当前位置:首页 > 最新专利 > 一种基于预加载的安全扫描方法及装置
收藏

Safety scanning method and device based on preloading

文档序号:7950 发布日期:2021-09-17 浏览:76次 中文

1. A security scanning method based on preloading is characterized by comprising the following steps:

s1, acquiring target application software to be scanned, judging whether the target application software is over-scanned or not, and loading the existing scanning result of the target application software when the target application software is over-scanned;

s2, layering URLs according to the existing scanning results of the target application software, respectively scanning the URLs of all layers again by taking the bugs as priorities, and summarizing and outputting the scanning results of the URLs of all layers.

2. The pre-loading-based security scanning method of claim 1, wherein the step S1 comprises the following steps:

s11, acquiring target application software to be scanned and a URL (uniform resource locator) thereof;

s12, judging whether the existing scanning result has a URL which is completely the same as the URL of the target application software;

if yes, setting the URL which is completely the same as the URL of the target application software in the scanning result as a mark URL, and entering step S13;

if not, go to step S14;

s13, setting the target application software to use the existing scanning result, or performing additional scanning on the existing scanning result, and ending;

s14, processing the target application software URL and the existing scanning result URL, and extracting key feature items;

and S15, judging whether the key feature item of the target application software URL has the same part with the key feature item of the existing scanning result URL, and whether the proportion of the same part exceeds a set proportion threshold, if so, judging that the target application software is over-scanned.

3. The pre-loading-based security scanning method of claim 2, wherein the step S13 comprises the following steps:

s131, judging whether the IP and the scanning rule of the host to be scanned of the target application software are the same as the existing scanning result corresponding to the marked URL;

if yes, go to step S132;

if not, go to step S133;

s132, using the existing scanning result corresponding to the marked URL as the scanning result of the target application software, and ending;

and S133, if the IP of the host to be scanned is changed or the scanning rule is changed, reconfiguring the IP of the host to be scanned or the scanning rule, and performing additional scanning on the existing scanning result to finish the operation.

4. The pre-loading-based security scanning method of claim 2, wherein the step S14 comprises the following steps:

s141, acquiring a target application software URL and all characteristic items of the URL with the scanning result; the characteristic items of the URL comprise a protocol type, a domain name or a host name, a port, a path and a file name, a parameter part and an anchor part;

s142, extracting key feature items from the target application software URL and the feature items of the existing scanning result URL; the key feature items include path and file names, parameter parts, and anchor parts.

5. The pre-loading-based security scanning method of claim 2, wherein the step S15 comprises the following steps:

s151, setting a comparison example threshold value;

s152, judging whether the key feature item of the target application software URL and the key feature item of the existing scanning result URL have the same part, and whether the proportion of the same part exceeds a set proportion threshold value;

if not, go to step S153;

if yes, go to step S154;

s153, judging that the target application software is not over-scanned, sequentially scanning the target application software, outputting a scanning result, and ending;

and S154, judging that the target application software is subjected to overscan.

6. The pre-loading-based security scanning method of claim 1, wherein the step S2 comprises the following steps:

s21, obtaining the existing scanning result of the target application software;

s22, layering the URL of the target application software according to whether the same URL exists in the existing scanning result or not and whether a bug exists or not;

s23, setting the same URL in the existing scanning result and the URL with the loophole in the existing scanning result as a first-layer URL, scanning the first-layer URL, and outputting a first-layer scanning result;

s24, setting the same URL in the existing scanning result but without the loophole in the existing scanning result as a second-layer URL, scanning the second-layer URL, and updating the scanning result to a first-layer scanning result;

s25, setting URLs which do not exist in the existing scanning results as third-layer URLs, scanning the third-layer URLs, and updating the scanning results to first-layer scanning results;

and S26, outputting a layer of scanning result.

7. The pre-load based security scanning method of claim 6, wherein a step SS25 is further provided between the step S25 and the step S26;

SS25, setting the URL which exists in the existing scanning result but does not exist in the target application software as a fourth-layer URL, scanning the fourth-layer URL, setting the scanning result as an optional display, and merging the optional display and the first-layer scanning result;

in step S26, a comparison result between the one-layer scan result and the existing scan result is output.

8. A pre-load based security scanner apparatus, comprising:

the existing scanning result loading module (1) is used for acquiring target application software to be scanned, judging whether the target application software is over-scanned or not, and loading the existing scanning result of the target application software when the target application software is over-scanned;

and the layered scanning module (2) is used for layering the URL according to the existing scanning results of the target application software, respectively scanning the URLs of all layers again by taking the vulnerability as the priority, and summarizing and outputting the scanning results of the URLs of all layers.

9. The pre-load based security scanning apparatus according to claim 8, wherein the existing scanning result loading module (1) comprises:

a target application software URL obtaining unit (1.1) for obtaining target application software to be scanned and URL thereof;

a URL judging unit (1.2) for judging whether a URL identical to the URL of the target application software exists in the existing scanning result;

a marked URL setting unit (1.3) for setting a URL which is identical to the URL of the target application software in the scanning result as a marked URL;

an existing scanning result using unit (1.4) for setting the target application software to use the existing scanning result or performing additional scanning on the existing scanning result when the identical URL exists in the existing scanning result;

the URL processing unit (1.5) is used for processing the URL of the target application software and the URL with the scanning result and extracting key characteristic items;

and the scanned target application software judging unit (1.6) is used for judging whether the key feature item of the target application software URL and the key feature item of the existing scanning result URL have the same part, and whether the proportion of the same part exceeds a set proportion threshold value, if so, the target application software is judged to be over-scanned.

10. The preload-based security scan apparatus as claimed in claim 8, wherein the hierarchical scan module (2) comprises:

an existing scanning result obtaining unit (2.1) for obtaining an existing scanning result of the target application software;

the URL layering unit (2.2) is used for layering the URL of the target application software according to whether the same URL exists in the existing scanning result or not and whether a bug exists or not;

a first-layer scanning unit (2.3) for setting the same URL existing in the existing scanning result and loopholes existing in the existing scanning result as a first-layer URL, scanning the first-layer URL and outputting a first-layer scanning result;

a second-layer scanning unit (2.4) for setting the same URL existing in the existing scanning result but without loophole in the existing scanning result as a second-layer URL, scanning the second-layer URL, and updating the scanning result to a first-layer scanning result;

a three-layer scanning unit (2.5) for setting the URL which does not exist in the existing scanning result as a third-layer URL, scanning the third-layer URL and updating the scanning result to a first-layer scanning result;

and the scanning result output unit (2.6) is used for outputting a layer of scanning results.

Background

The general security scanning is mainly divided into two parts, wherein one part refers to background scanning and comprises scanning of ports, services, third-party components and the like; the other part is Web scanning, which scans the application through the browser.

The conventional security scan is mainly performed by presetting a rule in advance, selecting the preset rule during scanning, and then outputting a result through scanning. Such scanning can meet the requirement of security scanning, and if the rules are relatively few, the scanning result can be output relatively quickly, however, as the rules increase, the scanning speed inevitably becomes slower and slower, especially when the scanning configuration before can be selected when the scanning is performed for the same application software for a plurality of times, the scanning process is still performed in sequence, and the output result still needs a long time.

This is a disadvantage of the prior art, and therefore, it is very necessary to provide a security scanning method and apparatus based on pre-loading for the above-mentioned drawbacks of the prior art.

Disclosure of Invention

Aiming at the defect that the scanning time is long when the conventional security scanning is increased along with the increase of rules in the prior art, particularly when the same application software is scanned for multiple times, the invention provides a security scanning method and a security scanning device based on preloading, so as to solve the technical problems.

In a first aspect, the present invention provides a security scanning method based on preloading, including the following steps:

s1, acquiring target application software to be scanned, judging whether the target application software is over-scanned or not, and loading the existing scanning result of the target application software when the target application software is over-scanned;

s2, layering URLs according to the existing scanning results of the target application software, respectively scanning the URLs of all layers again by taking the bugs as priorities, and summarizing and outputting the scanning results of the URLs of all layers.

Further, the step S1 specifically includes the following steps:

s11, acquiring target application software to be scanned and a URL (uniform resource locator) thereof;

s12, judging whether the existing scanning result has a URL which is completely the same as the URL of the target application software;

if yes, setting the URL which is completely the same as the URL of the target application software in the scanning result as a mark URL, and entering step S13;

if not, go to step S14;

s13, setting the target application software to use the existing scanning result, or performing additional scanning on the existing scanning result, and ending;

s14, processing the target application software URL and the existing scanning result URL, and extracting key feature items;

and S15, judging whether the key feature item of the target application software URL has the same part with the key feature item of the existing scanning result URL, and whether the proportion of the same part exceeds a set proportion threshold, if so, judging that the target application software is over-scanned. When the URL of the target application software has the identical URL in the existing scanning result, the target application software definitely determines that the target application software has been subjected to the scanning, and for the case that whether the target application software cannot be definitely determined to be subjected to the scanning, further judgment needs to be performed according to the identical proportion in the key feature item.

Further, the step S13 specifically includes the following steps:

s131, judging whether the IP and the scanning rule of the host to be scanned of the target application software are the same as the existing scanning result corresponding to the marked URL;

if yes, go to step S132;

if not, go to step S133;

s132, using the existing scanning result corresponding to the marked URL as the scanning result of the target application software, and ending;

and S133, if the IP of the host to be scanned is changed or the scanning rule is changed, reconfiguring the IP of the host to be scanned or the scanning rule, and performing additional scanning on the existing scanning result to finish the operation. If the host IP, URL and scanning rule of the target application software are not changed before, the existing scanning result is directly used, and if the host IP or the target application software is newly added and the scanning rule is changed, the scanning is performed after the configuration is repeated.

Further, the step S14 specifically includes the following steps:

s141, acquiring a target application software URL and all characteristic items of the URL with the scanning result; the characteristic items of the URL comprise a protocol type, a domain name or a host name, a port, a path and a file name, a parameter part and an anchor part;

s142, extracting key feature items from the target application software URL and the feature items of the existing scanning result URL; the key feature items include path and file names, parameter parts, and anchor parts. The path, the file name, the parameters and the anchor are defined by developers of the application software, have high randomness, are different from one another generally, and can be used as conditions for judging the application software; the host IP and the scanning rule are not taken as key characteristic items, because most application software is not necessarily deployed on the same host when deployed, and the host IP itself has a change condition; the scanning rules are equivalent to the check items, and the number of the check items cannot be used as a basis for judgment, and generally, the scanning rules are generally selected by default or selected all over for different application software during scanning, and in the scanning result, although the difference of the scanning rules may cause the difference of vulnerabilities, the scanning rules cannot be used as a basis for judging whether the application software currently being scanned is the same as the application software scanned before.

Further, the step S15 specifically includes the following steps:

s151, setting a comparison example threshold value;

s152, judging whether the key feature item of the target application software URL and the key feature item of the existing scanning result URL have the same part, and whether the proportion of the same part exceeds a set proportion threshold value;

if not, go to step S153;

if yes, go to step S154;

s153, judging that the target application software is not over-scanned, sequentially scanning the target application software, outputting a scanning result, and ending;

and S154, judging that the target application software is subjected to overscan. Setting a proportion threshold value, such as 100%, 50% and 10%, wherein the proportion threshold value can be configured, when the requirement of the threshold value is met, judging target application software, performing overscan, and loading the existing scanning result, if a plurality of scanning results exist, preferentially displaying the latest scanning result as the existing scanning result, and using other scanning results as the alternatives of the existing scanning result.

Further, the step S2 specifically includes the following steps:

s21, obtaining the existing scanning result of the target application software;

s22, layering the URL of the target application software according to whether the same URL exists in the existing scanning result or not and whether a bug exists or not;

s23, setting the same URL in the existing scanning result and the URL with the loophole in the existing scanning result as a first-layer URL, scanning the first-layer URL, and outputting a first-layer scanning result;

s24, setting the same URL in the existing scanning result but without the loophole in the existing scanning result as a second-layer URL, scanning the second-layer URL, and updating the scanning result to a first-layer scanning result;

s25, setting URLs which do not exist in the existing scanning results as third-layer URLs, scanning the third-layer URLs, and updating the scanning results to first-layer scanning results;

and S26, outputting a layer of scanning result. And regarding the URL with the same vulnerability as a first-layer URL, firstly submitting scanning and outputting a scanning result by using the first-layer URL as a task package, checking whether the vulnerability existing before is solved in the currently scanned target application software through the scanning of the layer, then sequentially scanning the second-layer URL and the third-layer URL, and updating the scanning result.

Further, step SS25 is provided between step S25 and step S26;

SS25, setting the URL which exists in the existing scanning result but does not exist in the target application software as a fourth-layer URL, scanning the fourth-layer URL, setting the scanning result as an optional display, and merging the optional display and the first-layer scanning result;

in step S26, a comparison result between the one-layer scan result and the existing scan result is output. For the four-layer URL, the URL is not submitted to scanning as a task package, but after the whole scanning is finished, no matter whether the part of the URL has a bug or not, the previous scanning result is merged into the current scanning result, the scanning result is hidden by default, and the scanning result can be displayed selectively; after the integral scanning is finished, the integral scanning result shows the current scanning result of the target application software by default, and a comparison result between the current scanning result and the previous scanning result can be displayed by selection.

In a second aspect, the present invention provides a pre-load based security scanning apparatus comprising:

the existing scanning result loading module is used for acquiring target application software to be scanned, judging whether the target application software is over-scanned or not, and loading the existing scanning result of the target application software when the target application software is over-scanned;

and the layered scanning module is used for layering the URL according to the existing scanning results of the target application software, respectively scanning the URLs of all layers again by taking the bugs as priorities, and summarizing and outputting the scanning results of the URLs of all layers.

Further, the existing scan result loading module includes:

the target application software URL acquisition unit is used for acquiring target application software to be scanned and a URL thereof;

a URL judging unit for judging whether a URL identical to that of the target application software exists in the existing scanning result;

a marked URL setting unit, which is used for setting the URL which is completely the same as the URL of the target application software in the scanning result as a marked URL; the existing scanning result using unit is used for setting the target application software to use the existing scanning result or performing additional scanning on the existing scanning result to finish when the identical URL exists in the existing scanning result;

the URL processing unit is used for processing the target application software URL and the existing scanning result URL and extracting key characteristic items;

and the scanned target application software judging unit is used for judging whether the key feature item of the URL of the target application software and the key feature item of the URL of the existing scanning result have the same part, and whether the proportion of the same part exceeds a set proportion threshold value, if so, judging that the target application software is over-scanned.

Further, the hierarchical scanning module includes:

the existing scanning result acquisition unit is used for acquiring an existing scanning result of the target application software;

the URL layering unit is used for layering the URL of the target application software according to whether the same URL exists in the existing scanning result or not and whether a bug exists or not;

the first-layer scanning unit is used for setting the same URL in the existing scanning result and the URL with the vulnerability in the existing scanning result as a first-layer URL, scanning the first-layer URL and outputting a first-layer scanning result;

the second-layer scanning unit is used for setting the same URL in the existing scanning result but no loophole in the existing scanning result as a second-layer URL, scanning the second-layer URL and updating the scanning result to a first-layer scanning result;

the three-layer scanning unit is used for setting the URL which does not exist in the existing scanning result as a third-layer URL, scanning the third-layer URL and updating the scanning result to a first-layer scanning result;

and the scanning result output unit is used for outputting a layer of scanning result.

The beneficial effect of the invention is that,

according to the safety scanning method and device based on preloading, whether the target application software is subjected to over-scanning before scanning is judged through the URL, so that the existing scanning result is loaded, whether the URL has a bug in the previous scanning result or not is judged, scanning is carried out in a layered mode, scanning of the URL with the bug is preferentially carried out, rapid verification of bug repair is achieved, and bug verification efficiency is improved.

In addition, the invention has reliable design principle, simple structure and very wide application prospect.

Therefore, compared with the prior art, the invention has prominent substantive features and remarkable progress, and the beneficial effects of the implementation are also obvious.

Drawings

In order to more clearly illustrate the embodiments or technical solutions in the prior art of the present invention, the drawings used in the description of the embodiments or prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained based on these drawings without creative efforts.

FIG. 1 is a first schematic flow chart of the method of the present invention;

FIG. 2 is a second schematic flow chart of the method of the present invention;

FIG. 3 is a schematic diagram of the system of the present invention;

in the figure, 1-existing scan result loads the module; 1.1-target application software URL obtaining unit; 1.2-URL judging unit; 1.3-flag URL setting unit; 1.4-existing scan result using unit; 1.5-URL processing unit; 1.6-target application software scanned judging unit; 2-layered scanning module; 2.1-existing scanning result acquisition unit; 2.2-URL hierarchical unit; 2.3-one layer of scanning units; 2.4-two-layer scanning unit; 2.5-three layers of scanning units; 2.6-scanning result output unit.

Detailed Description

In order to make those skilled in the art better understand the technical solution of the present invention, the technical solution in the embodiment of the present invention will be clearly and completely described below with reference to the drawings in the embodiment of the present invention, and it is obvious that the described embodiment is only a part of the embodiment of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

The URL, which is a short name for Uniform Resource Locator, is a representation method for specifying information location on the web service program of the internet, and on the WWW, each information Resource has a Uniform and unique address on the web, which is called URL, which is a Uniform Resource location mark of the WWW, that is, a network address.

Example 1:

as shown in fig. 1, the present invention provides a security scanning method based on preloading, which includes the following steps:

s1, acquiring target application software to be scanned, judging whether the target application software is over-scanned or not, and loading the existing scanning result of the target application software when the target application software is over-scanned;

s2, layering URLs according to the existing scanning results of the target application software, respectively scanning the URLs of all layers again by taking the bugs as priorities, and summarizing and outputting the scanning results of the URLs of all layers.

Example 2:

as shown in fig. 2, the present invention provides a security scanning method based on preloading, which includes the following steps:

s1, acquiring target application software to be scanned, judging whether the target application software is over-scanned or not, and loading the existing scanning result of the target application software when the target application software is over-scanned; the method comprises the following specific steps:

s11, acquiring target application software to be scanned and a URL (uniform resource locator) thereof;

s12, judging whether the existing scanning result has a URL which is completely the same as the URL of the target application software;

if yes, setting the URL which is completely the same as the URL of the target application software in the scanning result as a mark URL, and entering step S13;

if not, go to step S14;

s13, setting the target application software to use the existing scanning result, or performing additional scanning on the existing scanning result, and ending;

s14, processing the target application software URL and the existing scanning result URL, and extracting key feature items;

s15, judging whether the key feature item of the target application software URL and the key feature item of the existing scanning result URL have the same part, and whether the proportion of the same part exceeds a set proportion threshold value, if so, judging that the target application software is over-scanned; when the URL of the target application software has the identical URL in the existing scanning result, the target application software is definitely determined to have been subjected to scanning, and whether the target application software is subjected to the scanning cannot be definitely determined to be further judged according to the proportion of the identical part in the key characteristic item;

s2, layering URLs according to the existing scanning results of the target application software, respectively scanning the URLs of all layers again by taking the bugs as priorities, and summarizing and outputting the scanning results of the URLs of all layers; the method comprises the following specific steps:

s21, obtaining the existing scanning result of the target application software;

s22, layering the URL of the target application software according to whether the same URL exists in the existing scanning result or not and whether a bug exists or not;

s23, setting the same URL in the existing scanning result and the URL with the loophole in the existing scanning result as a first-layer URL, scanning the first-layer URL, and outputting a first-layer scanning result;

s24, setting the same URL in the existing scanning result but without the loophole in the existing scanning result as a second-layer URL, scanning the second-layer URL, and updating the scanning result to a first-layer scanning result;

s25, setting URLs which do not exist in the existing scanning results as third-layer URLs, scanning the third-layer URLs, and updating the scanning results to first-layer scanning results;

s26, outputting a layer of scanning result; and regarding the URL with the same vulnerability as a first-layer URL, firstly submitting scanning and outputting a scanning result by using the first-layer URL as a task package, checking whether the vulnerability existing before is solved in the currently scanned target application software through the scanning of the layer, then sequentially scanning the second-layer URL and the third-layer URL, and updating the scanning result.

Example 3:

as shown in fig. 2, the present invention provides a security scanning method based on preloading, which includes the following steps:

s1, acquiring target application software to be scanned, judging whether the target application software is over-scanned or not, and loading the existing scanning result of the target application software when the target application software is over-scanned; the method comprises the following specific steps:

s11, acquiring target application software to be scanned and a URL (uniform resource locator) thereof;

s12, judging whether the existing scanning result has a URL which is completely the same as the URL of the target application software;

if yes, setting the URL which is completely the same as the URL of the target application software in the scanning result as a mark URL, and entering step S13;

if not, go to step S14;

s13, setting the target application software to use the existing scanning result, or performing additional scanning on the existing scanning result, and ending; the method comprises the following specific steps:

s131, judging whether the IP and the scanning rule of the host to be scanned of the target application software are the same as the existing scanning result corresponding to the marked URL;

if yes, go to step S132;

if not, go to step S133;

s132, using the existing scanning result corresponding to the marked URL as the scanning result of the target application software, and ending;

s133, if the IP of the host to be scanned is changed or the scanning rule is changed, the IP of the host to be scanned or the scanning rule is reconfigured, and the existing scanning result is subjected to additional scanning, and then the process is finished; if the host IP, URL and scanning rule of the target application software are not changed before, the existing scanning result is directly used, and if the host IP or the target application software function is newly added and the scanning rule is changed, the scanning is performed after the configuration is repeated;

s14, processing the target application software URL and the existing scanning result URL, and extracting key feature items; the method comprises the following specific steps:

s141, acquiring a target application software URL and all characteristic items of the URL with the scanning result; the characteristic items of the URL comprise a protocol type, a domain name or a host name, a port, a path and a file name, a parameter part and an anchor part;

s142, extracting key feature items from the target application software URL and the feature items of the existing scanning result URL; the key feature items comprise paths, file names, parameter parts and anchor parts; the path, the file name, the parameters and the anchor are defined by developers of the application software, have high randomness, are different from one another generally, and can be used as conditions for judging the application software; the host IP and the scanning rule are not taken as key characteristic items, because most application software is not necessarily deployed on the same host when deployed, and the host IP itself has a change condition; the scanning rules are equivalent to the check items, the number of the check items cannot be used as a basis for judgment, and generally, the scanning rules are generally selected by default or selected all over for different application software during scanning, and in a scanning result, although the difference of the scanning rules may cause the difference of vulnerabilities, the scanning rules cannot be used as a basis for judging whether the application software currently being scanned is the same as the application software scanned previously; for example: http:// www.example.com:8080/path/example. asppraam ═ value # name removes protocol type, domain name or host name, port part, the rest path and file name, parameter part, anchor part are key feature item, i.e./path/example. asppram ═ value # name;

s15, judging whether the key feature item of the target application software URL and the key feature item of the existing scanning result URL have the same part, and whether the proportion of the same part exceeds a set proportion threshold value, if so, judging that the target application software is over-scanned; the method comprises the following specific steps:

s151, setting a comparison example threshold value;

s152, judging whether the key feature item of the target application software URL and the key feature item of the existing scanning result URL have the same part, and whether the proportion of the same part exceeds a set proportion threshold value;

if not, go to step S153;

if yes, go to step S154;

s153, judging that the target application software is not over-scanned, sequentially scanning the target application software, outputting a scanning result, and ending;

s154, judging that the target application software is subjected to overscan; setting a proportion threshold value, such as 100%, 50% and 10%, wherein the proportion threshold value can be configured, when the requirement of the threshold value is met, judging target application software, performing overscan, and loading the existing scanning result, if a plurality of scanning results exist, preferentially displaying the latest scanning result as the existing scanning result, and using other scanning results as the alternatives of the existing scanning result;

s2, layering URLs according to the existing scanning results of the target application software, respectively scanning the URLs of all layers again by taking the bugs as priorities, and summarizing and outputting the scanning results of the URLs of all layers; the method comprises the following specific steps:

s21, obtaining the existing scanning result of the target application software;

s22, layering the URL of the target application software according to whether the same URL exists in the existing scanning result or not and whether a bug exists or not;

s23, setting the same URL in the existing scanning result and the URL with the loophole in the existing scanning result as a first-layer URL, scanning the first-layer URL, and outputting a first-layer scanning result;

s24, setting the same URL in the existing scanning result but without the loophole in the existing scanning result as a second-layer URL, scanning the second-layer URL, and updating the scanning result to a first-layer scanning result;

s25, setting URLs which do not exist in the existing scanning results as third-layer URLs, scanning the third-layer URLs, and updating the scanning results to first-layer scanning results;

s26, outputting a layer of scanning result; and regarding the URL with the same vulnerability as a first-layer URL, firstly submitting scanning and outputting a scanning result by using the first-layer URL as a task package, checking whether the vulnerability existing before is solved in the currently scanned target application software through the scanning of the layer, then sequentially scanning the second-layer URL and the third-layer URL, and updating the scanning result.

Example 4:

as shown in fig. 2, the present invention provides a security scanning method based on preloading, which includes the following steps:

s1, acquiring target application software to be scanned, judging whether the target application software is over-scanned or not, and loading the existing scanning result of the target application software when the target application software is over-scanned; the method comprises the following specific steps:

s11, acquiring target application software to be scanned and a URL (uniform resource locator) thereof;

s12, judging whether the existing scanning result has a URL which is completely the same as the URL of the target application software;

if yes, setting the URL which is completely the same as the URL of the target application software in the scanning result as a mark URL, and entering step S13;

if not, go to step S14;

s13, setting the target application software to use the existing scanning result, or performing additional scanning on the existing scanning result, and ending; the method comprises the following specific steps:

s131, judging whether the IP and the scanning rule of the host to be scanned of the target application software are the same as the existing scanning result corresponding to the marked URL;

if yes, go to step S132;

if not, go to step S133;

s132, using the existing scanning result corresponding to the marked URL as the scanning result of the target application software, and ending;

s133, if the IP of the host to be scanned is changed or the scanning rule is changed, the IP of the host to be scanned or the scanning rule is reconfigured, and the existing scanning result is subjected to additional scanning, and then the process is finished;

s14, processing the target application software URL and the existing scanning result URL, and extracting key feature items; the method comprises the following specific steps:

s141, acquiring a target application software URL and all characteristic items of the URL with the scanning result; the characteristic items of the URL comprise a protocol type, a domain name or a host name, a port, a path and a file name, a parameter part and an anchor part;

s142, extracting key feature items from the target application software URL and the feature items of the existing scanning result URL; the key feature items comprise paths, file names, parameter parts and anchor parts;

s15, judging whether the key feature item of the target application software URL and the key feature item of the existing scanning result URL have the same part, and whether the proportion of the same part exceeds a set proportion threshold value, if so, judging that the target application software is over-scanned; the method comprises the following specific steps:

s151, setting a comparison example threshold value;

s152, judging whether the key feature item of the target application software URL and the key feature item of the existing scanning result URL have the same part, and whether the proportion of the same part exceeds a set proportion threshold value;

if not, go to step S153;

if yes, go to step S154;

s153, judging that the target application software is not over-scanned, sequentially scanning the target application software, outputting a scanning result, and ending;

s154, judging that the target application software is subjected to overscan;

s2, layering URLs according to the existing scanning results of the target application software, respectively scanning the URLs of all layers again by taking the bugs as priorities, and summarizing and outputting the scanning results of the URLs of all layers; the method comprises the following specific steps:

s21, obtaining the existing scanning result of the target application software;

s22, layering the URL of the target application software according to whether the same URL exists in the existing scanning result or not and whether a bug exists or not;

s23, setting the same URL in the existing scanning result and the URL with the loophole in the existing scanning result as a first-layer URL, scanning the first-layer URL, and outputting a first-layer scanning result;

s24, setting the same URL in the existing scanning result but without the loophole in the existing scanning result as a second-layer URL, scanning the second-layer URL, and updating the scanning result to a first-layer scanning result;

s25, setting URLs which do not exist in the existing scanning results as third-layer URLs, scanning the third-layer URLs, and updating the scanning results to first-layer scanning results;

SS25, setting the URL which exists in the existing scanning result but does not exist in the target application software as a fourth-layer URL, scanning the fourth-layer URL, setting the scanning result as an optional display, and merging the optional display and the first-layer scanning result;

s26, outputting a comparison result of a layer of scanning result and the existing scanning result;

for the four-layer URL, the URL is not submitted to scanning as a task package, but after the whole scanning is finished, no matter whether the part of the URL has a bug or not, the previous scanning result is merged into the current scanning result, the scanning result is hidden by default, and the scanning result can be displayed selectively; after the integral scanning is finished, the integral scanning result shows the current scanning result of the target application software by default, and a comparison result between the current scanning result and the previous scanning result can be displayed by selection.

Example 5:

as shown in fig. 3, the present invention provides a pre-load based security scanning apparatus, comprising:

the existing scanning result loading module 1 is used for acquiring target application software to be scanned, judging whether the target application software is over-scanned or not, and loading an existing scanning result of the target application software when the target application software is over-scanned;

and the layered scanning module 2 is used for layering the URL according to the existing scanning results of the target application software, respectively scanning the URLs of all layers again by taking the bugs as priorities, and summarizing and outputting the scanning results of the URLs of all layers.

Example 6:

as shown in fig. 3, the present invention provides a pre-load based security scanning apparatus, comprising:

the existing scanning result loading module 1 is used for acquiring target application software to be scanned, judging whether the target application software is over-scanned or not, and loading an existing scanning result of the target application software when the target application software is over-scanned; the existing scan result loading module 1 includes:

a target application software URL obtaining unit 1.1, which is used for obtaining target application software to be scanned and URL thereof;

a URL determination unit 1.2, configured to determine whether a URL that is identical to a URL of the target application software exists in an existing scanning result;

a marked URL setting unit 1.3, configured to set, as a marked URL, a URL in the scan result that is identical to the URL of the target application software;

existing scanning result using unit 1.4, for setting target application software to use existing scanning result or performing additional scanning on existing scanning result, and ending when there is identical URL in existing scanning result;

the URL processing unit 1.5 is used for processing the URL of the target application software and the URL with the scanning result and extracting key characteristic items;

the target application software scanned judging unit 1.6 is used for judging whether the key feature item of the target application software URL and the key feature item of the existing scanning result URL have the same part, and whether the proportion of the same part exceeds a set proportion threshold value, if so, the target application software is judged to be over-scanned;

the layered scanning module 2 is used for layering the URL according to the loopholes of the existing scanning results of the target application software, respectively scanning the URLs of all layers again by taking the loopholes as priority, and summarizing and outputting the scanning results of the URLs of all layers; the layered scanning module 2 includes:

an existing scanning result obtaining unit 2.1, configured to obtain an existing scanning result of the target application software;

the URL layering unit 2.2 is used for layering the URL of the target application software according to whether the same URL exists in the existing scanning result or not and whether a bug exists or not;

a first-layer scanning unit 2.3, configured to set, as a first-layer URL, the same URL that exists in an existing scanning result and that has a vulnerability in the existing scanning result, scan the first-layer URL, and output a first-layer scanning result;

a second-layer scanning unit 2.4, configured to set, as a second-layer URL, the same URL that exists in an existing scanning result but does not have a vulnerability in the existing scanning result, scan the second-layer URL, and update the scanning result to a first-layer scanning result;

a third-layer scanning unit 2.5, configured to set a URL that does not exist in an existing scanning result as a third-layer URL, scan the third-layer URL, and update the scanning result to a first-layer scanning result;

and the scanning result output unit 2.6 is used for outputting a layer of scanning results.

Example 7:

as shown in fig. 3, the present invention provides a pre-load based security scanning apparatus, comprising:

the existing scanning result loading module 1 is used for acquiring target application software to be scanned, judging whether the target application software is over-scanned or not, and loading an existing scanning result of the target application software when the target application software is over-scanned; the existing scan result loading module 1 includes:

a target application software URL obtaining unit 1.1, which is used for obtaining target application software to be scanned and URL thereof;

the URL judging unit 1.2 is used for judging whether the existing scanning result has a URL which is completely the same as the URL of the target application software;

a marked URL setting unit 1.3, configured to set, as a marked URL, a URL in the scan result that is identical to the URL of the target application software;

an existing scanning result using unit 1.4, configured to set the target application software to use an existing scanning result or perform additional scanning on the existing scanning result when the identical URLs exist in the existing scanning result; the existing scan result using unit 1.4 includes:

a scanned explicit judgment subunit, configured to judge whether the host IP to be scanned and the scanning rule of the target application software are the same as the existing scanning result corresponding to the tag URL;

the original scanning result using subunit is used for using the existing scanning result corresponding to the marked URL as the scanning result of the target application software;

the original scanning result adding subunit is used for reconfiguring the IP of the host to be scanned or the scanning rule when the IP of the host to be scanned is changed or the scanning rule is changed, and performing additional scanning on the existing scanning result to finish the operation;

the URL processing unit 1.5 is used for processing the URL of the target application software and the URL with the scanning result and extracting key characteristic items; the URL processing unit 1.5 includes:

the characteristic item acquisition subunit is used for acquiring the URL of the target application software and all the characteristic items of the URL with the scanning result; the characteristic items of the URL comprise a protocol type, a domain name or a host name, a port, a path and a file name, a parameter part and an anchor part;

the key feature extraction subunit is used for extracting key feature items from the target application software URL and the feature items of the existing scanning result URL; the key feature items comprise paths, file names, parameter parts and anchor parts;

the target application software scanned judging unit 1.6 is used for judging whether the key feature item of the target application software URL and the key feature item of the existing scanning result URL have the same part, and whether the proportion of the same part exceeds a set proportion threshold value, if so, the target application software is judged to be over-scanned; the target application scanned determination unit 1.6 includes:

a proportional threshold setting subunit configured to set a proportional threshold;

the scanned non-definite judging subunit is used for judging whether the key feature item of the target application software URL and the key feature item of the existing scanning result URL have the same part or not, and whether the proportion of the same part exceeds a set proportion threshold or not;

the sequential scanning subunit is used for judging that the target application software is not subjected to overscan, sequentially scanning the target application software and outputting a scanning result;

the target software scanned judging subunit is used for judging whether the target application software is subjected to overscan;

the layered scanning module 2 is used for layering the URL according to the loopholes of the existing scanning results of the target application software, respectively scanning the URLs of all layers again by taking the loopholes as priority, and summarizing and outputting the scanning results of the URLs of all layers; the layered scanning module 2 includes:

an existing scanning result obtaining unit 2.1, configured to obtain an existing scanning result of the target application software;

the URL layering unit 2.2 is used for layering the URL of the target application software according to whether the same URL exists in the existing scanning result or not and whether a bug exists or not;

a first-layer scanning unit 2.3, configured to set, as a first-layer URL, the same URL that exists in an existing scanning result and that has a vulnerability in the existing scanning result, scan the first-layer URL, and output a first-layer scanning result;

a second-layer scanning unit 2.4, configured to set, as a second-layer URL, the same URL that exists in an existing scanning result but does not have a vulnerability in the existing scanning result, scan the second-layer URL, and update the scanning result to a first-layer scanning result;

a third-layer scanning unit 2.5, configured to set a URL that does not exist in an existing scanning result as a third-layer URL, scan the third-layer URL, and update the scanning result to a first-layer scanning result;

a four-layer scanning unit 2.7, configured to set a URL that exists in an existing scanning result but does not exist in the target application software as a fourth-layer URL, scan the fourth-layer URL, set the scanning result as an optional presentation, and merge the scanning result with the first-layer scanning result;

and the scanning result output unit 2.6 outputs a comparison result of the scanning result of the first layer and the existing scanning result.

Although the present invention has been described in detail by referring to the drawings in connection with the preferred embodiments, the present invention is not limited thereto. Various equivalent modifications or substitutions can be made on the embodiments of the present invention by those skilled in the art without departing from the spirit and scope of the present invention, and these modifications or substitutions are within the scope of the present invention/any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.

完整详细技术资料下载
上一篇:石墨接头机器人自动装卡簧、装栓机
下一篇:一种信息安全监控系统、方法、设备及存储介质

相关技术


网友询问留言

已有0条留言

还没有人留言评论。精彩留言会获得点赞!

精彩留言,会给你点赞!

技术分类