| With the progress of information science and the development of the Internet,the network information resources of the Internet are increasingly rich.With the amount of information assets,the explosive growth of enterprise data scale,enterprise internal personnel are difficult to fully understand the asset information and business system of the current security situation.The companies purchase many security products,such as WAF,firewall has entered a permanent basis.However,traditional network security devices can only provide network-level protection,but cannot detect application-layer attacks,and cannot defend against variant application attacks carried out by hackers through packet splitting and flexible coding.From the perspective of the attacker,it sends the request containing the attack,and judges the vulnerability according to the returned results,which greatly enhances the security of the network environment.But the conventional leak detection engine will only for a specific target detection,unknown asset information is not proactively discovered and detection coverage is expanded.In addition,single-node deployment is often adopted.Therefore,scanning efficiency is low and security risks cannot be detected in a timely manner.In this paper,relevant technologies of vulnerability detection are studied,and a distributed asset information detection and vulnerability detection engine is designed and implemented.The main work contents are as follows:(1)Conduct in-depth research and analysis on common application vulnerab ilities and host vulnerabilities,including injection vulnerabilities,middleware vul nerabilities,CMS vulnerabilities,command execution vulnerabilities,system versi on vulnerabilities,and so on.Mainly analyzing the principle of vulnerability ge neration,vulnerability harm,vulnerability repair and vulnerability detection meth ods,etc.(2)Asset information detection technique is studied.On the one hand,the principle of research technology of web crawler,breadth-first traversal strategy was adopted to realize the target site interaction point widely extract,expand the scope of leak detection.At the same time,based on bloom filter algorithm to crawl information to heavy,to reduce the risk of repeat leak detection behavior,improve the efficiency of flaw detection.On the other hand,expand the scope of asset information detection,including directory scanning,port scanning and system fingerprint scanning of target assets,and provide the obtained asset information to the vulnerability detection module to assist the vulnerability detection of target assets and further increase the accuracy of vulnerability detection.(3)Research,design and implement distributed engine based on distributed technology,which is composed of a central node and multiple task nodes.Central node mainly responsible for the central node and front-end issued and distribution of information interaction,the task,for each task node status monitoring and data summary and presentation.The task node is responsible for the task execution,and the test results data back to the central node.Each node to cooperate with each other,step-by-step implementation,can effectively enhance the resource utilization,occupied Greatly improves the execution rate of detection tasks.(4)A distributed asset information detection and leak detection engine has been designed and implementation based on the comprehensive application of the above technology.In order to effectively test the engine vulnerabilities detection accuracy and speed,set up a test environment.At the same time,on the premise of ensuring the consistency of basic configuration resources and environment,several vulnerability scanners are selected for testing and comparison.The test results show that the engine has advantages in scanning speed and accuracy. |
PDF Full Text Request