CN113672934A - Security vulnerability scanning system and method, terminal and storage medium - Google Patents
Security vulnerability scanning system and method, terminal and storage medium Download PDFInfo
- Publication number
- CN113672934A CN113672934A CN202110933131.5A CN202110933131A CN113672934A CN 113672934 A CN113672934 A CN 113672934A CN 202110933131 A CN202110933131 A CN 202110933131A CN 113672934 A CN113672934 A CN 113672934A
- Authority
- CN
- China
- Prior art keywords
- scanning
- scanner
- task
- tasks
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 238000012544 monitoring process Methods 0.000 claims abstract description 18
- 238000012545 processing Methods 0.000 claims description 14
- 238000012163 sequencing technique Methods 0.000 claims description 6
- 238000007726 management method Methods 0.000 description 16
- 230000008569 process Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000011156 evaluation Methods 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000003190 augmentative effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000005094 computer simulation Methods 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/3006—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system is distributed, e.g. networked systems, clusters, multiprocessor systems
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Mathematical Physics (AREA)
- Quality & Reliability (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The application relates to a security vulnerability scanning system and method, a terminal and a storage medium, wherein the system comprises: the receiving and sending module is used for receiving a vulnerability scanning request sent by the terminal; the vulnerability scanning request comprises an identifier of equipment to be scanned and scanning task information; the monitoring module is used for monitoring the state of the scanner cluster and determining a corresponding load value according to the state of each scanner in the scanner cluster; the task management module is used for determining a target scanner from the scanner cluster according to the total scanning tasks and the load value of each scanner and distributing the scanning tasks to the target scanner; a plurality of scan tasks in a target scanner are prioritized. According to the security vulnerability scanning system, automatic remote vulnerability scanning can be achieved, manual participation is reduced to the greatest extent, and each module of the system is relatively independent, strong in stability and high in resource utilization rate; the client terminal can be fed back in time, and the client can be helped to know the safety condition of the equipment in time.
Description
Technical Field
The present application relates to the field of information security technologies, and in particular, to a security vulnerability scanning system and method, a terminal, and a storage medium.
Background
At present, vulnerability scanning service is usually provided by professional information security service personnel, and vulnerability scanning equipment is taken to a customer site periodically, so that the security missing scanning service is provided, and the security missing scanning equipment is shown in the attached drawing 1. However, this form has several disadvantages:
(1) the missed-scanning equipment is large in size, a plurality of missed-scanning points are required to be arranged on the spot of a common customer for scanning, the service objects are generally many customers, the carrying and the operation are very inconvenient, and the labor cost is high.
(2) The data which is generated by each time of missing scanning is stored in the local equipment, the data cannot be processed in time, the vulnerability security condition of the information system is analyzed, and a report is generated in time to inform a client.
(3) And a unified data management platform is not provided, the condition of each scanning missing of the information system of the client is collected, and the vulnerability security condition of the client is managed.
(4) After each missed scanning is finished, the loophole condition of the information system cannot be continuously monitored, so that the information security condition checked by a client is facilitated.
Disclosure of Invention
The embodiment of the application provides a security vulnerability scanning system and method, a terminal and a storage medium, which can realize automatic remote vulnerability scanning, reduce manual participation to the maximum extent, and have relatively independent modules, strong stability and high resource utilization rate; the client terminal can be fed back in time, and the client can be helped to know the safety condition of the equipment in time.
In one aspect, an embodiment of the present application provides a security vulnerability scanning system, including:
the receiving and sending module is used for receiving a vulnerability scanning request sent by the terminal; the vulnerability scanning request comprises an identifier of equipment to be scanned and scanning task information;
the monitoring module is used for monitoring the state of the scanner cluster and determining a corresponding load value according to the state of each scanner in the scanner cluster;
the task management module is used for determining a target scanner from the scanner cluster according to the total scanning tasks and the load value of each scanner and distributing the scanning tasks to the target scanner; a plurality of scan tasks in a target scanner are prioritized.
Optionally, the scan task information includes an identifier of the scan task; the security vulnerability scanning system further comprises:
the data processing module is used for acquiring scanning data generated after the target scanner executes a scanning task, and analyzing and processing the scanning data to obtain a scanning result;
and the transceiver module is used for sending the scanning result corresponding to the identification of the scanning task to the terminal.
Optionally, the scanning task information further includes a scanning object of the scanning task;
and the data processing module is also used for classifying the scanning data according to different scanning objects and storing the scanning data in corresponding leak libraries.
Optionally, when the scan object of the scan task is a website and the scan task information includes a plurality of target website addresses corresponding to a plurality of scan tasks, the task management module is further configured to:
and if the scanning task amount corresponding to the plurality of scanning tasks exceeds the maximum load value of a single scanner, determining a plurality of target scanners from the scanner cluster, and distributing the plurality of scanning tasks to the plurality of target scanners.
Optionally, the scanning task information includes deadline information and level information of the scanning task;
and the task management module is also used for sequencing the plurality of scanning tasks according to the deadline information and the grade information corresponding to each scanning task in the plurality of scanning tasks.
Optionally, the state of each scanner includes at least one of a resource usage state, a network throughput, and a scanning task execution state.
Optionally, the transceiver module is further configured to send scanning task state information corresponding to the vulnerability scanning request to the terminal; the scan task state information includes at least one of executed task information, to-be-executed task information, and non-executed task information.
On the other hand, an embodiment of the present application provides a security vulnerability scanning method, including:
receiving a vulnerability scanning request sent by a terminal; the vulnerability scanning request comprises an identifier of equipment to be scanned and scanning task information;
monitoring the state of the scanner cluster, and determining a corresponding load value according to the state of each scanner in the scanner cluster;
determining a target scanner from a scanner cluster according to the total amount of scanning tasks and the load value of each scanner, and distributing the scanning tasks to the target scanner; a plurality of scan tasks in a target scanner are prioritized.
On the other hand, an embodiment of the present application provides a terminal, including:
the sending module is used for sending a vulnerability scanning request to the security vulnerability scanning system; the vulnerability scanning request comprises an identifier of equipment to be scanned and scanning task information; the vulnerability scanning request is used for indicating a security vulnerability scanning system to monitor the state of a scanner cluster, determining a corresponding load value according to the state of each scanner in the scanner cluster, determining a target scanner from the scanner cluster according to the total amount of scanning tasks and the load value of each scanner according to a preset frequency, distributing the scanning tasks to the target scanner, and performing priority sequencing on a plurality of scanning tasks in the target scanner;
and the receiving module is used for receiving the scanning result sent by the security vulnerability scanning system.
In another aspect, an embodiment of the present application provides a computer storage medium, where at least one instruction or at least one program is stored in the storage medium, and the at least one instruction or the at least one program is loaded and executed by a processor to implement the above security vulnerability scanning method.
The security vulnerability scanning system, the security vulnerability scanning method, the terminal and the storage medium have the following beneficial effects:
the security vulnerability scanning system comprises: the receiving and sending module is used for receiving a vulnerability scanning request sent by the terminal; the vulnerability scanning request comprises an identifier of equipment to be scanned and scanning task information; the monitoring module is used for monitoring the state of the scanner cluster and determining a corresponding load value according to the state of each scanner in the scanner cluster; the task management module is used for determining a target scanner from the scanner cluster according to the total scanning tasks and the load value of each scanner and distributing the scanning tasks to the target scanner; a plurality of scan tasks in a target scanner are prioritized. According to the security vulnerability scanning system provided by the embodiment of the application, automatic remote vulnerability scanning can be realized, manual participation is reduced to the greatest extent, and each module of the system is relatively independent, so that the stability is strong, and the resource utilization rate is high; the client terminal can be fed back in time, and the client can be helped to know the safety condition of the equipment in time.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a schematic diagram of a conventional safety missing scan device provided by an embodiment of the present application;
fig. 2 is a schematic diagram of an application scenario provided in an embodiment of the present application;
fig. 3 is a schematic structural diagram of a security vulnerability scanning system according to an embodiment of the present application;
fig. 4 is a schematic flowchart of a security vulnerability scanning method according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or server that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Referring to fig. 2, fig. 2 is a schematic view of an application scenario provided in the present application, including a security vulnerability scanning system 201 deployed in a cloud, a terminal 202, and a device to be scanned 203; the security vulnerability scanning system 201 is connected with the terminal 202, the security vulnerability scanning system 201 receives a vulnerability scanning request sent by the terminal 202, the vulnerability scanning request comprises an identifier of the device 203 requested to be scanned by the terminal 202, and the security vulnerability scanning system 201 is connected with the device 203 to be scanned according to the identifier so as to scan the security vulnerability of a scanning object on the device 203 to be scanned.
Alternatively, the terminal 202 may include, but is not limited to, a smart phone, a desktop computer, a tablet computer, a laptop computer, a smart speaker, a digital assistant, an Augmented Reality (AR)/Virtual Reality (VR) device, a smart wearable device, and other types of electronic devices. Optionally, the operating system running on the electronic device may include, but is not limited to, an android system, an IOS system, linux, windows, and the like.
Optionally, the security vulnerability scanning system 201 and the device to be scanned 203 may be connected by, but not limited to, a 4G/5G, WIFI and ethernet connection; the connection between the security breach scanning system 201 and the terminal 202 may include, but is not limited to, connection via 4G/5G, WIFI and an ethernet connection.
Referring to fig. 3, fig. 3 is a schematic structural diagram of a security vulnerability scanning system according to an embodiment of the present disclosure, where the security vulnerability scanning system includes a transceiver module 301, a monitoring module 302, and a task management module 303; the transceiving module 301 is connected with the task management module 303; the monitoring module 302 is respectively connected with the transceiver module 301 and the task management module 303 to monitor each module;
the transceiver module 301 receives a vulnerability scanning request sent by a terminal by establishing connection with the terminal; the vulnerability scanning request comprises an identifier of equipment to be scanned and scanning task information; the transceiver module 301 may be connected to multiple terminals at the same time, and receive multiple vulnerability scanning requests from the multiple terminals;
the transceiver module 301 sends the vulnerability scanning request to the task management module 303, and the task management module 303 counts scanning task information in the vulnerability scanning request and calculates the total scanning task amount;
meanwhile, the security vulnerability scanning system further comprises a scanning module 304, wherein the scanning module 304 comprises a scanner cluster, and the scanner cluster is used for executing a corresponding scanning task on the device to be scanned;
a monitoring module 302, configured to monitor a state of a scanner cluster, and determine a corresponding load value according to a state of each scanner in the scanner cluster;
the task management module 303 is configured to determine a target scanner from the scanner cluster according to the total scanning tasks and the load value of each scanner, and allocate the scanning tasks to the target scanner; a plurality of scan tasks in a target scanner are prioritized. The target scanner is used for scanning a scanning object on the device to be scanned according to the identifier of the device to be scanned.
In the embodiment of the application, the security vulnerability scanning system can be deployed on a cloud computing platform, a user only needs to upload a vulnerability scanning request through a terminal, so that the security vulnerability scanning system can adopt an automatic remote vulnerability scanning form for a missed scanning object on a device to be scanned according to the vulnerability scanning request, manual participation can be reduced to the greatest extent, meanwhile, the system adopts a distributed structural form, the technical advantages of the cloud platform are fully utilized, all modules in the system are mutually independent, the dependence degree is low, and the whole system has high stability and expansibility.
In the embodiment of the application, a missed-scan requirement is designed by adopting a scene mode, and a user can fill the missed-scan requirement according to different scenes of devices to be scanned, for example, the devices to be scanned can be a traditional information system, a cloud computing platform, a cloud tenant-side information system, a big data platform and the like, a missed-scan object covers a network, a host, a database, a middleware, a web application, business application software, cloud management software, big data management software, a container, a service, a port, geography, an operator and the like, and in addition, an external network missed-scan access address can be filled, whether intranet scanning and intranet access IP and ports are needed, whether intranet needs to access a plurality of scanning points and access IP addresses and ports, whether a missed-scan and missed-scan cycle is needed regularly, the emergency degree of a missed-scan task, and the type of the missed-scan (for example, security check before online, security evaluation after online, daily missed-scan security service, Deep security inspection) and finally generating a corresponding vulnerability scanning request.
Optionally, the monitoring module 302 is responsible for monitoring an operating condition of the entire system, and in a process that the monitoring module 302 monitors a scanner cluster, a state of each scanner is monitored, where the state of each scanner includes at least one of a resource usage state, a network throughput, and a scan task execution state, where the resource usage state includes but is not limited to a CPU usage rate and a memory usage rate, and the scan task execution state includes but is not limited to whether a scan task is being executed, an identifier of a task being executed, and the like; then, a load value of the scanner is obtained by performing weighted calculation through any of the above selected state parameters, and is used by the task management module 303.
In the embodiment of the application, the task management module 303 adopts a scene mode to design the missed scanning task, and elastically expands the number of scanners and the network architecture according to the total amount of the current scanning task by means of the elastically expandable characteristic of the cloud computing resources. For example, according to the size of the scanning object, the size and the target IP number in the scanning task information, the current idle scanner, the maximum scanning target IP concurrency number of each scanner and the load value of each scanner, the corresponding number of vulnerability scanners is allocated to realize the full utilization of resources.
Optionally, when the scanning object of the scanning task is a website (web application), and the scanning task information includes a plurality of target website addresses corresponding to a plurality of scanning tasks, the task management module 303 is further configured to:
and if the scanning task amount corresponding to the plurality of scanning tasks exceeds the maximum load value of a single scanner, determining a plurality of target scanners from the scanner cluster, and distributing the plurality of scanning tasks to the plurality of target scanners. Therefore, the scanning tasks are cut, the scanning tasks are distributed to the target scanners, the scanners with low current loads can be fully utilized, the resource utilization rate is improved, and the processing efficiency of vulnerability scanning requests is further improved.
Optionally, the scanning task information includes deadline information and level information of the scanning task; the task management module 303 is further configured to: and for each scanner, sequencing the plurality of scanning tasks according to the deadline information and the grade information corresponding to each scanning task in the plurality of scanning tasks in the scanner.
Specifically, the vulnerability scanning request uploaded by the user through the terminal carries the scanning task deadline filled by the user and the grade information of the scanning task, wherein the grade information represents the value degree or the importance degree of the scanning task; therefore, the task management module 303 may schedule a plurality of scanning tasks in each scanner according to actual requirements, and a dynamic priority real-time task scheduling policy is adopted during scheduling; that is, the priority of each scanning task is dynamically determined according to 3 characteristic parameters, namely, the grade information, the deadline information and the remaining time information of the scanning task; further, the task management module 303 may also schedule the missed scan resources to complete the scan task with higher priority; the missed scan resources include scanner resources (e.g., number of scanners and scanner performance) and virtual network communication resources (e.g., egress bandwidth, virtual network architecture), so that sufficient resources can be guaranteed for vulnerability scanning execution.
Optionally, the scan task information includes an identifier of the scan task; as shown in fig. 3, the security vulnerability scanning system further includes:
the data processing module 305 is connected with the missing scanning module 304, the transceiver module 301 and the monitoring module 302, respectively, and the data processing module 305 is configured to acquire scanning data generated by the target scanner after executing a scanning task from the missing scanning module 304, and analyze and process the scanning data to obtain a scanning result;
the transceiver module 301 is configured to obtain a scanning result from the data processing module 305, and then send the scanning result corresponding to the identifier of the scanning task to the terminal.
Optionally, the status information of the scanning task corresponding to the vulnerability scanning request is sent to the terminal through the transceiver module 301; the scan task state information includes at least one of executed task information, to-be-executed task information, and non-executed task information. By means of the easy access characteristic of the cloud computing platform, a user can send vulnerability scanning requests, check reports and equipment safety conditions at any position and by using various terminals, so that the user can know the safety conditions at any time and any place. Specifically, the push modes of the push information such as the scan task state information and the scan result on the terminal include, but are not limited to, short messages, mails, and application messages.
Optionally, the scanning task information further includes a scanning object of the scanning task; scanning objects, i.e., networks, hosts, databases, middleware, web applications (websites), business application software, cloud management software, big data management software, containers, services, ports, geography, operators, etc.; the data processing module 305 is further configured to classify the scan data according to different scan objects and store the scan data in corresponding leak databases.
Specifically, data scanned by a user each time is collected and stored, a scene mode is adopted for data processing and storage, the data are classified and filed according to the scene mode, and corresponding leak databases such as a network leak database, a host leak database, an application leak database, a cloud computing leak database and the like are established; meanwhile, the method can be synchronized with three vulnerability libraries including CERT, CNVD and CNNVD, AI analysis, extraction and vulnerability learning are carried out on characteristic values and characteristic codes of scanned data and vulnerabilities, safety protection rules are perfected, system modeling is carried out according to corresponding scenes, potential risk points and vulnerable surfaces of an information system are analyzed, relevant safety suggestions are given, potential vulnerabilities of the information system are mined, and the vulnerability conditions of the system can be graphically displayed to clients in real time, so that users can be protected in a targeted mode.
In summary, the security vulnerability scanning system provided by the embodiment of the application can realize automatic remote vulnerability scanning, reduces manual participation to the maximum extent, and has relatively independent modules, strong stability and high resource utilization rate; the client terminal can be fed back in time, and the client can be helped to know the safety condition of the equipment in time.
An embodiment of the present application further provides a security vulnerability scanning method, fig. 4 is a schematic flow chart of the security vulnerability scanning method provided in the embodiment of the present application, and the present specification provides method operation steps as in the embodiment or the flow chart, but more or fewer operation steps may be included based on conventional or non-creative labor. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. In practice, the system or server product may be implemented in a sequential or parallel manner (e.g., parallel processor or multi-threaded environment) according to the embodiments or methods shown in the figures. Specifically, as shown in fig. 4, the method may include:
s401: receiving a vulnerability scanning request sent by a terminal; the vulnerability scanning request comprises an identifier of equipment to be scanned and scanning task information;
s403: monitoring the state of the scanner cluster, and determining a corresponding load value according to the state of each scanner in the scanner cluster;
s405: determining a target scanner from a scanner cluster according to the total amount of scanning tasks and the load value of each scanner, and distributing the scanning tasks to the target scanner; a plurality of scan tasks in a target scanner are prioritized.
Optionally, the scan task information includes an identifier of the scan task; the method further comprises the following steps:
s406: acquiring scanning data generated after a target scanner executes a scanning task, and analyzing and processing the scanning data to obtain a scanning result;
s407: and sending the scanning result corresponding to the identification of the scanning task to the terminal.
Optionally, the scanning task information further includes a scanning object of the scanning task; the method further comprises the following steps:
s408: and classifying the scanning data according to different scanning objects and storing the scanning data in corresponding leak libraries.
Optionally, when the scan object of the scan task is a website and the scan task information includes a plurality of target website addresses corresponding to a plurality of scan tasks, the step S405 may include:
s4051: and if the scanning task amount corresponding to the plurality of scanning tasks exceeds the maximum load value of a single scanner, determining a plurality of target scanners from the scanner cluster, and distributing the plurality of scanning tasks to the plurality of target scanners.
Optionally, the scanning task information includes deadline information and level information of the scanning task; the method further comprises the following steps:
s4052: and sequencing the plurality of scanning tasks according to the deadline information and the grade information corresponding to each scanning task in the plurality of scanning tasks.
Optionally, the state of each scanner includes at least one of a resource usage state, a network throughput, and a scanning task execution state.
Optionally, the method may further include:
s404: sending scanning task state information corresponding to the vulnerability scanning request to a terminal; the scan task state information includes at least one of executed task information, to-be-executed task information, and non-executed task information.
The method and system embodiments in the embodiments of the present application are based on the same application concept.
An embodiment of the present application further provides a terminal, including:
the sending module is used for sending a vulnerability scanning request to the security vulnerability scanning system; the vulnerability scanning request comprises an identifier of equipment to be scanned and scanning task information; the vulnerability scanning request is used for indicating a security vulnerability scanning system to monitor the state of a scanner cluster, determining a corresponding load value according to the state of each scanner in the scanner cluster, determining a target scanner from the scanner cluster according to the total amount of scanning tasks and the load value of each scanner according to a preset frequency, distributing the scanning tasks to the target scanner, and performing priority sequencing on a plurality of scanning tasks in the target scanner;
and the receiving module is used for receiving the scanning result sent by the security vulnerability scanning system.
In this embodiment, a user may fill in the missed scan requirement through a terminal according to different scenarios of the device to be scanned, for example, the device to be scanned may be a traditional information system, a cloud computing platform, a cloud tenant-side information system, a big data platform, etc., the missed scan object may cover a network, a host, a database, a middleware, a web application, a business application software, a cloud management software, a big data management software, a container, a service, a port, a geography, an operator, etc., and may also fill in an external network missed scan access address, whether an internal network scan and an internal network access IP and port are needed, whether an internal network needs to access multiple scan points and IP addresses and ports, whether a missed scan and a missed scan cycle are needed periodically, an emergency degree of a missed scan task, and a missed scan type (e.g., security check before online, security evaluation after online, daily missed scan security service, and deep security check), and finally generating a corresponding vulnerability scanning request.
Optionally, the terminal further includes:
the interactive display module is used for generating the vulnerability scanning request according to the input identification of the equipment to be scanned, the scanning object of the scanning task, the deadline information and the grade information; and when the scanning result sent by the security vulnerability scanning system is received, the interactive display module is also used for displaying the scanning result in a graphical form.
An embodiment of the present application further provides a computer storage medium, where at least one instruction or at least one program is stored in the storage medium, and the at least one instruction or the at least one program is loaded and executed by a processor to implement the security vulnerability scanning method in the foregoing embodiment.
Alternatively, in this embodiment, the storage medium may be located in at least one network server of a plurality of network servers of a computer network. Optionally, in this embodiment, the storage medium may include, but is not limited to: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
It should be noted that: the sequence of the embodiments of the present application is only for description, and does not represent the advantages and disadvantages of the embodiments. And specific embodiments thereof have been described above. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the protection scope of the present application.
Claims (10)
1. A security breach scanning system, comprising:
the receiving and sending module is used for receiving a vulnerability scanning request sent by the terminal; the vulnerability scanning request comprises an identifier of equipment to be scanned and scanning task information;
the monitoring module is used for monitoring the state of the scanner cluster and determining a corresponding load value according to the state of each scanner in the scanner cluster;
the task management module is used for determining a target scanner from the scanner cluster according to the total scanning task amount and the load value of each scanner and distributing the scanning task to the target scanner; prioritizing a plurality of scan tasks in the target scanner.
2. The security vulnerability scanning system of claim 1, wherein the scanning task information comprises an identification of a scanning task; the security vulnerability scanning system further comprises:
the data processing module is used for acquiring scanning data generated after the target scanner executes a scanning task, and analyzing and processing the scanning data to obtain a scanning result;
and the transceiver module is used for sending the scanning result corresponding to the identification of the scanning task to the terminal.
3. The security breach scanning system of claim 2, wherein the scan job information further comprises scan objects of a scan job;
the data processing module is further used for classifying the scanning data according to different scanning objects and storing the scanning data in corresponding leak databases.
4. The security vulnerability scanning system of claim 3, wherein when the scanning object of the scanning task is a website and the scanning task information includes a plurality of target website addresses corresponding to a plurality of scanning tasks, the task management module is further configured to:
and if the scanning task amount corresponding to the plurality of scanning tasks exceeds the maximum load value of a single scanner, determining a plurality of target scanners from the scanner cluster, and distributing the plurality of scanning tasks to the plurality of target scanners.
5. The security vulnerability scanning system of claim 1, wherein the scanning task information comprises deadline information and level information of a scanning task;
the task management module is further configured to sequence the plurality of scanning tasks according to deadline information and level information corresponding to each of the plurality of scanning tasks.
6. The security vulnerability scanning system of claim 1, wherein the state of each scanner comprises at least one of a resource usage state, a network throughput, and a scanning task execution state.
7. The security breach scanning system of claim 2,
the receiving and sending module is further configured to send scanning task state information corresponding to the vulnerability scanning request to the terminal; the scanning task state information comprises at least one of executed task information, task information to be executed and task information not to be executed.
8. A security vulnerability scanning method is characterized by comprising the following steps:
receiving a vulnerability scanning request sent by a terminal; the vulnerability scanning request comprises an identifier of equipment to be scanned and scanning task information;
monitoring the state of a scanner cluster, and determining a corresponding load value according to the state of each scanner in the scanner cluster;
determining a target scanner from the scanner cluster according to the total amount of scanning tasks and the load value of each scanner, and distributing the scanning tasks to the target scanner; prioritizing a plurality of scan tasks in the target scanner.
9. A terminal, comprising:
the sending module is used for sending a vulnerability scanning request to the security vulnerability scanning system; the vulnerability scanning request comprises an identifier of equipment to be scanned and scanning task information; the vulnerability scanning request is used for indicating the security vulnerability scanning system to monitor the state of a scanner cluster, determining a corresponding load value according to the state of each scanner in the scanner cluster, determining a target scanner from the scanner cluster according to the total amount of scanning tasks and the load value of each scanner according to a preset frequency, distributing the scanning tasks to the target scanner, and performing priority sequencing on a plurality of scanning tasks in the target scanner;
and the receiving module is used for receiving the scanning result sent by the security vulnerability scanning system.
10. A computer storage medium having at least one instruction or at least one program stored therein, the at least one instruction or at least one program being loaded and executed by a processor to implement the security vulnerability scanning method of claim 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110933131.5A CN113672934A (en) | 2021-08-09 | 2021-08-09 | Security vulnerability scanning system and method, terminal and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110933131.5A CN113672934A (en) | 2021-08-09 | 2021-08-09 | Security vulnerability scanning system and method, terminal and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113672934A true CN113672934A (en) | 2021-11-19 |
Family
ID=78543039
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110933131.5A Pending CN113672934A (en) | 2021-08-09 | 2021-08-09 | Security vulnerability scanning system and method, terminal and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113672934A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115296865A (en) * | 2022-07-05 | 2022-11-04 | 北京瑞和云图科技有限公司 | Shared missing scanning method under multi-network environment |
| CN115987574A (en) * | 2022-12-06 | 2023-04-18 | 中国联合网络通信集团有限公司 | Virtual private cloud security detection method, device, equipment and storage medium |
| CN116010228A (en) * | 2023-03-22 | 2023-04-25 | 北京源堡科技有限公司 | Time estimation method and device for network security scanning |
| CN116599773A (en) * | 2023-07-14 | 2023-08-15 | 杭州海康威视数字技术股份有限公司 | Self-adaptive equipment security risk assessment method, device, equipment and system |
| CN118211232A (en) * | 2024-03-25 | 2024-06-18 | 中国人民解放军61660部队 | Vulnerability scanning method and device, storage medium and electronic equipment |
| CN118296600A (en) * | 2024-04-12 | 2024-07-05 | 电子科技大学成都学院 | Intelligent computer network information security control system |
Citations (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103065095A (en) * | 2013-01-29 | 2013-04-24 | 四川大学 | WEB vulnerability scanning method and vulnerability scanner based on fingerprint recognition technology |
| CN103929429A (en) * | 2014-04-24 | 2014-07-16 | 北京邮电大学 | Network vulnerability scanning system and method based on RESTful Web service |
| CN105610776A (en) * | 2015-09-24 | 2016-05-25 | 中科信息安全共性技术国家工程研究中心有限公司 | Cloud calculating IaaS layer high risk safety loophole detection method and system thereof |
| CN107026871A (en) * | 2017-05-15 | 2017-08-08 | 安徽大学 | Web vulnerability scanning method based on cloud computing |
| CN107204962A (en) * | 2016-03-18 | 2017-09-26 | 上海有云信息技术有限公司 | A kind of implementation method of the general vulnerability scanners based on SaaS frameworks |
| CN107634945A (en) * | 2017-09-11 | 2018-01-26 | 平安科技(深圳)有限公司 | Website vulnerability scan method, device, computer equipment and storage medium |
| CN107948305A (en) * | 2017-12-11 | 2018-04-20 | 北京百度网讯科技有限公司 | Vulnerability scanning method, apparatus, equipment and computer-readable medium |
| CN108985068A (en) * | 2018-06-26 | 2018-12-11 | 广东电网有限责任公司信息中心 | Loophole quick sensing, positioning and the method and system of verifying |
| CN109710391A (en) * | 2018-12-20 | 2019-05-03 | 西安四叶草信息技术有限公司 | Method for scheduling task and equipment |
| CN109861994A (en) * | 2019-01-17 | 2019-06-07 | 安徽云探索网络科技有限公司 | The vulnerability scanning method and its scanning means that cloud is invaded |
| CN110321708A (en) * | 2019-03-21 | 2019-10-11 | 北京天防安全科技有限公司 | A kind of quick vulnerability scanning method and system based on class of assets |
| CN110377407A (en) * | 2019-06-19 | 2019-10-25 | 北京威努特技术有限公司 | A kind of scan task dispatching method, device, storage medium and equipment |
| CN110740125A (en) * | 2019-09-23 | 2020-01-31 | 公安部第一研究所 | method for implementing vulnerability library used for vulnerability detection of video monitoring equipment |
| CN111104188A (en) * | 2019-11-11 | 2020-05-05 | 中盈优创资讯科技有限公司 | Scheduling method and device of vulnerability scanner |
| CN111199042A (en) * | 2019-12-17 | 2020-05-26 | 中国南方电网有限责任公司超高压输电公司 | Safe and efficient vulnerability management system |
| CN111475818A (en) * | 2020-04-17 | 2020-07-31 | 北京墨云科技有限公司 | Permeation attack method of automatic permeation test system based on AI |
| CN112257070A (en) * | 2020-10-22 | 2021-01-22 | 全球能源互联网研究院有限公司 | Vulnerability troubleshooting method and system based on asset scene attributes |
| CN112511571A (en) * | 2021-02-07 | 2021-03-16 | 连连(杭州)信息技术有限公司 | Web vulnerability scanning method, device, system, equipment and storage medium |
| CN112632566A (en) * | 2021-03-05 | 2021-04-09 | 腾讯科技(深圳)有限公司 | Vulnerability scanning method and device, storage medium and electronic equipment |
| CN112702300A (en) * | 2019-10-22 | 2021-04-23 | 华为技术有限公司 | Security vulnerability defense method and device |
| CN112926061A (en) * | 2021-05-11 | 2021-06-08 | 腾讯科技(深圳)有限公司 | Plug-in processing method and device |
| US11070580B1 (en) * | 2018-02-07 | 2021-07-20 | Wangsu Science & Technology Co., Ltd. | Vulnerability scanning method, server and system |
-
2021
- 2021-08-09 CN CN202110933131.5A patent/CN113672934A/en active Pending
Patent Citations (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103065095A (en) * | 2013-01-29 | 2013-04-24 | 四川大学 | WEB vulnerability scanning method and vulnerability scanner based on fingerprint recognition technology |
| CN103929429A (en) * | 2014-04-24 | 2014-07-16 | 北京邮电大学 | Network vulnerability scanning system and method based on RESTful Web service |
| CN105610776A (en) * | 2015-09-24 | 2016-05-25 | 中科信息安全共性技术国家工程研究中心有限公司 | Cloud calculating IaaS layer high risk safety loophole detection method and system thereof |
| CN107204962A (en) * | 2016-03-18 | 2017-09-26 | 上海有云信息技术有限公司 | A kind of implementation method of the general vulnerability scanners based on SaaS frameworks |
| CN107026871A (en) * | 2017-05-15 | 2017-08-08 | 安徽大学 | Web vulnerability scanning method based on cloud computing |
| CN107634945A (en) * | 2017-09-11 | 2018-01-26 | 平安科技(深圳)有限公司 | Website vulnerability scan method, device, computer equipment and storage medium |
| CN107948305A (en) * | 2017-12-11 | 2018-04-20 | 北京百度网讯科技有限公司 | Vulnerability scanning method, apparatus, equipment and computer-readable medium |
| US11070580B1 (en) * | 2018-02-07 | 2021-07-20 | Wangsu Science & Technology Co., Ltd. | Vulnerability scanning method, server and system |
| CN108985068A (en) * | 2018-06-26 | 2018-12-11 | 广东电网有限责任公司信息中心 | Loophole quick sensing, positioning and the method and system of verifying |
| CN109710391A (en) * | 2018-12-20 | 2019-05-03 | 西安四叶草信息技术有限公司 | Method for scheduling task and equipment |
| CN109861994A (en) * | 2019-01-17 | 2019-06-07 | 安徽云探索网络科技有限公司 | The vulnerability scanning method and its scanning means that cloud is invaded |
| CN110321708A (en) * | 2019-03-21 | 2019-10-11 | 北京天防安全科技有限公司 | A kind of quick vulnerability scanning method and system based on class of assets |
| CN110377407A (en) * | 2019-06-19 | 2019-10-25 | 北京威努特技术有限公司 | A kind of scan task dispatching method, device, storage medium and equipment |
| CN110740125A (en) * | 2019-09-23 | 2020-01-31 | 公安部第一研究所 | method for implementing vulnerability library used for vulnerability detection of video monitoring equipment |
| CN112702300A (en) * | 2019-10-22 | 2021-04-23 | 华为技术有限公司 | Security vulnerability defense method and device |
| CN111104188A (en) * | 2019-11-11 | 2020-05-05 | 中盈优创资讯科技有限公司 | Scheduling method and device of vulnerability scanner |
