnerability scanning method, in particular to an agent-based vulnerability scanning method, which belongs to the field of network security. Background technique [0002] With the rapid development of the Internet, security incidents have occurred frequently in recent years, and security vulnerabilities are often reported by the media. Among various vulnerabilities, the most common and common one is application security vulnerabilities. Therefore, how to discover these security vulnerabilities is a big test for security engineers in enterprises. The current common practice is to scan websites through automated vulnerability scanning tools, but traditional vulnerability scanning tools generally cannot scan mobile apps, IOT devices, etc., and cannot bypass man-machine verification and SMS verification. Therefore, the login status information cannot be obtained, and most of the links will be missed, resulting in security holes...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/55
CPCG06F21/55
Inventor 王振飞杜磊刘文杰吴国富
Owner 上海赛可出行科技服务有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com