| With the rapid improvement of network, the problems of network security has become key points of current network technology. In normal cases, it is the system breach which brings chance to hacks and viruses to launch attacks. The vulnerability scanning technology is able to examine the potential vulnerability and enables the user to understand where the vulnerability is. In this way , system will be safe by some measures.First, vulnerability scanning technologies is analyzed, and the fundament and features of scanning technologies based on host and network is researched. Based on this, the assessment principle and the system architecture of OVAL were deeply studied as a new vulnerability assessment standard. Finally, a model of vulnerability scanning system based on OVAL is put forward.The detail of realization of vulnerability scanning system is given, including system architecture, functional modules, program flows, etc. The most important feature is how to collect the system information, the workflow of vulnerability scanning and the process of vulnerability analysis. The first realization of the solution is brought out to meet the requirement of uniform information description. And it is also compatible with this system.In the course of the implement, considering the user system's feature, the vulnerability database is recomposed in order to optimize the vulnerability definition class. When user system requests for scanning, only a part of related vulnerability information would be provided to ensure the efficiency of scanning. And it could also offer suitable definition of vulnerability base on the history of user configuration and complete the scanning efficiency. Thorough the tests both in Linux and Windows the result show that this system could work efficiently and portability. In the mean time it reduced the scanning consuming and is with the feature of easily portability and universality. |
PDF Full Text Request