Security vulnerability early warning method and system based on software source code analysis

A code analysis and software source technology, applied in the field of network information security, which can solve problems such as unpredictable technical component vulnerabilities and inability to effectively scan third-party technical components.

Inactive Publication Date: 2021-09-28
湖南省佳策测评信息技术服务有限公司
View PDF15 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Source code scanning is mainly aimed at open source programs, and usually only needs to be scanned once, although it is possible to find possible hidden security flaws in the program by checking the file structure, naming rules, functions, stack pointers, etc. in the program that do not comply with security rules , but cannot effectively scan third-party technical components, let alone predict future vulnerabilities of technical components

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security vulnerability early warning method and system based on software source code analysis
  • Security vulnerability early warning method and system based on software source code analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] In order to make the technical problems, technical solutions and beneficial effects to be solved by the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0028] Such as figure 1 As shown, the present invention provides a security vulnerability early warning method based on software source code analysis, including:

[0029]S101: Collect and store basic software information; among them, basic software information includes system name, system development language, name and version of the operating system of the server where it is located, and IP address of the server where it is located. The collection of basic software information is information matching for vulnerability warning and vulnerability processing Provide ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a security vulnerability early warning method and system based on software source code analysis, and the method comprises the steps: collecting and storing software basic information, selecting software for source code management according to the software basic information, and building an incidence relation between the software and a source code; selecting a source code according to the association relationship, automatically analyzing the third-party technical component file, establishing a technical component library, establishing an association relationship between software and the third-party technical component, detecting a vulnerability database in the global information security field in real time, and automatically synchronizing vulnerability information; matching the automatically synchronized vulnerability information with a technical component library, establishing an association relationship between the vulnerability information and a third-party technical component, automatically generating early warning information according to the association relationship, displaying the early warning information and recording vulnerability processing information corresponding to the early warning information, and after vulnerability processing is completed, automatically canceling early warning information, newly adding a vulnerability processing record, visually displaying a vulnerability information analysis result, and achieving timely active early warning.

Description

technical field [0001] The invention relates to the technical field of network information security, in particular to a security vulnerability early warning method and system based on software source code analysis. Background technique [0002] With the in-depth development of Internet technology, topics such as system security and application security have become unavoidable challenges for software companies and information system construction units. How to proactively warn technical security vulnerabilities during software operation and actively prevent software security risks, It is a problem that both software companies and construction units need to consider. The existing vulnerability security scanning, static detection technology (source code scanning), and dynamic detection technology can only find vulnerabilities during the scanning and detection period. The software cannot perform normal real-time vulnerability scanning and detection during the running process. Vul...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/563
Inventor 李红霞徐俊
Owner 湖南省佳策测评信息技术服务有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap