Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for reducing false alarm of vulnerability scanning

A vulnerability scanning and vulnerability technology, applied in instrument, platform integrity maintenance, electrical digital data processing, etc., can solve the problems of unable to complete the update immediately, unable to directly share false positive information, and increase the workload of technical team, etc. The effect of reducing follow-up workload, reducing repetitive work, and improving accuracy

Active Publication Date: 2020-02-04
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF10 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The present invention solves the problem that in the prior art, it is necessary to rely on manual review to check the false positives one by one, and the probability of later occurrence cannot be ruled out. Relying on simple false negatives to submit is prone to more delays, which increases the workload of the technical team and generates a large number of Repetitive work, in the case of network isolation, false positive information cannot be directly shared, and the update cannot be completed in the first time, providing an optimized method to reduce false positives in vulnerability scanning

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for reducing false alarm of vulnerability scanning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] The present invention will be described in further detail below in conjunction with the examples, but the protection scope of the present invention is not limited thereto.

[0031] The invention relates to a method for reducing false alarms in vulnerability scanning. By synchronizing data for network sharing, the relevant information of false alarms is obtained through the scanning system, the data is collected by a data collector, and the actual verification is carried out by professionals. Confirmed as For false positives, adjust the technical parameters, give a correction plan and synchronize it to the shared server, otherwise, it will be dealt with according to the vulnerability repair suggestion.

[0032] The method includes the following steps.

[0033] Step 1: Scan the system terminal; get false positive information.

[0034] Described step 1 comprises the following steps:

[0035] Step 1.1: Use the scanner to scan the vulnerability scanning environment for vul...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a method for reducing the false alarm of vulnerability scanning. The method comprises the following steps of: obtaining false alarm information and corresponding data by scanning a system terminal, submitting the false alarm information and the corresponding data to a shared server for manual auditing and affirmation, adjusting technical parameters, providing and synchronizing a correction scheme, and finally processing or repairing by the terminal based on the correction scheme. According to the invention, vulnerability types with high false alarm rate can be marked in a unified manner; determining a false alarm point, refining the collected false alarm items, then performing content analysis processing and refining in a unified manner, performing professional analysis on the collected false alarm content by a technician, performing misjudgment and corresponding correction, and performing correction processing on a database and a vulnerability library; data centralized processing and updating optimization processing are adopted to solve false alarm, the detection efficiency is improved, effective false alarm related data can be collected, the subsequent workload is reduced, qualitative improvement is brought to vulnerability scanning accuracy, the false alarm rate is reduced, and repeated work is greatly reduced.

Description

technical field [0001] The invention relates to the transmission of digital information, such as the technical field of telegram communication, and in particular to a method for reducing false positives in vulnerability scanning. Background technique [0002] Due to the uneven level and experience of developers, a considerable number of developers did not make necessary legal judgments on the user's input data or information carried in the page, such as cookies, when writing code, which led to the Vulnerabilities can be used to invade databases or attack users of web applications, thereby obtaining some important data and benefits. [0003] With the increase of the number of websites, there are more and more tasks to detect webpage vulnerabilities. In the process of vulnerability scanning, there are inevitably false positives. Trouble; in the existing technology, it is generally processed directly through manual methods, deleting false positive content, or avoiding the know...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08G06F21/57
CPCH04L63/1433H04L67/1095G06F21/577H04L67/55
Inventor 曾建东范渊
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products