Web vulnerability scanning method and vulnerability scanner

A vulnerability scanning and vulnerability technology, which is applied in the field of computer networks, can solve the problems of inaccurate discrimination of page survival, high vulnerability repetition rate, long scanning time, etc., to achieve the effect of ensuring smooth development, reducing false alarm rate, and reducing workload

Pending Publication Date: 2020-07-24
江苏亨通工控安全研究院有限公司
View PDF9 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] For this reason, the technical problem to be solved by the present invention is to overcome the problems of inaccurate page survivability discrimination, long scanning time, and high loophole repet

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Web vulnerability scanning method and vulnerability scanner

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 2

[0030] Based on the same inventive concept, this embodiment provides a vulnerability scanner, the problem-solving principle of which is similar to that of the web vulnerability scanning method, and repeated descriptions will not be repeated here.

[0031] The vulnerability scanner described in this embodiment includes:

[0032] Node deployment module, used to deploy multiple scanning nodes;

[0033] The intelligent crawling module is used to scan the asset information of the target software system and the asset information of the target server, and perform intelligent crawling of web pages after completing the preliminary information collection;

[0034] The parsing module is used to explore different detection points in the request after crawling is completed, analyze the URL to be detected, and decompose all possible detection points;

[0035] The judgment module is used to clean all the detection point data, complete preliminary screening, analyze and count the visit volum...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a web vulnerability scanning method and a vulnerability scanner. The web vulnerability scanning method comprises the following steps: deploying a plurality of scanning nodes;scanning the asset information of the target software system and the asset information of the target server, and carrying out web page intelligent crawling after completing preliminary information collection; after crawling is completed, exploring different detection points in the request, analyzing the URL to be detected, and decomposing to obtain all possible detection points; cleaning all the detection point data, completing preliminary screening, analyzing and counting to obtain the page view and the access sequence of different URLs of the target, judging whether scanning is needed or notaccording to the content change of URL pages, if scanning is needed, performing statistical classification on results, adding labels, and otherwise, giving up scanning; and judging whether a vulnerability exists or not according to a statistical result, verifying the accuracy of the vulnerability if the vulnerability exists, and otherwise, giving up the operation. The method is beneficial to improving the efficiency and verifying the accuracy of the vulnerability.

Description

technical field [0001] The invention relates to the technical field of computer networks, in particular to a web vulnerability scanning method and a vulnerability scanner. Background technique [0002] The user enters the target URL, selects the scanning configuration, and the scanner completes the test through three stages of page crawling, detection and discovery, and vulnerability detection. In the first stage, the scanning engine uses intelligent page crawling technology, focusing on quickly and completely obtaining the site tree of the entire site. This process is divided into two steps: network access and link extraction. The network access can set a proxy when adding a scan configuration, and can support various authentication methods, client certificates, etc. After accessing the response, it automatically recognizes the encoding method of the response, and can extract links from static content such as HTML and HTML comments, and can also extract static and dynamic ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/1433H04L67/02
Inventor 许晓伟袁键徐乐晨蔡艳林李斌
Owner 江苏亨通工控安全研究院有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap