CN102664876A - Method and system for detecting network security - Google Patents
Method and system for detecting network security Download PDFInfo
- Publication number
- CN102664876A CN102664876A CN2012101013230A CN201210101323A CN102664876A CN 102664876 A CN102664876 A CN 102664876A CN 2012101013230 A CN2012101013230 A CN 2012101013230A CN 201210101323 A CN201210101323 A CN 201210101323A CN 102664876 A CN102664876 A CN 102664876A
- Authority
- CN
- China
- Prior art keywords
- leak
- website
- network security
- type
- security detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention provides a method and a system for detecting network security. The method comprises the following steps: carrying out security analysis and evaluation on a website including the leak, which is submitted by a user; determining the type and quantity of the leak according to the analysis and evaluation results; evaluating the website to determine the security level of the website according to the type and quantity of the leak; and repairing the leak according to the type of the leak. According to the method and the system for detecting the network security, the leak of the website and the security level of the website can be effectively analyzed, and the leak can be repaired online, thereby ensuring the security of the network and avoiding the intrusion of a hacker.
Description
Technical field
The present invention relates to technical field of the computer network, particularly a kind of network security detection method and system.
Background technology
Computer network (for example, the Internet) comprises the exchanges data between terminal equipment (for example, notebook computer, panel computer, perhaps smart mobile phone) and the Website server (for example, Web server).Name server (DNS) receives access request, confirms Internet protocol (IP) address of Website server, and transmits access request to Website server.Website server is when receiving access request, and the information of returning the website of being visited is to terminal equipment.Under many circumstances, the source code of website possibly have security breaches, because for example, the personnel of development sources code lack experience.Therefore; Website server possibly be subject to the harm of malicious attack; Make Website server lose fail safe on the one hand, the terminal that causes in addition visiting said Website server receives Cyberthreat, for example terminal PI virus or trojan horse program.
Summary of the invention
The present invention is intended to one of solve the problems of the technologies described above at least.
For this reason, one object of the present invention be to propose a kind of can online detection and online interception attack that said website is carried out, effectively guarantee the network security detection method of network security.
Another object of the present invention is to propose a kind of network security detection system.
For realizing above-mentioned purpose, the network security detection method that first aspect present invention embodiment proposes may further comprise the steps: the website of user's submission is comprised the safety analysis and the assessment of leak; Confirm the type and the quantity of said leak according to said analysis and assessment result; Type and quantity according to said leak are estimated to confirm the safe class of said website said website; And said leak is repaired according to the type of said leak.
In addition, network security detection method according to the above embodiment of the present invention can also have following additional technical characterictic:
In one embodiment of the invention, said network security detection method also comprises: detect said website and whether have leak.
Further, use a cover testing standard to said website; Result based on using said cover testing standard to a said website judges whether said website exists leak.
In one embodiment of the invention, a said cover testing standard comprises following function: detect said website and whether have the judgement that said access request is comprised the unauthorized access request; Said website is comprised the said website of leak and the security vulnerabilities check of the Website server provided services on the Internet in said website.
In one embodiment of the invention, according to said type and the quantity that obtains said leak based on the said cover testing standard of application to the result of said website.
In one embodiment of the invention, the type of said leak comprises high-risk leak, middle danger leak and low danger leak.
In one embodiment of the invention, according to predefined quantity given a mark in said website to high-risk leak, middle danger leak and the low danger corresponding evaluation criterion of leak and said high-risk leak, middle danger leak and low danger leak.
In one embodiment of the invention; Said type according to said leak is repaired said leak; Further comprise: based on the result who uses said cover testing standard to a said website, the protection rule that generation one cover is used for said website limits with the relevant information in each territory with said protection rule of guaranteeing said access request according to said.
Network security detection system according to second aspect present invention embodiment; Comprise: the leak analysis device; Be used for the website that the user submits to is comprised the safety analysis and the assessment of leak, and confirm the type and the quantity of said leak according to said analysis and assessment result; The website evaluator is used for according to the type and the quantity of said leak said website being estimated to confirm the safe class of said website; With the leak obturator, be used for said leak being repaired according to the type of said leak.
In addition, network security detection system according to the above embodiment of the present invention can also have following additional technical characterictic:
In one embodiment of the invention, said network security detection system also comprises: vulnerability scanners is used to detect said website and whether has leak.
In one embodiment of the invention, said vulnerability scanners is used to use a cover testing standard to said website, and based on the result who uses said cover testing standard to a said website, judges whether said website exists leak.
In one embodiment of the invention, a said cover testing standard comprises following function: detect said website and whether have the judgement that said access request is comprised the unauthorized access request; Said website is comprised the said website of leak and the security vulnerabilities check of the Website server provided services on the Internet in said website.
In one embodiment of the invention, said vulnerability scanners also is used for according to said based on using a said cover testing standard obtains said leak to the result of said website type and quantity.
In one embodiment of the invention, the type of said leak comprises high-risk leak, middle danger leak and low danger leak.
In one embodiment of the invention, said website evaluator is used for according to predefined quantity to high-risk leak, danger leak and the low danger corresponding evaluation criterion of leak and said high-risk leak, middle danger leak and low danger leak being given a mark in said website.
In one embodiment of the invention; Said leak obturator is used for according to said based on the result who uses said cover testing standard to a said website; Generation one cover is used for the protection rule of said website to be checked with the relevant information in each territory with said protection rule of guaranteeing said access request, and judges whether said access request is tackled according to testing result.
Network security detection method and system according to the embodiment of the invention; Can carry out online detection through the leak that exists in the source code of analog access request mode to the website, for example, when visiting a certain website; Can be through the information of in the website, importing; To whether existing leaks such as SQL injection to test and analyze in the source code of website, and obtain the type and the quantity of leak, thereby the security performance of website is estimated marking automatically according to test result; The level of security of prompting user website, the user can judge whether that this website of continuation visit is perhaps repaired the website leak according to evaluation result thus.Embodiments of the invention adopt corresponding protection rule that leak is carried out online reparation, for example through the type and the quantity of leak; Generation is with type (action=post), type of variables and quantity (two variablees of shielded URL (URL=/login.jsp), request; Num and psw, wherein num is made up of numerical character ' 0 '-' 9 ', psw is made up of alphanumeric character ' 0 '-' 9 ' or ' a '-' z ' or ' A '-' Z ') and the length of variable (length of num is set to 6 characters; The length of psw is set to 6-8 character) use on this website; Thus, when the user illegally imports, the website will be repaired the result according to this website will be protected; Thereby the potential safety hazard of having avoided leak to bring is effectively avoided the possibility of hacker to the malicious attack of website simultaneously.Greatly guaranteed the safety of network.
Additional aspect of the present invention and advantage part in the following description provide, and part will become obviously from the following description, or recognize through practice of the present invention.
Description of drawings
Above-mentioned execution mode of the present invention and additional execution mode more are expressly understood owing to becoming below in conjunction with accompanying drawing detailed description to various aspects of the present invention.Spread all over that identical Reference numeral is meant corresponding parts in some views of accompanying drawing.
Fig. 1 is the flow chart according to the network security detection method of some embodiments of the present invention.
Fig. 2 is the structured flowchart that illustrates according to the network security detection system of some embodiments of the present invention.
Embodiment
To describe embodiments of the invention in detail now, the example of said embodiment is shown in the drawings.Though show specific embodiment, it should be understood that not mean that and limit the invention to these specific embodiments.On the contrary, present invention resides in the spirit and interior the substituting, revise and be equal to of scope of appended claim.Illustrating a plurality of details is for the complete understanding of the theme that this paper is proposed is provided.But those of ordinary skill in the art should understand, can not use these details to implement this theme.In other cases, do not describe known method, program, parts and circuit in detail, thereby avoid unnecessarily making the aspect of present embodiment fuzzy.
Although this paper possibly use a technical term first, second or the like various elements are described, these elements are not limited by these terms should.These terms only are used for an element and another element are differentiated.For example first order standard can be called second order standard, and similarly, second order standard can be called first order standard, without departing from the scope of the invention.First order standard and second order standard all are order standards, but they are not identical order standards.
The term that uses in the description of the invention among this paper only is in order to describe the purpose of specific embodiment, and does not mean that limitation of the present invention.Employed in the description like the present invention and accompanying claims, singulative " " " a kind of " and " said " mean and also comprise plural form, point out only if context is clear in addition.Should also be understood that term as used herein " and/or " represent and comprise one or more projects of listing that is associated any one might make up with institute.Also should further understand; When in specification, using; Term " comprise " and/or specify " comprising " statement characteristic, operation, element and/existence of parts, but do not get rid of the existence or the interpolation of one or more other characteristics, operation, element, parts and/or their group.
As used herein, based on context, term " if " can be regarded as and be meant " when " or " ... the time " " in response to confirming " or " according to ... confirm " or " in response to detecting ", the prerequisite of statement is real.Similarly; Based on context, phrase " if confirm [prerequisite of statement is real] " or " if [prerequisite of statement is real] " or " when [prerequisite of statement is real] " can be regarded as and be meant " confirming ... the time " " in response to confirming " or " according to .... confirm " " in detection ... the time " or " corresponding to detection " prerequisite of stating be real.
Below in conjunction with accompanying drawing the network security detection method according to the embodiment of the invention is described at first.
Referring to Fig. 1, the network security detection method according to the embodiment of the invention comprises the steps:
Step S101 comprises the safety analysis and the assessment of leak to the website of user's submission.When a certain website of user capture; The embodiment of the invention is carried out safety analysis and assessment to the website of user capture; Particularly; The leak that exists in the website analyzed and leak assessed for example use a cover testing standard, and based on the result who uses said cover testing standard to a said website, thereby judge the type and the kind of leak in the website to this website.
Step S102 is according to analyzing and assessment result is confirmed the type and the quantity of leak.Particularly; Result based on above-mentioned application one cover testing standard to website; Thereby can judge the type and the quantity of the leak that exists in the website; As a concrete example, suppose then can also confirm the quantity etc. of this type leak according to analyzing leak that the leak type that obtains with assessment result comprises SQL injection type.In this example, the type of leak comprises high-risk leak, middle danger leak and low danger leak.The definition of its high-risk leak, middle danger leak and low danger leak can be carried out artificial evaluation in advance according to the extent of injury of leak; For example, the leak for existing SQL to inject can be defined as high-risk type; This is that harm is big because the leak that SQL injects causes the leakage of information easily.Certainly, this is a kind of artificial evaluation mode, and it can adjust the type of leak as the case may be.It will be appreciated that the type that defines in the above-mentioned leak only is exemplary for three types like high-risk leak, middle danger leak and low danger leak etc.; Also can be defined as other form, like a level vulnerability, two level vulnerabilities, three level vulnerabilities etc., certainly; The tier definition of leak also can be adjusted as the case may be; As for number of site, possibly be high-risk leak in other website, and for this website, possibly be middle danger leak etc.Specifically how to define leak grade type and leak grade, embodiments of the invention are to this not restriction.
Step S103 estimates to confirm the safe class of said website said website according to analysis and assessment result.Particularly, in some embodiments of the invention, according to predefined quantity to high-risk leak, middle danger leak and the low danger corresponding evaluation criterion of leak and high-risk leak, middle danger leak and low danger leak to website give a mark (evaluation); Thereby judge the safe class of this website, in this example, suppose that the website is under ideal state; The situation that does not promptly have any potential safety hazard; Evaluation score is 100 minutes, can preestablish high-risk leak, middle danger leak and low danger leak, and every appearance once reduces 10 fens accordingly, graded in 5 minutes and 2; Like this, can make the user at calculating and terminal be well understood to fail safe with the website of visit.Further; The evaluation of safe class can be set according to mark; For example mark is 1 in the safe class between 90 to 100, the safe class of mark between 70 to 90 is 2 etc.; Like this, the website is estimated, the user is got information about the fail safe with access websites according to the type and the kind of leak.Certainly, the described evaluation criterion of embodiments of the invention is not limited to aforesaid way, and embodiments of the invention are to this not restriction.
Step S104 repairs said leak according to the type of said leak.Particularly; Can be according to overlapping the extremely result of said website of testing standard based on using said one; Generation one cover is used for the protection rule of said website to be checked with the relevant information in each territory with said protection rule of guaranteeing said access request, and judges whether access request is tackled according to testing result.In other words, a cover testing standard for example includes but not limited to following several kinds: 1, whether the website is corresponding with shielded URL.2, what the type of access request is.3, how much type of variables and quantity is.4, how much length of each variable is.Can generate the protection rule that a cover is used for the website through above-mentioned testing standard, the protection rule that for example generates for testing standard in above-mentioned 4 as follows:
Thus, make and in the access request checking with the relevant information in each territory protection rule, then according to check result judge in the access request with above-mentioned protection rule in relevant information whether meet the regular access type that is limited of above-mentioned protection etc.If meet the type that limits in the above-mentioned protection rule; Show that then access request is legal; Otherwise access request is tackled, do not allow this access request that Website server is conducted interviews, thus; Logically realized reparation, avoided because the attack that the website leak causes unauthorized access that the website is brought to the website.In one embodiment of the invention, above-mentioned reparation to leak is online repair mode, promptly in the process of user capture Website server; In real time access request is carried out online detection, and the website is repaired in real time, as a concrete example; After detecting leak, leak is shown to the user; And, after the user clicks the button of " a key reparation ", said leak is repaired comprehensively to the button that the user provides " a key reparation ".
Therefore, the protection rule application that is used for said website through above-mentioned generation is in the website, thereby realizes the reparation to the website, prevents that the hacker from attacking network through the leak that the website exists, and guaranteed the fail safe of network.
In examples more of the present invention, also can whether exist leak to detect to the website, particularly, detect the website and whether have leak.In an example of the present invention, being operating as that it is concrete used a cover testing standard to this website, and based on the result who uses above-mentioned cover testing standard a to website, judges whether the website exists leak.
Particularly: above-mentionedly be used to detect the testing standard whether website exist leak and include but not limited to following function:
1, detects website (in the code of website) and whether have the judgement that said access request is comprised the unauthorized access request.
2, said website is comprised the said website of leak and the security vulnerabilities check of the Website server provided services on the Internet in said website.
In case have security breaches in the source code of website, the hacker just possibly utilize the such security breaches in the source code of website to attack Website server.Therefore, through leak is detected, further guaranteed the fail safe of website.
To the scanning of leak with repair all online carrying out, for example, during a certain website of user capture, can carry out online vulnerability scanning and reparation to the website source code of this website in the embodiment of the invention through the mode of the embodiment of the invention.Under the situation that does not influence user's use, guarantee the fail safe of network.
In some embodiments of the invention, the reparation of leak is based on that above-mentioned testing standard generates, and the reparation of leak can be carried out after vulnerability scanning is accomplished, and also can carry out work such as vulnerability scanning and leak reparation simultaneously.In addition, also can carry out the scanning of leak individually, perhaps carry out the leak reparation individually.Need to prove that embodiments of the invention all belong to protection scope of the present invention to the reparation of leak and the not restriction of context of scanning.
As shown in Figure 2, further embodiment of the present invention has proposed a kind of network security detection system.This network security detection system 200 comprises vulnerability scanners 230, leak analysis device 210, website evaluator 220 and leak obturator 230.
Wherein, leak analysis device 210 is used for the website that the user submits to is comprised the safety analysis and the assessment of leak, and confirms the type and the quantity of said leak according to said analysis and assessment result.Website evaluator 220 is used for according to the type of leak and quantity said website being estimated to confirm the safe class of said website.Leak obturator 230 is used for according to the type of said leak said leak being repaired.
Particularly, in conjunction with Fig. 2, network security detection system 200 is applied in the network system, and network system comprises Website server 101, one or more terminal equipment 102, name server (DNS) and network security detection system 200 generally.Website server 101 storage and preserve a plurality of websites 103 and when the access request of receiving from terminal equipment 102, they are offered terminal equipment 102.One or more information record programs (cookie) that each terminal equipment 102 comprises various client applications (for example, web browser), client auxiliary routine, be associated with different Website servers or the like.DNS is configured to be used for domain name is associated with the network equipment such as Website server 101.Network security detection system 200 comprises vulnerability scanners 230, leak analysis device 210, website evaluator 220 and leak obturator 230, and in this example, network security detection system 200 also can comprise the protection rule database 240 that some are used to store etc.
In network security detection system 200, before the issue of website, at first carry out vulnerability scanning and leak analysis and leak and handle through 200 pairs of websites of network security detection system.Particularly, the access request after name server (DNS) will be resolved is sent to leak analysis device 210, and leak analysis device 210 will carry out safety analysis and assessment to the website that access request is visited, and particularly, comprises the leak of website is analyzed and assessed.
Because the security breaches in the source code of website have different source (different types).For example, if do not comprise the logic that is used for the verification msg inlet that is provided by terminal use's data or the information of wherein carrying such as information record program in the website, the website just possibly have security breaches so.In case security breaches come to light, the hacker just possibly utilize the such security breaches in the source code of website to attack Website server.Therefore, the scanning of leak has further been guaranteed the safety of website.
Further; Embodiments of the invention comprise that the leak in 250 pairs of website source codes of vulnerability scanners scans and can scan leak through the analog access request mode; For example; Through the analysis to real website visiting request, but whether the test access request comprises whether unauthorized access request, access request comprise that SQL (SQL) injects and whether access request comprises that cross site scripting (XSS) etc. can endanger the leak of network security.Thereby through the analysis of the above-mentioned leak that exists in 240 pairs of websites of leak analysis device, thereby determine the type and the quantity of leak, in the present embodiment, the type of leak is divided into high-risk leak, middle danger leak and low danger leak.Particularly; Based on the result of above-mentioned application one cover testing standard to website, thereby can judge whether the website exists leak, and can easily judge the type and the quantity of leak according to The above results; For example: whether be the SQL injection loophole, but and the quantity of SQL injection etc.In this example, the type of leak includes but not limited to high-risk leak, middle danger leak and low danger leak.The definition of its high-risk leak, middle danger leak and low danger leak can be carried out artificial evaluation in advance according to the extent of injury of leak, for example, and for the leak that exists SQL to inject; Can be defined as high-risk type; This is that harm is big because the leak that SQL injects causes the leakage of information easily, certainly; This is a kind of artificial evaluation mode, and it can adjust the type of leak as the case may be.
Further, website evaluator 220 can be estimated to confirm the safe class of said website said website according to the type and the quantity of said leak.Particularly, given a mark (evaluation) in the website, thereby judge the safe class of this website according to predefined quantity to high-risk leak, middle danger leak and the low danger corresponding evaluation criterion of leak and high-risk leak, middle danger leak and low danger leak; In this example; Suppose the website under ideal state, promptly do not have the situation of any potential safety hazard, evaluation score is 100 minutes; Can preestablish high-risk leak, middle danger leak and low danger leak; Every appearance once reduces 10 fens accordingly, graded in 5 minutes and 2, like this, can make the user at calculating and terminal be well understood to the fail safe with the website of visit.Further; The evaluation of safe class can be set according to mark; For example mark is 1 in the safe class between 90 to 100, the safe class of mark between 70 to 90 is 2 etc.; Like this, the website is estimated, the user is got information about the fail safe with access websites according to the type and the kind of leak.
After leak is analyzed; Can repair through 230 pairs of leaks of leak obturator; Particularly; Based on the result who uses said cover testing standard to a said website, generation one cover is used for the protection rule of said website to be checked with the relevant information in each territory with said protection rule of guaranteeing said access request leak obturator 230, and judges whether access request is tackled according to testing result according to said.For example to confirming whether URL, request type, types of variables and the quantity, the variable-length that are associated with access request satisfy current protection rule.Thus, in case there is leak in the website, suppose to comprise the leak that injects like SQL; Then, can this SQL of input be injected information, fill in like character string forms with predetermined form through this protection rule; For example; For above-mentioned " select * from studentInfo where sid=' 1 or 1=1 ", can 1 or 1=1 of user's input be regarded as is a common character string, and promptly 1 or 1=1's can't exert an influence to the implication of SQL statement; Thereby the leak in the website is repaired, and guarantees the fail safe of network.In other words; Can generate the protection rule that a cover is used for the website through above-mentioned testing standard the relevant information in each territory with the protection rule of access request is checked, then according to check result judge in the access request with above-mentioned protection rule in relevant information whether meet the regular access type that is limited of above-mentioned protection etc.If meet the type that limits in the above-mentioned protection rule; Show that then access request is legal; Otherwise access request is tackled, do not allow this access request that Website server is conducted interviews, thus; Logically realized reparation, avoided because the attack that the website leak causes unauthorized access that the website is brought to the website.In certain embodiments, the protection rule is kept in the protection rule database 240.
In certain embodiments, vulnerability scanners 250 is used a cover testing standard to said website, thereby the security inspection of website is included, but not limited to following project:
1, whether the test access request comprises illegal part;
2, said website is comprised the said website of leak and the security vulnerabilities check of the Website server provided services on the Internet in said website.
Thereby embodiments of the invention through whether the website is existed to access request comprise the unauthorized access request judgement, said website is comprised the said website of leak and the security vulnerabilities check of the Website server provided services on the Internet in said website, can detect the website and whether have potential leak.
Network security detection method and system according to the embodiment of the invention; For example carry out online detection through the leak that exists in the source code of analog access request mode to the website; As when visiting a certain website, can to whether there being leaks such as SQL injection in the source code of website testing and analyze through the information of in the website, importing; And obtain the type and the quantity of leak according to test result; Thereby the security performance to the website is estimated marking automatically, the level of security of prompting user website, and the user can judge whether to continue this website of visit or the website leak is carried out online reparation etc. according to evaluation result thus.Embodiments of the invention adopt corresponding protection rule that leak is repaired, for example through the type and the quantity of leak; Generation is with type (action=post), type of variables and quantity (two variablees of shielded URL (URL=/login.jsp), request; Num and psw, wherein num is made up of numerical character ' 0 '-' 9 ', psw is made up of alphanumeric character ' 0 '-' 9 ' or ' a '-' z ' or ' A '-' Z ') and the length of variable (length of num is set to 6 characters; The length of psw is set to 6-8 character) use on this website; Thus, when the user illegally imports, the website will be repaired the result according to this website will be protected; Thereby the potential safety hazard of having avoided leak to bring is effectively avoided the possibility of hacker to the malicious attack of website simultaneously.Greatly guaranteed the safety of network.
Although a plurality of logic steps of particular sorted shown in some in various accompanying drawings, other steps can resequenced and combined or inserted to the step that does not rely on order.Though mention some rearrangements or other combinations especially, other rearrangements or combination should be significantly for those skilled in the art, therefore do not reintroduce the full list of substitute mode.For example, STB possibly send untreated audio signal to television content identified server, and the television content identified server is responsible for converting audio signal into audio-frequency fingerprint then.And, should be understood that above-mentioned steps can implement in hardware, firmware, software or their combination in any.
For illustrative purposes, carried out foregoing description with reference to specific implementations.Yet, more than illustrative discussion do not mean that and talk out or limit the invention to disclosed precise forms.In view of above-mentioned instruction, it is possible carrying out many modifications and variation.Selected and the execution mode of describing are for principle of the present invention and its practical application are described best, thereby make the various execution modes that others skilled in the art can utilize the present invention best and have the modification of the various special purposes that are suitable for expecting.Execution mode is included in replacement in spirit and the scope of accompanying claims, revises and is equal to.Illustrating a plurality of details is for the complete understanding of the theme that this paper is proposed is provided.But those of ordinary skill in the art should understand, can not use these details to implement this theme.In other cases, do not describe known method, program, parts and circuit in detail, thereby avoid unnecessarily making the aspect of this execution mode fuzzy.
Claims (16)
1. a network security detection method is characterized in that, may further comprise the steps:
The website of user's submission is comprised the safety analysis and the assessment of leak;
According to analyzing and assessment result is confirmed the type and the quantity of said leak;
Type and quantity according to said leak are estimated to confirm the safe class of said website said website; And
Type according to said leak is repaired said leak.
2. network security detection method according to claim 1 is characterized in that, also comprises:
Detect said website and whether have leak.
3. network security detection method according to claim 2 is characterized in that, further comprises:
Use a cover testing standard to said website;
Result based on using said cover testing standard to a said website judges whether said website exists leak.
4. network security detection method according to claim 3 is characterized in that, a said cover testing standard comprises following function:
Detect said website and whether have the judgement that said access request is comprised the unauthorized access request;
Said website is comprised the said website of leak and the security vulnerabilities check of the Website server provided services on the Internet in said website.
5. network security detection method according to claim 3 is characterized in that, according to said type and the quantity that obtains said leak based on the said cover testing standard of application to the result of said website.
6. network security detection method according to claim 1 is characterized in that, the type of said leak comprises high-risk leak, middle danger leak and low danger leak.
7. network security detection method according to claim 6; It is characterized in that, given a mark in said website according to predefined quantity to high-risk leak, middle danger leak and the low danger corresponding evaluation criterion of leak and said high-risk leak, middle danger leak and low danger leak.
8. network security detection method according to claim 1 is characterized in that, said type according to said leak is repaired said leak, further comprises:
Based on the result who uses said cover testing standard to a said website, the protection rule that generation one cover is used for said website limits with the relevant information in each territory with said protection rule of guaranteeing said access request according to said.
9. a network security detection system is characterized in that, comprising:
The leak analysis device is used for the website that the user submits to is comprised the safety analysis and the assessment of leak, and confirms the type and the quantity of said leak according to said analysis and assessment result;
The website evaluator is used for according to the type and the quantity of said leak said website being estimated to confirm the safe class of said website; With
The leak obturator is used for according to the type of said leak said leak being repaired.
10. network security detection system according to claim 9 is characterized in that, also comprises:
Vulnerability scanners is used to detect said website and whether has leak.
11. network security detection system according to claim 10; It is characterized in that; Said vulnerability scanners is used to use a cover testing standard to said website, and based on the result who uses said cover testing standard to a said website, judges whether said website exists leak.
12. network security detection system according to claim 11 is characterized in that, a said cover testing standard comprises following function:
Detect said website and whether have the judgement that said access request is comprised the unauthorized access request;
Said website is comprised the said website of leak and the security vulnerabilities check of the Website server provided services on the Internet in said website.
13. network security detection system according to claim 11 is characterized in that, said vulnerability scanners also is used for according to said based on using a said cover testing standard obtains said leak to the result of said website type and quantity.
14. network security detection system according to claim 9 is characterized in that, the type of said leak comprises high-risk leak, middle danger leak and low danger leak.
15. network security detection system according to claim 14; It is characterized in that said website evaluator is used for according to predefined quantity to high-risk leak, danger leak and the low danger corresponding evaluation criterion of leak and said high-risk leak, middle danger leak and low danger leak being given a mark in said website.
16. network security detection system according to claim 11; It is characterized in that; Said leak obturator is used for according to said based on the result who uses said cover testing standard to a said website; Generation one cover is used for the protection rule of said website to be checked with the relevant information in each territory with said protection rule of guaranteeing said access request, and judges whether said access request is tackled according to testing result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012101013230A CN102664876A (en) | 2012-04-10 | 2012-04-10 | Method and system for detecting network security |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012101013230A CN102664876A (en) | 2012-04-10 | 2012-04-10 | Method and system for detecting network security |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102664876A true CN102664876A (en) | 2012-09-12 |
Family
ID=46774287
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012101013230A Pending CN102664876A (en) | 2012-04-10 | 2012-04-10 | Method and system for detecting network security |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102664876A (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103581193A (en) * | 2013-11-08 | 2014-02-12 | 星云融创(北京)信息技术有限公司 | Website vulnerability scanning method, device and system |
| CN104182478A (en) * | 2014-08-01 | 2014-12-03 | 北京华清泰和科技有限公司 | Website monitoring pre-warning method |
| CN104462983A (en) * | 2013-09-22 | 2015-03-25 | 深圳市腾讯计算机系统有限公司 | PHP source code processing method and system |
| CN105027131A (en) * | 2012-12-27 | 2015-11-04 | 罗文有限公司 | System and method for secure login, and apparatus for same |
| CN105049301A (en) * | 2015-08-31 | 2015-11-11 | 北京奇虎科技有限公司 | Method and device for providing comprehensive evaluation services of websites |
| WO2016095591A1 (en) * | 2014-12-19 | 2016-06-23 | 北京神州绿盟信息安全科技股份有限公司 | Vulnerability scanning method and device |
| CN105897728A (en) * | 2016-04-27 | 2016-08-24 | 江苏警官学院 | Anti-virus system based on SDN (Software Defined Network) |
| CN106605205A (en) * | 2013-09-19 | 2017-04-26 | 安客诚 | Method and system for inferring risk of data leakage from third-party tags |
| CN106656941A (en) * | 2015-11-03 | 2017-05-10 | 北京神州泰岳软件股份有限公司 | Equipment security vulnerability processing method and apparatus |
| CN107528860A (en) * | 2017-10-12 | 2017-12-29 | 中国科学院计算机网络信息中心 | Network security method of testing, system and storage medium |
| CN108667770A (en) * | 2017-03-29 | 2018-10-16 | 腾讯科技(深圳)有限公司 | A kind of loophole test method, server and the system of website |
| CN108667854A (en) * | 2018-06-29 | 2018-10-16 | 北京奇虎科技有限公司 | Network hole detection method and device, network hole automated pubilication system |
| CN109547401A (en) * | 2017-09-21 | 2019-03-29 | 通用汽车环球科技运作有限责任公司 | Cyberspace vulnerability is prioritized and repairs |
| CN109819292A (en) * | 2019-01-28 | 2019-05-28 | 北京牡丹电子集团有限责任公司数字电视技术中心 | A kind of control method and remote media machine of remote media machine |
| CN109981600A (en) * | 2019-03-06 | 2019-07-05 | 山东信天辰信息安全技术有限公司 | A kind of safety evaluation system that website reinforces |
| CN109977673A (en) * | 2017-12-27 | 2019-07-05 | 航天信息股份有限公司 | A kind of loophole restorative procedure and system based on web site system safety |
