Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Website security detection system and method based on full flow

A security detection, full flow technology

Active Publication Date: 2020-11-27
SHANGHAI JUSHUITAN NETWORK TECH CO LTD +1
View PDF7 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The disadvantage of the active scanning system is that the acquired URLs are incomplete, and the URLs that require interaction to be triggered are difficult for WEB crawlers to crawl. In addition, WEB crawlers cannot obtain island pages, test pages, and POST requests for special operations.
The disadvantage of the passive scanning system is that the passively accepted traffic also cannot cover all URLs, and only URLs of passive traffic can be captured
[0009] 3) It is difficult to fully synchronize the new functions of software development to the security testing department, resulting in information asymmetry, easy security testing is not targeted, and the efficiency is low;
[0010] 4) The security status of the test environment is easy to be negligent and becomes the entry point for hacker attacks
[0011] In summary, the existing WEB vulnerability scanning system can no longer meet the needs of Internet companies' software development security testing. At present, the industry urgently needs a new security testing system and method developed to address the pain points of security testing in Internet companies.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Website security detection system and method based on full flow
  • Website security detection system and method based on full flow

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0041]The present invention will be described in detail below in conjunction with the accompanying drawings and specific embodiments. Note that the aspects described below in conjunction with the drawings and specific embodiments are only exemplary, and should not be construed as limiting the protection scope of the present invention.

[0042] figure 1 The principle of an embodiment of the website security detection system based on full flow of the present invention is shown. See figure 1 , the website security detection system based on full traffic in this embodiment includes: an application security protection module 1 , a passive traffic analysis module 2 , an active scanning management module 3 , and a vulnerability scanner 4 .

[0043] The data transmission relationship between these four modules is: application security protection module 1 receives external test traffic and attack traffic, application security protection module 1 transmits data to passive traffic analy...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a website security detection system and method based on full flow, which can more comprehensively cover the security test of a fast iterative WEB project, can discover newly added vulnerabilities of the system in time and can improve the security of a WEB system. The technical scheme is as follows: according to the system and the method provided by the invention, the problem of insufficient security detection vulnerability coverage rate frequently encountered by an Internet company in a WEB development process is taken as a starting point, safety scanning is carried outby combining active scanning and passive scanning latitudes, and active flow and passive flow of a website are covered, so that newly-added vulnerabilities of the system are discovered in time, and the safety of the WEB system is improved.

Description

technical field [0001] The invention relates to the field of information security, in particular to a website security detection system and method based on full traffic. Background technique [0002] Existing WEB vulnerability scanning systems are mainly divided into two categories, one is active scanning and the other is passive scanning. [0003] The main workflow of the active scanning system is: add scanning task -> start scanning -> generate scanning report. The main principle is as follows: first, crawl the seed URL through the WEB crawler, obtain the new URL in the newly crawled page, and then crawl layer by layer, finally, obtain all the URLs of the website, after deduplication Save all URLs, and finally, initiate an active vulnerability scan against the processed URLs. The disadvantage of the active scanning system is that the acquired URLs are incomplete, and the URLs that require interaction to be triggered are difficult for WEB crawlers to crawl. In addit...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F21/57
CPCH04L63/1433H04L63/0236G06F21/577
Inventor 关键李灿升李鹏骆海东
Owner SHANGHAI JUSHUITAN NETWORK TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products