| CN111199042A (en) * | 2019-12-17 | 2020-05-26 | 中国南方电网有限责任公司超高压输电公司 | Safe and efficient vulnerability management system |
| CN111475818A (en) * | 2020-04-17 | 2020-07-31 | 北京墨云科技有限公司 | Permeation attack method of automatic permeation test system based on AI |
| CN112257070A (en) * | 2020-10-22 | 2021-01-22 | 全球能源互联网研究院有限公司 | Vulnerability troubleshooting method and system based on asset scene attributes |
| CN112511571A (en) * | 2021-02-07 | 2021-03-16 | 连连(杭州)信息技术有限公司 | Web vulnerability scanning method, device, system, equipment and storage medium |
| CN112632566A (en) * | 2021-03-05 | 2021-04-09 | 腾讯科技(深圳)有限公司 | Vulnerability scanning method and device, storage medium and electronic equipment |
| CN112926061A (en) * | 2021-05-11 | 2021-06-08 | 腾讯科技(深圳)有限公司 | Plug-in processing method and device |
Non-Patent Citations (2)
| Title |
|---|
| 吴震;: "全面扫描校园网漏洞", 中国教育网络, no. 07 * |
| 王朝栋;张雪帆;栾少群;: "轻量级漏洞扫描技术在工控网络的应用", 信息技术与网络安全, no. 12 * |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115296865A (en) * | 2022-07-05 | 2022-11-04 | 北京瑞和云图科技有限公司 | Shared missing scanning method under multi-network environment |
| CN115987574A (en) * | 2022-12-06 | 2023-04-18 | 中国联合网络通信集团有限公司 | Virtual private cloud security detection method, device, equipment and storage medium |
| CN115987574B (en) * | 2022-12-06 | 2024-09-10 | 中国联合网络通信集团有限公司 | Virtual private cloud security detection method, device, equipment and storage medium |
| CN116010228A (en) * | 2023-03-22 | 2023-04-25 | 北京源堡科技有限公司 | Time estimation method and device for network security scanning |
| CN116010228B (en) * | 2023-03-22 | 2023-06-30 | 北京源堡科技有限公司 | Time estimation method and device for network security scanning |
| CN116599773A (en) * | 2023-07-14 | 2023-08-15 | 杭州海康威视数字技术股份有限公司 | Self-adaptive equipment security risk assessment method, device, equipment and system |
| CN116599773B (en) * | 2023-07-14 | 2023-09-19 | 杭州海康威视数字技术股份有限公司 | Self-adaptive equipment security risk assessment method, device, equipment and system |
| CN118211232A (en) * | 2024-03-25 | 2024-06-18 | 中国人民解放军61660部队 | Vulnerability scanning method and device, storage medium and electronic equipment |
| CN118296600A (en) * | 2024-04-12 | 2024-07-05 | 电子科技大学成都学院 | Intelligent computer network information security control system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113672934A (en) | Security vulnerability scanning system and method, terminal and storage medium | |
| CN110310034B (en) | Service arrangement and business flow processing method and device applied to SaaS | |
| US10262145B2 (en) | Systems and methods for security and risk assessment and testing of applications | |
| US8589543B2 (en) | Virtual data center monitoring | |
| CN108776934B (en) | Distributed data calculation method and device, computer equipment and readable storage medium | |
| CN110740103A (en) | Service request processing method and device, computer equipment and storage medium | |
| Picoreti et al. | Multilevel observability in cloud orchestration | |
| CN106302445B (en) | Method and apparatus for handling request | |
| CN112632566B (en) | Vulnerability scanning method and device, storage medium and electronic equipment | |
| EP3491524A1 (en) | Cybersecurity vulnerability management system and method | |
| CN106227596A (en) | Mission Monitor method and apparatus for task scheduling server | |
| CN110276199B (en) | Dynamic security detection method for Kubernetes cloud native application | |
| CN111858054A (en) | Resource scheduling system and method based on edge computing in heterogeneous environment | |
| CN105049509A (en) | Cluster scheduling method, load balancer and clustering system | |
| US20140023185A1 (en) | Characterizing Time-Bounded Incident Management Systems | |
| CN112328448A (en) | Zookeeper-based monitoring method, monitoring device, equipment and storage medium | |
| CN113760634A (en) | Data processing method and device | |
| CN113055493B (en) | Data packet processing method, device, system, scheduling device and storage medium | |
| CN109788251A (en) | Method for processing video frequency, device and storage medium | |
| CN107092556B (en) | Test method, device and equipment | |
| CN102769535A (en) | Method and system for presenting alarm data statistical results | |
| CN107046581A (en) | A kind of monitoring method, device and the server of service operation state | |
| CN111782688A (en) | Request processing method, device and equipment based on big data analysis and storage medium | |
| CN115474189B (en) | Notification data acquisition method, communication core network, computer device and storage medium | |
| US11924053B2 (en) | Intelligent infrastructure management in a cloud radio access network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |