Information Security Evaluation Technology Research And Software Implementation Based On Database And Vulnerability Scanning Technology

With the rapid development of the computer technology, the Internet has become the mainstream of the time. The security issues in information systems have grown very serious, the security of the database system and the data protection and the efforts to prevent the datum from being illegally destroyed have especially become social focus. The evaluation of the security of information systems has become an important means to safeguard the information systems. In the evaluation of the security of information systems, the collection of information on the security situation is a critical step, where the accuracy of the data determines the accuracy of evaluation and thus plays a crucial role in the maintenance of security of the system.The purpose of this essay is to design a scanning algorithm for security vulnerabilities. In order to improve the accuracy of the results of evaluation of the database security, the scan method according to the hierarchical judgement rule was adopted, which substantially increases the scanning efficiency and accuracy of the results, and put it into practice to validate them; besides, another purpose is to design and implement a database security evaluation system. The requirements for this evaluation system is, through the analysis of security vulnerabilities in the system and security vulnerability scanning in database systems, to form relevant scan reports, and analyse the vulnerabilities and the level of risk, security situation, etc. in the evaluated objects, so as to achieve an evaluation purpose of database systems security. This system is mainly consisted of several major parts such as user management, scanning task management, scan strategy setting, scan report management, which work together to achieve the purpose of evaluation of the database system.To achieve this objective, studies in many ways have been made, including the relevant national standards, the relationship between several levels of information security, the principles and associated features of database security scanning technologies, the development trends and classification of related scanning technologies, and scan engines and scan strategy algorithms. In addition, detailed analysis and design was conducted, forming a scan engine based on a plug-in technology and the hierarchical judgement rule and a database security evaluation system based on vulnerabilities scanning. Through the evaluation, it can identify the potential unsafe factors in the database systems and generate the reports, which is easy to understand, to prompt the users the security risks and vulnerabilities existing in the system, and give corresponding recommendations and methods.