Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A system and method for website security detection based on full flow

A security detection and full-flow technology, applied in the field of information security, can solve problems such as incomplete URLs, information asymmetry, and low efficiency, and achieve the effects of reducing unnecessary scanning, improving scanning efficiency, and efficient vulnerability scanning

Active Publication Date: 2022-01-14
SHANGHAI JUSHUITAN NETWORK TECH CO LTD +1
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The disadvantage of the active scanning system is that the acquired URLs are incomplete, and the URLs that require interaction to be triggered are difficult for WEB crawlers to crawl. In addition, WEB crawlers cannot obtain island pages, test pages, and POST requests for special operations.
The disadvantage of the passive scanning system is that the passively accepted traffic also cannot cover all URLs, and only URLs of passive traffic can be captured
[0009] 3) It is difficult to fully synchronize the new functions of software development to the security testing department, resulting in information asymmetry, easy security testing is not targeted, and the efficiency is low;
[0010] 4) The security status of the test environment is easy to be negligent and becomes the entry point for hacker attacks
[0011] In summary, the existing WEB vulnerability scanning system can no longer meet the needs of Internet companies' software development security testing. At present, the industry urgently needs a new security testing system and method developed to address the pain points of security testing in Internet companies.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A system and method for website security detection based on full flow
  • A system and method for website security detection based on full flow

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0041]The present invention will be described in detail below in conjunction with the accompanying drawings and specific embodiments. Note that the aspects described below in conjunction with the drawings and specific embodiments are only exemplary, and should not be construed as limiting the protection scope of the present invention.

[0042] figure 1 The principle of an embodiment of the website security detection system based on full flow of the present invention is shown. See figure 1 , the website security detection system based on full traffic in this embodiment includes: an application security protection module 1 , a passive traffic analysis module 2 , an active scanning management module 3 , and a vulnerability scanner 4 .

[0043] The data transmission relationship between these four modules is: application security protection module 1 receives external test traffic and attack traffic, application security protection module 1 transmits data to passive traffic analy...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a website security detection system and method based on full flow, which can more comprehensively cover the security test of rapidly iterative WEB projects, discover newly added loopholes in the system in time, and improve the security of the WEB system. Its technical solution is: the system and method of the present invention take the problem of insufficient coverage of security detection vulnerabilities often encountered by Internet companies in the WEB development process as a starting point, and conduct security scanning by combining the two latitudes of active scanning and passive scanning, Cover the active traffic and passive traffic of the website, so as to discover new loopholes in the system in time and improve the security of the WEB system.

Description

technical field [0001] The invention relates to the field of information security, in particular to a website security detection system and method based on full traffic. Background technique [0002] Existing WEB vulnerability scanning systems are mainly divided into two categories, one is active scanning and the other is passive scanning. [0003] The main workflow of the active scanning system is: add scanning task -> start scanning -> generate scanning report. The main principle is as follows: first, crawl the seed URL through the WEB crawler, obtain the new URL in the newly crawled page, and then crawl layer by layer, finally, obtain all the URLs of the website, after deduplication Save all URLs, and finally, initiate an active vulnerability scan against the processed URLs. The disadvantage of the active scanning system is that the acquired URLs are incomplete, and the URLs that require interaction to be triggered are difficult for WEB crawlers to crawl. In addit...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40G06F21/57
CPCH04L63/1433H04L63/0236G06F21/577
Inventor 关键李灿升李鹏骆海东
Owner SHANGHAI JUSHUITAN NETWORK TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products