| CN115102751A (en) * | 2022-06-17 | 2022-09-23 | 西安热工研究院有限公司 | Method for testing capability of safety service manufacturer |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1866817A (en) * | 2006-06-15 | 2006-11-22 | 北京华景中天信息技术有限公司 | Website safety risk estimating method and system |
| CN101150432A (en) * | 2007-08-24 | 2008-03-26 | 北京启明星辰信息技术有限公司 | An information system risk evaluation method and system |
| CN101483514A (en) * | 2009-02-25 | 2009-07-15 | 北京安域领创科技有限公司 | Evaluation method for WEB application |
| CN101500000A (en) * | 2008-01-30 | 2009-08-05 | 珠海金山软件股份有限公司 | Security evaluation method for Internet website and apparatus thereof |
| US7934254B2 (en) * | 1998-12-09 | 2011-04-26 | International Business Machines Corporation | Method and apparatus for providing network and computer system security |
| CN102215222A (en) * | 2011-05-09 | 2011-10-12 | 北京艾普优计算机系统有限公司 | Website protection method and device |
| CN102354355A (en) * | 2011-09-30 | 2012-02-15 | 北京神州绿盟信息安全科技股份有限公司 | Security risk assessment method and device for computers |
-
2012
- 2012-04-10 CN CN2012101013230A patent/CN102664876A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7934254B2 (en) * | 1998-12-09 | 2011-04-26 | International Business Machines Corporation | Method and apparatus for providing network and computer system security |
| CN1866817A (en) * | 2006-06-15 | 2006-11-22 | 北京华景中天信息技术有限公司 | Website safety risk estimating method and system |
| CN101150432A (en) * | 2007-08-24 | 2008-03-26 | 北京启明星辰信息技术有限公司 | An information system risk evaluation method and system |
| CN101500000A (en) * | 2008-01-30 | 2009-08-05 | 珠海金山软件股份有限公司 | Security evaluation method for Internet website and apparatus thereof |
| CN101483514A (en) * | 2009-02-25 | 2009-07-15 | 北京安域领创科技有限公司 | Evaluation method for WEB application |
| CN102215222A (en) * | 2011-05-09 | 2011-10-12 | 北京艾普优计算机系统有限公司 | Website protection method and device |
| CN102354355A (en) * | 2011-09-30 | 2012-02-15 | 北京神州绿盟信息安全科技股份有限公司 | Security risk assessment method and device for computers |
Cited By (31)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9876785B2 (en) | 2012-12-27 | 2018-01-23 | Rowem, Inc. | System and method for safe login, and apparatus therefor |
| CN105027131B (en) * | 2012-12-27 | 2018-07-17 | 罗文有限公司 | System, method and its equipment for secure log |
| US9882896B2 (en) | 2012-12-27 | 2018-01-30 | Rowem Inc. | System and method for secure login, and apparatus for same |
| CN105027131A (en) * | 2012-12-27 | 2015-11-04 | 罗文有限公司 | System and method for secure login, and apparatus for same |
| CN106605205B (en) * | 2013-09-19 | 2019-07-16 | 链睿有限公司 | For inferring the method and system of data leak risk from third party's label |
| CN106605205A (en) * | 2013-09-19 | 2017-04-26 | 安客诚 | Method and system for inferring risk of data leakage from third-party tags |
| CN104462983B (en) * | 2013-09-22 | 2019-04-26 | 深圳市腾讯计算机系统有限公司 | A kind of PHP source code processing method and system |
| CN104462983A (en) * | 2013-09-22 | 2015-03-25 | 深圳市腾讯计算机系统有限公司 | PHP source code processing method and system |
| CN103581193A (en) * | 2013-11-08 | 2014-02-12 | 星云融创(北京)信息技术有限公司 | Website vulnerability scanning method, device and system |
| CN104182478A (en) * | 2014-08-01 | 2014-12-03 | 北京华清泰和科技有限公司 | Website monitoring pre-warning method |
| WO2016095591A1 (en) * | 2014-12-19 | 2016-06-23 | 北京神州绿盟信息安全科技股份有限公司 | Vulnerability scanning method and device |
| US10642985B2 (en) | 2014-12-19 | 2020-05-05 | NSFOCUS Information Technology Co., Ltd. | Method and device for vulnerability scanning |
| CN105049301A (en) * | 2015-08-31 | 2015-11-11 | 北京奇虎科技有限公司 | Method and device for providing comprehensive evaluation services of websites |
| CN106656941B (en) * | 2015-11-03 | 2020-02-07 | 北京神州泰岳软件股份有限公司 | Method and device for processing equipment security vulnerability |
| CN106656941A (en) * | 2015-11-03 | 2017-05-10 | 北京神州泰岳软件股份有限公司 | Equipment security vulnerability processing method and apparatus |
| CN105897728A (en) * | 2016-04-27 | 2016-08-24 | 江苏警官学院 | Anti-virus system based on SDN (Software Defined Network) |
| CN105897728B (en) * | 2016-04-27 | 2022-06-17 | 江苏警官学院 | Anti-virus system based on SDN |
| CN108667770A (en) * | 2017-03-29 | 2018-10-16 | 腾讯科技(深圳)有限公司 | A kind of loophole test method, server and the system of website |
| CN108667770B (en) * | 2017-03-29 | 2020-12-18 | 腾讯科技(深圳)有限公司 | Website vulnerability testing method, server and system |
| CN109547401A (en) * | 2017-09-21 | 2019-03-29 | 通用汽车环球科技运作有限责任公司 | Cyberspace vulnerability is prioritized and repairs |
| CN109547401B (en) * | 2017-09-21 | 2021-07-06 | 通用汽车环球科技运作有限责任公司 | Network security vulnerability prioritization and remediation |
| CN107528860A (en) * | 2017-10-12 | 2017-12-29 | 中国科学院计算机网络信息中心 | Network security method of testing, system and storage medium |
| CN109977673B (en) * | 2017-12-27 | 2021-07-16 | 航天信息股份有限公司 | Vulnerability repairing method and system based on web website system security |
| CN109977673A (en) * | 2017-12-27 | 2019-07-05 | 航天信息股份有限公司 | A kind of loophole restorative procedure and system based on web site system safety |
| CN108667854A (en) * | 2018-06-29 | 2018-10-16 | 北京奇虎科技有限公司 | Network hole detection method and device, network hole automated pubilication system |
| CN109819292B (en) * | 2019-01-28 | 2021-01-29 | 北京牡丹电子集团有限责任公司数字电视技术中心 | Control method of remote media machine and remote media machine |
| CN109819292A (en) * | 2019-01-28 | 2019-05-28 | 北京牡丹电子集团有限责任公司数字电视技术中心 | A kind of control method and remote media machine of remote media machine |
| CN109981600A (en) * | 2019-03-06 | 2019-07-05 | 山东信天辰信息安全技术有限公司 | A kind of safety evaluation system that website reinforces |
| CN109981600B (en) * | 2019-03-06 | 2021-08-17 | 山东信天辰信息安全技术有限公司 | Security assessment system for website reinforcement |
| CN115102751A (en) * | 2022-06-17 | 2022-09-23 | 西安热工研究院有限公司 | Method for testing capability of safety service manufacturer |
| CN115102751B (en) * | 2022-06-17 | 2023-09-15 | 西安热工研究院有限公司 | Method for checking capability of security service manufacturer |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102664876A (en) | Method and system for detecting network security | |
| Gupta et al. | XSS-secure as a service for the platforms of online social network-based multimedia web applications in cloud | |
| Kim et al. | Certified malware: Measuring breaches of trust in the windows code-signing pki | |
| Wei et al. | Preventing SQL injection attacks in stored procedures | |
| US9584543B2 (en) | Method and system for web integrity validator | |
| US10033746B2 (en) | Detecting unauthorised changes to website content | |
| CN104301302B (en) | Go beyond one's commission attack detection method and device | |
| Vidas et al. | Sweetening android lemon markets: measuring and combating malware in application marketplaces | |
| Van Goethem et al. | Large-scale security analysis of the web: Challenges and findings | |
| CN102739675B (en) | Website security detection method and device | |
| Eshete et al. | Webwinnow: Leveraging exploit kit workflows to detect malicious urls | |
| CN102739653B (en) | Detection method and device aiming at webpage address | |
| CN107896219B (en) | Method, system and related device for detecting website vulnerability | |
| KR20090025146A (en) | Method and apparatus for preventing web page attacks | |
| CN103634317A (en) | Method and system of performing safety appraisal on malicious web site information on basis of cloud safety | |
| CN104618178A (en) | Website bug online evaluation method and device | |
| Rocha et al. | Etssdetector: A tool to automatically detect cross-site scripting vulnerabilities | |
| CN104618177A (en) | Website bug examination method and device | |
| CN106982188B (en) | Malicious propagation source detection method and device | |
| CN106209907B (en) | Method and device for detecting malicious attack | |
| CN104506541A (en) | Website loophole alarming method and device | |
| CN111625821A (en) | Application attack detection system based on cloud platform | |
| KR101372906B1 (en) | Method and system to prevent malware code | |
| KR101639869B1 (en) | Program for detecting malignant code distributing network | |
| Shahriar et al. | OCL fault injection-based detection of LDAP query injection vulnerabilities |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: XINGYUN RONGCHUANG (BEIJING) INFORMATION TECHNOLOG Free format text: FORMER OWNER: XINGYUN RONGCHUANG (BEIJING) TECHNOLOGY CO., LTD. Effective date: 20121217 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 100080 HAIDIAN, BEIJING TO: 100000 HAIDIAN, BEIJING |
|
| TA01 | Transfer of patent application right |
Effective date of registration: 20121217 Address after: 100000, 1825-043, room 15, 66 West Fourth Ring Road, Haidian District, Beijing Applicant after: Xingyun Rongchuang (Beijing) Information Technology Co.,Ltd. Address before: 100080, Beijing, Haidian District, No. 66 West Fourth Ring Road, China Technology Trading Building, block B, 18 Applicant before: Xingyun Rongchuang (Beijing) Technology Co.,Ltd. |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| CB02 | Change of applicant information |
Address after: 100000 Beijing City, Haidian District Haidian Street No. 3 electronic market office building A block 10 layer Applicant after: Xingyun Rongchuang (Beijing) Information Technology Co.,Ltd. Address before: 100000, 1825-043, room 15, 66 West Fourth Ring Road, Haidian District, Beijing Applicant before: Xingyun Rongchuang (Beijing) Information Technology Co.,Ltd. |
|
| COR | Change of bibliographic data | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20151112 Address after: 100080, room 10, building 1, 3 Haidian Avenue, Beijing,, Haidian District Applicant after: Xingyun Rongchuang (Beijing) Technology Co.,Ltd. Address before: 100000 Beijing City, Haidian District Haidian Street No. 3 electronic market office building A block 10 layer Applicant before: Xingyun Rongchuang (Beijing) Information Technology Co.,Ltd. |
|
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20120912 |