| With the rapid development of Internet technology in recent years,the accompanying security vulnerabilities have become more and more serious.The management of security vulnerabilities has become the focus of national enterprises in dealing with security issues.As far as companies in a certain security field are concerned,there are still some shortcomings in the management of security vulnerabilities within the enterprise that need to be resolved:First,corporate employees need to query multiple vulnerability disclosure platforms through the Internet to obtain security vulnerability information,and the vulnerability information included in each public website There is a problem that the same data is included in multiple websites from manufacturers,institutions,etc.Second,for companies in the security field,there is no systematic process for reporting,reviewing,and publishing vulnerabilities that employees find vulnerability information.Third,because the vulnerability data is not under the internal control of the enterprise,subsequent operations such as analysis and statistics on the vulnerability information data cannot be performed.In summary,the enterprise security vulnerability information management has problems such as scattered and repeated data,imperfect internal reporting systems,and uncontrollable data.Therefore,the establishment of an internal security vulnerability management platform for the enterprise is essential for enterprise security and development.Based on the actual pain points and needs of an enterprise,this paper designs and implements a security vulnerability information management platform,which consists of two parts.(1)Vulnerability information crawler system is responsible for real-time crawling of authoritative and public vulnerability information sharing platform data on the market.This part is implemented based on the Scrapy framework,which includes key technologies such as dynamic data crawling,data filtering and deduplication,and crawling strategy selection.(2)The vulnerability information background management system is responsible for the management of announcement information,vulnerability information,patch information,verification and audit information,and role authority information;the vulnerability information public display platform is responsible for displaying vulnerabilities,patches,announcements and other information to internal employees.According to the idea of software engineering,this part firstly analyzes the requirements of the vulnerability information platform,secondly divides the functional modules for outline design,and then designs each module,database table structure,and back-end interface in detail.On this basis,the completion of each module Coding,and finally perform functional and non-functional testing of the system and timely repair the problems found during the test.This article has finally completed all the construction of the company's security vulnerability management platform.At present,the vulnerability management platform has been tested within the company.This platform enables companies to automatically collect public vulnerability information and integrate internal vulnerabilities found.Management,the security and control of the vulnerability data. |
PDF Full Text Request