[go: up one dir, main page]

CN106980790A - A kind of safe emergency response platform and its security breaches detection process system, method - Google Patents

A kind of safe emergency response platform and its security breaches detection process system, method Download PDF

Info

Publication number
CN106980790A
CN106980790A CN201710204883.1A CN201710204883A CN106980790A CN 106980790 A CN106980790 A CN 106980790A CN 201710204883 A CN201710204883 A CN 201710204883A CN 106980790 A CN106980790 A CN 106980790A
Authority
CN
China
Prior art keywords
security
vulnerability
information
user
security vulnerability
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710204883.1A
Other languages
Chinese (zh)
Inventor
方斌
黄梦娜
刘璐
杨洲
喻明锐
刘康
季奎华
郑会军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Vipshop Information Technology Co Ltd
Original Assignee
Guangzhou Vipshop Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Vipshop Information Technology Co Ltd filed Critical Guangzhou Vipshop Information Technology Co Ltd
Priority to CN201710204883.1A priority Critical patent/CN106980790A/en
Publication of CN106980790A publication Critical patent/CN106980790A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

本发明公开了一种安全应急响应平台及其安全漏洞检测处理系统、方法,所述平台包括:安全漏洞检测处理系统,用于提供接口获取外部所输入的安全漏洞信息,于获取所述漏洞安全信息后对所述安全漏洞信息进行分析处理,并进行安全漏洞修复;奖励模块,于所述安全漏洞检测处理系统对提交的安全漏洞信息进行分析处理后,根据分析结果对提交所述安全漏洞信息的用户进行奖励;分享互动模块,用于提供提交安全漏洞信息的用户分享相应信息的途径。本发明可提高网站安全漏洞的维护效率,降低人工成本。

The present invention discloses a security emergency response platform and its security loophole detection and processing system and method. The platform includes: a security loophole detection and processing system, which is used to provide an interface to acquire externally After the security vulnerability information is analyzed and processed, and the security vulnerability is repaired; the reward module, after the security vulnerability detection and processing system analyzes and processes the submitted security vulnerability information, according to the analysis result, submits the security vulnerability information Users who submit security vulnerability information are rewarded; the sharing interactive module is used to provide a way for users who submit security vulnerability information to share corresponding information. The invention can improve the maintenance efficiency of website safety loopholes and reduce labor costs.

Description

一种安全应急响应平台及其安全漏洞检测处理系统、方法A security emergency response platform and its security vulnerability detection and processing system and method

技术领域technical field

本发明涉及一种网络安全技术领域,特别是涉及一种安全应急响应平台及其安全漏洞检测处理系统、方法。The invention relates to the technical field of network security, in particular to a security emergency response platform and a security loophole detection and processing system and method thereof.

背景技术Background technique

随着互联网技术的发展,人们的日常生活越来越与网络息息相关,各种网络平台,例如网络购物平台,已深入人们的生活。然而,随着网络化生活成为大众日常生活的一部分,网络安全也越来越被人们重视。由于网络存在着各种各样的安全隐患,例如跨站脚本攻击、安全漏洞等等,这些时刻都在威胁着网络用户的信息安全,无时无刻不让用户提心吊胆。With the development of Internet technology, people's daily life is more and more closely related to the Internet, and various network platforms, such as online shopping platforms, have penetrated into people's lives. However, as networked life has become a part of the daily life of the public, network security has been paid more and more attention by people. Due to the existence of various security risks in the network, such as cross-site scripting attacks, security holes, etc., these are always threatening the information security of network users, and make users worry all the time.

目前,为保护网络用户的信息安全,对于各网站,例如网络购物平台,都采用一个专门的中心机构进行安全漏洞的统一维护,即人工来收集安全问题、组织专人进行漏洞问题核实和验证、进行漏洞归档等,但是,这些维护工作需要耗费大量的人力和时间,因此安全漏洞的维护效率较低、且维护所花费的人工成本较高。At present, in order to protect the information security of network users, each website, such as an online shopping platform, adopts a special central organization for unified maintenance of security vulnerabilities, that is, manually collects security issues, organizes special personnel to verify and verify vulnerability issues, conducts Vulnerability archiving, etc. However, these maintenance tasks require a lot of manpower and time, so the maintenance efficiency of security vulnerabilities is low, and the labor cost for maintenance is relatively high.

发明内容Contents of the invention

为克服上述现有技术存在的不足,本发明之目的在于提供一种安全应急响应平台及其安全漏洞检测处理系统、方法,以提高网站安全漏洞的维护效率,降低人工成本。In order to overcome the deficiencies in the prior art above, the purpose of the present invention is to provide a security emergency response platform and its security loophole detection and processing system and method, so as to improve the maintenance efficiency of website security loopholes and reduce labor costs.

为达上述及其它目的,本发明提出一种安全应急响应平台,包括:In order to achieve the above and other purposes, the present invention proposes a safety emergency response platform, including:

安全漏洞检测处理系统,用于提供接口获取外部所输入的安全漏洞信息,于获取所述漏洞安全信息后对所述安全漏洞信息进行分析处理,并进行安全漏洞修复;A security vulnerability detection and processing system, which is used to provide an interface to obtain externally input security vulnerability information, analyze and process the security vulnerability information after obtaining the security vulnerability information, and perform security vulnerability repair;

奖励模块,于所述安全漏洞检测处理系统对提交的安全漏洞信息进行分析确认后,根据分析结果对提交所述安全漏洞信息的用户进行奖励;A reward module, after the security vulnerability detection and processing system analyzes and confirms the submitted security vulnerability information, rewards the user who submitted the security vulnerability information according to the analysis result;

分享互动模块,用于提供提交安全漏洞信息的用户分享相应信息的途径。The sharing interactive module is used to provide a way for users who submit security vulnerability information to share corresponding information.

进一步地,所述平台还包括排名模块,于所述安全漏洞检测处理系统对提交的安全漏洞信息进行分析确认后,根据分析结果对提交所述安全漏洞信息的用户分配相应的贡献值,并依据贡献值对所有用户进行排名。Further, the platform also includes a ranking module, after the security vulnerability detection and processing system analyzes and confirms the submitted security vulnerability information, assigns corresponding contribution values to users who submit the security vulnerability information according to the analysis results, and according to The contribution value ranks all users.

进一步地,所述安全漏洞检测处理系统用于接收外部人员输入包括选择漏洞类型、漏洞危害程度以及填写漏洞详情描述信息的安全漏洞信息。Further, the security vulnerability detection and processing system is used to receive security vulnerability information input by external personnel, including selecting the type of vulnerability, the degree of damage of the vulnerability, and filling in the detailed description information of the vulnerability.

为达到上述目的,本发明还提供一种安全漏洞检测处理系统,包括:To achieve the above object, the present invention also provides a security vulnerability detection and processing system, including:

请求单元,用于接收用户的安全漏洞提交请求;A request unit, configured to receive a user's request for submitting a security vulnerability;

身份验证单元,于接收到用户的安全漏洞提交请求时,提供对当前用户的身份验证;The identity verification unit provides identity verification of the current user when receiving the user's security vulnerability submission request;

安全漏洞检测提交单元,于所述身份验证单元通过对用户的身份验证时,提供用户对安全漏洞信息的输入,并于用户完成安全漏洞信息的输入后,将安全漏洞提交至漏洞分析单元;The security vulnerability detection and submitting unit provides the user with input of security vulnerability information when the identity verification unit passes the authentication of the user, and submits the security vulnerability to the vulnerability analysis unit after the user completes the input of the security vulnerability information;

漏洞分析单元,对用户提交的安全漏洞信息进行分析,生成漏洞修复处理建议;Vulnerability analysis unit, which analyzes the security vulnerability information submitted by users, and generates suggestions for vulnerability repair and processing;

修复处理单元,根据所述漏洞分析单元生成的漏洞修复处理建议对安全漏洞进行修复处理。The repair processing unit repairs the security hole according to the vulnerability repair processing suggestion generated by the vulnerability analysis unit.

进一步地,所述安全漏洞检测处理系统还包括身份注册单元,用于提供新用户的身份信息注册。Further, the security breach detection and processing system further includes an identity registration unit, configured to provide identity information registration for new users.

进一步地,所述安全漏洞检测提交单元获取包括漏洞类型、漏洞危害程度以及漏洞详情描述信息的安全漏洞信息。Further, the security vulnerability detection and submitting unit acquires security vulnerability information including vulnerability type, vulnerability degree of vulnerability, and vulnerability detailed description information.

为达到上述目的,本发明还提供一种安全漏洞检测处理方法,包括如下步骤:In order to achieve the above object, the present invention also provides a security vulnerability detection processing method, comprising the following steps:

步骤一,接收用户的安全漏洞提交请求;Step 1, receiving the user's security vulnerability submission request;

步骤二,于接收到用户的安全漏洞提交请求时,提供对当前用户的身份验证;Step 2, when receiving the user's security vulnerability submission request, provide the current user's identity verification;

步骤三,于通过对用户的身份验证时,提供用户对安全漏洞信息的输入,并于用户完成安全漏洞信息的输入后,对安全漏洞进行提交;Step 3: Provide the user with input of security vulnerability information when the user is authenticated, and submit the security vulnerability after the user completes the input of the security vulnerability information;

步骤四,对用户提交的安全漏洞信息进行分析,生成漏洞修复处理建议;Step 4, analyze the security vulnerability information submitted by the user, and generate a suggestion for vulnerability repair;

步骤五,根据生成的漏洞修复处理建议对安全漏洞进行修复处理。In step five, the security vulnerability is repaired according to the generated vulnerability repair suggestion.

进一步地,于步骤四之后,还包括根据分析结果对提交所述安全漏洞信息的用户进行奖励的步骤。Further, after step 4, a step of rewarding users who submit the security vulnerability information according to the analysis results is also included.

进一步地,于步骤四之后,还包括根据分析结果对提交所述安全漏洞信息的用户分配相应的贡献值,并依据贡献值对所有用户进行排名的步骤。Further, after step 4, it also includes a step of assigning corresponding contribution values to users who submit the security vulnerability information according to the analysis results, and ranking all users according to the contribution values.

进一步地,于步骤二中,于接收到用户的安全漏洞提交请求时,当用户为新用户时,提供用户进行新用户的身份信息注册。Further, in step 2, when the user's security vulnerability submission request is received, when the user is a new user, the user is provided with the identity information registration of the new user.

与现有技术相比,本发明一种安全应急响应平台及其安全漏洞检测处理系统、方法通过提供平台搜集外部安全专家对安全漏洞的检测,对安全漏洞进行分析并进行修复处理,可提高网站安全漏洞的维护效率,降低人工成本。Compared with the prior art, the present invention provides a security emergency response platform and its security loophole detection and processing system and method by providing a platform to collect external security experts to detect security loopholes, analyze the security loopholes and perform repair processing, which can improve the security of the website. The maintenance efficiency of security holes reduces labor costs.

附图说明Description of drawings

图1为本发明安全应急响应平台的系统架构图;Fig. 1 is a system architecture diagram of the safety emergency response platform of the present invention;

图2为本发明安全漏洞检测处理系统的结构示意图;Fig. 2 is a schematic structural diagram of a security loophole detection and processing system of the present invention;

图3本发明具体实施例之安全应急响应平台的功能结构图;The functional structural diagram of the security emergency response platform of the specific embodiment of the present invention of Fig. 3;

图4为本发明安全漏洞检测处理方法的步骤流程图;Fig. 4 is a flow chart of the steps of the security vulnerability detection processing method of the present invention;

图5为本发明具体实施例之漏洞提交的步骤流程图;Fig. 5 is a flow chart of the steps of vulnerability submission in a specific embodiment of the present invention;

图6为本发明具体实施例中新用户注册的步骤流程图。Fig. 6 is a flow chart of steps for new user registration in a specific embodiment of the present invention.

具体实施方式detailed description

以下通过特定的具体实例并结合附图说明本发明的实施方式,本领域技术人员可由本说明书所揭示的内容轻易地了解本发明的其它优点与功效。本发明亦可通过其它不同的具体实例加以施行或应用,本说明书中的各项细节亦可基于不同观点与应用,在不背离本发明的精神下进行各种修饰与变更。The implementation of the present invention is described below through specific examples and in conjunction with the accompanying drawings, and those skilled in the art can easily understand other advantages and effects of the present invention from the content disclosed in this specification. The present invention can also be implemented or applied through other different specific examples, and various modifications and changes can be made to the details in this specification based on different viewpoints and applications without departing from the spirit of the present invention.

图1为本发明一种安全应急响应平台的系统架构图。如图1所示,本发明一种安全应急响应平台,包括:安全漏洞检测处理系统10、奖励模块11、排名模块12以及分享互动模块13。FIG. 1 is a system architecture diagram of a safety emergency response platform of the present invention. As shown in FIG. 1 , a security emergency response platform of the present invention includes: a security vulnerability detection and processing system 10 , a reward module 11 , a ranking module 12 and a sharing and interaction module 13 .

其中,安全漏洞检测处理系统10,用于提供接口获取外部所输入的安全漏洞信息,也就是说,安全漏洞检测处理系统10会提供相应的接口,例如通过于网页上提供对外部人员漏洞提交的接口,所述接口提供外部人员输入包括选择漏洞类型、漏洞危害程度以及填写漏洞详情描述信息的安全漏洞信息,获取所述漏洞安全信息后对所述安全漏洞信息进行分析处理,并进行修复工作。在本发明具体实施例中,外部人员指的是外部富有正义感,有能力的安全专家或白帽子。Among them, the security vulnerability detection and processing system 10 is used to provide an interface to obtain security vulnerability information input from the outside. The interface provides external personnel to input security vulnerability information including selecting the type of vulnerability, the degree of vulnerability, and filling in the detailed description information of the vulnerability. After obtaining the security information of the vulnerability, the information of the security vulnerability is analyzed and processed, and repair work is performed. In the specific embodiment of the present invention, the external personnel refer to external security experts or white hats who have a sense of justice and are capable.

奖励模块11,于安全漏洞检测处理系统10对提交的安全漏洞信息进行分析确认后,根据分析结果对提交所述安全漏洞信息的用户进行奖励,在本发明具体实施例中,奖励可以是直接给予现金奖励,也可以是奖励相应积分,并提供积分兑换途径,例如通过礼品商场,用户可以根据积分兑换相应的礼品。The reward module 11, after the security vulnerability detection and processing system 10 analyzes and confirms the submitted security vulnerability information, rewards the user who submitted the security vulnerability information according to the analysis result. In a specific embodiment of the present invention, the reward can be directly given Cash rewards can also reward corresponding points, and provide points exchange channels, for example, through gift shopping malls, users can exchange corresponding gifts according to points.

排名模块12,于安全漏洞检测处理系统10对提交的安全漏洞信息进行分析确认后,根据分析结果对提交所述安全漏洞信息的用户分配相应的贡献值,并依据贡献值对所有用户进行排名,以体现提交安全漏洞信息用户的个人荣誉,激励更多外部人员参与到安全漏洞的检测中。Ranking module 12, after the security vulnerability detection and processing system 10 analyzes and confirms the submitted security vulnerability information, assigns corresponding contribution values to users who submit the security vulnerability information according to the analysis results, and ranks all users according to the contribution values, To reflect the personal honor of users who submit security vulnerability information, and encourage more external personnel to participate in the detection of security vulnerabilities.

分享互动模块13,用于提供提交安全漏洞信息的用户分享相应信息的途径。在本发明具体实施例中,分享互动模块13可以通过博客频道供用户专门分享安全类文章,并提供交流平台,以形成良好的安全技术分享氛围。The sharing interaction module 13 is used to provide a way for users who submit security vulnerability information to share corresponding information. In a specific embodiment of the present invention, the sharing interaction module 13 can provide users with special sharing of security articles through a blog channel, and provide a communication platform to form a good security technology sharing atmosphere.

图2为本发明之安全漏洞检测处理系统10的结构示意图。如图2所示,本发明之安全漏洞检测处理系统10,包括:请求单元101、身份验证单元102、安全漏洞检测提交单元103、漏洞分析单元104以及修复处理单元105。FIG. 2 is a schematic structural diagram of a security breach detection and processing system 10 of the present invention. As shown in FIG. 2 , the security vulnerability detection and processing system 10 of the present invention includes: a request unit 101 , an identity verification unit 102 , a security vulnerability detection submission unit 103 , a vulnerability analysis unit 104 and a repair processing unit 105 .

其中,请求单元101,用于接收用户的安全漏洞提交请求,在本发明具体实施例中,当用户点击网页上的漏洞提交入口时,则接收到用户的安全漏洞提交请求。Wherein, the requesting unit 101 is configured to receive a user's security vulnerability submission request. In a specific embodiment of the present invention, when the user clicks a vulnerability submission entry on a web page, the user's security vulnerability submission request is received.

身份验证单元102,于接收到用户的安全漏洞提交请求时,提供对当前用户的身份验证。在本发明具体实施例中,身份验证单元102通过提供用户输入用户名及相应的密码实现对用户的身份验证。较佳地,本发明还包括身份注册单元,用于提供新用户的身份信息注册,也就是说,当用户为新用户时,可通过身份注册单元进行新用户的身份信息注册。The identity verification unit 102 provides identity verification for the current user when receiving the user's security vulnerability submission request. In a specific embodiment of the present invention, the identity verification unit 102 realizes the identity verification of the user by providing the user name and the corresponding password input by the user. Preferably, the present invention further includes an identity registration unit for providing identity information registration of a new user, that is, when the user is a new user, the identity information registration of the new user can be performed through the identity registration unit.

安全漏洞检测提交单元103,于身份验证单元102通过对用户的身份验证时,提供用户对安全漏洞信息的输入,并于用户完成安全漏洞信息的输入后,将安全漏洞提交至漏洞分析单元104。在本发明具体实施例中,安全漏洞检测提交单元103于网页界面上提供用户选择漏洞类型、漏洞危害程度以及填写漏洞详情描述信息,当用户完成相关的安全漏洞信息输入后,通过点击相应的按钮则可将所输入的安全漏洞信息进行提交。The security vulnerability detection and submitting unit 103 provides the user with input of security vulnerability information when the identity verification unit 102 passes the authentication of the user, and submits the security vulnerability to the vulnerability analysis unit 104 after the user finishes inputting the security vulnerability information. In a specific embodiment of the present invention, the security vulnerability detection and submission unit 103 provides the user with information on the web interface to select the type of vulnerability, the degree of vulnerability and fill in the details of the vulnerability. After the user completes the input of the relevant security vulnerability information, click the corresponding button Then the input security vulnerability information may be submitted.

漏洞分析单元104,对用户提交的安全漏洞信息进行分析,生成漏洞修复处理建议。The vulnerability analysis unit 104 analyzes the security vulnerability information submitted by the user, and generates a suggestion for repairing the vulnerability.

具体实现方式可以是根据接收到的漏洞信息构造漏洞的特征字符,其中,所述特征字符根据所述漏洞的类型生成;基于所述特征字符,获取所述漏洞的响应信息并根据所述响应信息检测所述漏洞的有效性。The specific implementation method may be to construct the characteristic character of the vulnerability according to the received vulnerability information, wherein the characteristic character is generated according to the type of the vulnerability; based on the characteristic character, obtain the response information of the vulnerability and according to the response information Check the validity of the vulnerability.

修复处理单元105,根据所述漏洞分析单元生成的漏洞修复处理建议对安全漏洞进行修复处理。The repair processing unit 105 performs repair processing on the security hole according to the vulnerability repair processing suggestion generated by the vulnerability analysis unit.

具体实现方式可以是加载所述漏洞的更新文件;对所述更新文件进行解析,以获取所述更新文件中的修补信息;将网页中与所述修补信息对应的功能模块进行修复,以修复所述漏洞。The specific implementation method can be loading the update file of the vulnerability; parsing the update file to obtain the patch information in the update file; repairing the functional modules corresponding to the patch information in the webpage to repair all stated loopholes.

较佳地,所述漏洞分析单元104用于在所述漏洞为信息泄露类漏洞时,根据存在漏洞的网站的网址以及所述漏洞对应的漏洞测试串,构造所述漏洞的特征字符;其中,所述漏洞测试串为用于检测漏洞是否存在的字符串。Preferably, the vulnerability analysis unit 104 is configured to construct the characteristic character of the vulnerability according to the URL of the website with the vulnerability and the vulnerability test string corresponding to the vulnerability when the vulnerability is an information leakage type vulnerability; wherein, The vulnerability test string is a character string used to detect whether a vulnerability exists.

较佳地,所述漏洞分析单元104用于在所述漏洞为SQL注入漏洞时,将所述漏洞的网址作为所述漏洞的特征字符。Preferably, the vulnerability analysis unit 104 is configured to use the URL of the vulnerability as the characteristic character of the vulnerability when the vulnerability is a SQL injection vulnerability.

较佳地,所述漏洞分析单元104中,所述响应信息用于描述所述待修复漏洞中是否存在系统调用的信息以及用于描述所述待修复漏洞中是否存在物理内存设备的信息。Preferably, in the vulnerability analysis unit 104, the response information is used to describe whether there is a system call in the vulnerability to be fixed and information to describe whether there is a physical memory device in the vulnerability to be fixed.

图3本发明具体实施例之安全应急响应平台的功能结构图。以下将通过一具体实施例来说明本发明之安全应急响应平台。在本发明具体实施例中,平台使用采用高可用的基础设计,实现LVS+HAPROXY的网络架构,确保机器平稳运行,在其中一台机器发生故障的情况下,主备机器可以自动切换,最大化的保证平台7*24小时运行,所述安全应急响应中心平台的核心功能主要分为以下8个部分:Fig. 3 is a functional structural diagram of a safety emergency response platform according to a specific embodiment of the present invention. The security emergency response platform of the present invention will be described below through a specific embodiment. In the specific embodiment of the present invention, the platform uses a high-availability basic design to realize the network architecture of LVS+HAPROXY to ensure the smooth operation of the machine. In the case of a machine failure, the active and standby machines can be automatically switched to maximize The guarantee platform operates 7*24 hours. The core functions of the security emergency response center platform are mainly divided into the following 8 parts:

(1)首页:(1) Homepage:

平台首页直观的展示了安全应急响应平台开放合作交流的态度。首页作为平台的入口,不仅直观的展示了平台的核心漏洞接收功能还综合展示了平台几大核心功能,直观明了。在首页上,会直接显示月度前三名白帽子(安全漏洞提交人员)的排名,同时滚动显示公告信息,以及最底下的漏洞接收方式。The homepage of the platform intuitively shows the attitude of the security emergency response platform for open cooperation and communication. As the entrance of the platform, the homepage not only intuitively displays the core vulnerability receiving function of the platform, but also comprehensively displays several core functions of the platform, which is intuitive and clear. On the home page, the monthly rankings of the top three white hats (security vulnerability submitters) will be displayed directly, and the bulletin information will be scrolled at the same time, as well as the vulnerability receiving method at the bottom.

(2)公告栏:(2) Bulletin Board:

直观展示平台最新动态,第一时间告知平台的最新动态,保持良好的互动与宣传。公告栏目的主要内容有新规定明细变更通知,奖金发放通知,日常活动通知。Visually display the latest developments of the platform, inform the latest developments of the platform at the first time, and maintain good interaction and publicity. The main content of the bulletin column is the notification of new regulations and detailed changes, the notification of bonus distribution, and the notification of daily activities.

(3)漏洞提交:(3) Vulnerability submission:

除了常规的漏洞接收之外,还在页面上直观展示相关漏洞的评分标准,不仅一目了然告知用户相应漏洞的奖励等级,有效提高用户提交漏洞的积极性,而且可以在一定程度上起到直观的漏洞评分标准宣传工作,使得白帽子在提交漏洞的时候更有针对性,增进平台与白帽子之间的黏性。漏洞提交功能可让白帽子自行选择漏洞类型、漏洞危害程度以及填写漏洞详情描述信息,点击提交之后白帽子的提供的漏洞信息就会提交到所述安全应急响应平台的后台,后台审核人员就会看到漏洞明细,处理人员会开始进行危害分析确认并进行修复工作。待漏洞修复完成后,所述安全应急响应平台会根据《唯品会安全漏洞处理分析流程规范》及漏洞危害程度给与一定现金的奖励。若发现严重高危漏洞者,则会给与额外的丰厚现金奖励。本发明通过这些白帽子安全研究员提供来的漏洞信息,不仅有效抑制了网站漏洞被暴露在第三方平台的可能性,而且从中暴露出来的问题,可以有效帮助网站安全工程师定位企业自身问题,从而更好的抑制下一次类似问题的出现。进而保护网站会员的信息安全。In addition to the regular vulnerability receiving, the scoring standard of related vulnerabilities is also visually displayed on the page, which not only informs users of the reward level of corresponding vulnerabilities at a glance, effectively improves users' enthusiasm for submitting vulnerabilities, but also provides an intuitive vulnerability score to a certain extent The standard publicity work makes the white hats more targeted when submitting vulnerabilities, and increases the stickiness between the platform and the white hats. The vulnerability submission function allows white hats to choose the type of vulnerability, the degree of vulnerability and fill in the detailed description information of the vulnerability. After clicking submit, the vulnerability information provided by the white hat will be submitted to the background of the security emergency response platform, and the background auditors will After seeing the vulnerability details, the processing personnel will start to conduct hazard analysis confirmation and repair work. After the vulnerability repair is completed, the security emergency response platform will give a certain cash reward according to the "Vipshop Security Vulnerability Handling Analysis Process Specification" and the degree of vulnerability damage. If a serious high-risk vulnerability is found, an additional generous cash reward will be given. Through the vulnerability information provided by these white hat security researchers, the present invention not only effectively suppresses the possibility of website vulnerabilities being exposed on third-party platforms, but also can effectively help website security engineers locate their own problems in order to better Good to suppress the next occurrence of a similar problem. In order to protect the information security of website members.

(4)礼品商城:(4) Gift Mall:

作为互动频率最高的页面,用户不仅可以直接通过该网站进行现金等礼品的兑换,而且还新增了一个心愿单功能,倾听广大用户的心愿,增加用户与网站的积极性和互动性。提高网站自身吸引力,进而可以吸引更多的白帽子来帮助网站的安全漏洞。兑换礼物需要安全币,用户通过提交安全漏洞,待审核通过之后平台会赠予相应数额的安全币,这些安全币就可以用来兑换礼物或现金。As the page with the highest interaction frequency, users can not only exchange cash and other gifts directly through the website, but also add a wish list function to listen to the wishes of users and increase the enthusiasm and interaction between users and the website. Improve the attractiveness of the website itself, which in turn can attract more white hats to help the website's security vulnerabilities. Security coins are required to exchange gifts. Users submit security vulnerabilities, and the platform will give a corresponding amount of security coins after the review is passed. These security coins can be used to exchange gifts or cash.

(5)名人榜:(5) Celebrity list:

用户在提交安全漏洞后,平台会根据《唯品会安全漏洞处理规范》给与相应的贡献值数值。网站除了日常的物质奖励之外,名人榜则是体现个人荣誉的无形奖励。通常情况下,用户在提交漏洞,工作人员确认漏洞危害后会给予相应的贡献值和安全币分数,贡献值的多少将直接影响排行榜上的排名,而安全币则可以用于礼物兑换。名人榜上排名前几的用户还可以获得丰厚的额外的物质奖励。通常情况下,名人榜给予用户的是一个荣誉奖励,对应的贡献值也有对应的荣誉称号,无形中也激励着用户争取更多贡献值的动力。After the user submits a security vulnerability, the platform will give the corresponding contribution value according to the "Vipshop Security Vulnerability Handling Specification". In addition to the daily material rewards on the website, the celebrity list is an intangible reward that reflects personal honor. Usually, when a user submits a vulnerability, the staff will give a corresponding contribution value and security coin points after confirming that the vulnerability is harmful. The contribution value will directly affect the ranking on the leaderboard, and the security coin can be used for gift exchange. The top few users on the celebrity list can also get generous additional material rewards. Usually, the celebrity list gives users an honorary reward, and the corresponding contribution value also has a corresponding honorary title, which invisibly motivates users to strive for more contribution values.

(6)博客:(6) Blog:

本发明之安全应急响应平台通过博客频道专门分享安全类文章,不仅有效展现企业安全能力的储备,更是在同行内形成了良好的互动氛围。同时,平台还开发外部投稿专栏,积极吸收外部精彩文章,并且也会有响应的奖励报酬回馈。形成良好的安全技术分享氛围。The security emergency response platform of the present invention specially shares security articles through the blog channel, which not only effectively demonstrates the reserve of the security capability of the enterprise, but also forms a good interactive atmosphere among peers. At the same time, the platform also develops an external contribution column to actively absorb external wonderful articles, and there will also be corresponding rewards and rewards. Form a good security technology sharing atmosphere.

(7)业务范围:(7) Business scope:

该安全应急响应平台通过业务范围模块向外界传达平台的核心业务及核心关注点。The security emergency response platform conveys the core business and core concerns of the platform to the outside world through the business scope module.

(8)关于我们(8) About us

本发明之安全应急响应平台通过“关于我们”页面主要展示合作伙伴与招聘信息,体现平台与业界同行保持着良好的互动与合作精神。The security emergency response platform of the present invention mainly displays partner and recruitment information through the "About Us" page, which reflects that the platform maintains a good spirit of interaction and cooperation with industry peers.

图4为本发明一种安全漏洞检测处理方法的步骤流程图。如图4所示,本发明一种安全漏洞检测处理方法,包括如下步骤:FIG. 4 is a flow chart of the steps of a method for detecting and processing a security breach according to the present invention. As shown in Figure 4, a kind of security loophole detection processing method of the present invention comprises the following steps:

步骤401,接收用户的安全漏洞提交请求,在本发明具体实施例中,当用户点击网页上的漏洞提交入口时,则接收到用户的安全漏洞提交请求;Step 401, receiving the user's security vulnerability submission request, in a specific embodiment of the present invention, when the user clicks the vulnerability submission entry on the web page, the user's security vulnerability submission request is received;

步骤402,于接收到用户的安全漏洞提交请求时,提供对当前用户的身份验证,在本发明具体实施例中,通过提供用户输入用户名及相应的密码实现对用户的身份验证;Step 402, when receiving the user's security vulnerability submission request, provide the current user's identity verification, in a specific embodiment of the present invention, realize the user's identity verification by providing the user's input username and corresponding password;

步骤403,于通过对用户的身份验证时,提供用户对安全漏洞信息的输入,并于用户完成安全漏洞信息的输入后,对安全漏洞进行提交。在本发明具体实施例中,当通过对用户的身份验证后,于网页界面上提供用户选择漏洞类型、漏洞危害程度以及填写漏洞详情描述信息,当用户完成相关的安全漏洞信息输入后,通过点击相应的按钮则可将所输入的安全漏洞信息进行提交。Step 403 , when the identity verification of the user is passed, the user is provided with the input of the security vulnerability information, and after the user completes the input of the security vulnerability information, the security vulnerability is submitted. In a specific embodiment of the present invention, after the identity verification of the user is passed, the user can select the type of vulnerability, the degree of vulnerability and the description information of filling in the details of the vulnerability on the web interface. After the user completes the input of relevant security vulnerability information, click The corresponding button can submit the input security vulnerability information.

步骤404,对用户提交的安全漏洞信息进行分析,生成漏洞修复处理建议。Step 404 , analyzing the security vulnerability information submitted by the user, and generating a suggestion for repairing the vulnerability.

具体实现方式可以是根据接收到的漏洞信息构造漏洞的特征字符,其中,所述特征字符根据所述漏洞的类型生成;基于所述特征字符,获取所述漏洞的响应信息并根据所述响应信息检测所述漏洞的有效性。The specific implementation method may be to construct the characteristic character of the vulnerability according to the received vulnerability information, wherein the characteristic character is generated according to the type of the vulnerability; based on the characteristic character, obtain the response information of the vulnerability and according to the response information Check the validity of the vulnerability.

步骤405,根据生成的漏洞修复处理建议对安全漏洞进行修复处理。Step 405, repairing the security hole according to the generated suggestion for repairing the vulnerability.

具体实现方式可以是加载所述漏洞的更新文件;对所述更新文件进行解析,以获取所述更新文件中的修补信息;将网页中与所述修补信息对应的功能模块进行修复,以修复所述漏洞。The specific implementation method can be loading the update file of the vulnerability; parsing the update file to obtain the patch information in the update file; repairing the functional modules corresponding to the patch information in the webpage to repair all stated loopholes.

较佳地,于步骤402中,于接收到用户的安全漏洞提交请求时,当用户为新用户时,提供用户进行新用户的身份信息注册。Preferably, in step 402, when the user's security vulnerability submission request is received, when the user is a new user, the user is provided with the identity information registration of the new user.

较佳地,于步骤404中,在所述漏洞为信息泄露类漏洞时,根据存在漏洞的网站的网址以及所述漏洞对应的漏洞测试串,构造所述漏洞的特征字符;其中,所述漏洞测试串为用于检测漏洞是否存在的字符串。Preferably, in step 404, when the vulnerability is an information leakage type vulnerability, construct the characteristic character of the vulnerability according to the URL of the website with the vulnerability and the vulnerability test string corresponding to the vulnerability; wherein, the vulnerability The test string is a string used to detect whether a vulnerability exists.

较佳地,于步骤404中,在所述漏洞为SQL注入漏洞时,将所述漏洞的网址作为所述漏洞的特征字符。Preferably, in step 404, when the vulnerability is a SQL injection vulnerability, the URL of the vulnerability is used as the characteristic character of the vulnerability.

较佳地,于步骤404中,所述响应信息用于描述所述待修复漏洞中是否存在系统调用的信息以及用于描述所述待修复漏洞中是否存在物理内存设备的信息。Preferably, in step 404, the response information is used to describe whether there is a system call in the vulnerability to be fixed and information to describe whether there is a physical memory device in the vulnerability to be fixed.

较佳地,于步骤405后,还包括根据分析结果对提交所述安全漏洞信息的用户进行奖励的步骤。Preferably, after step 405, a step of rewarding users who submit the security vulnerability information is further included according to the analysis results.

较佳地,于步骤405之后,还包括根据分析结果对提交所述安全漏洞信息的用户分配相应的贡献值,并依据贡献值对所有用户进行排名的步骤。Preferably, after step 405, a step of assigning corresponding contribution values to users who submitted the security vulnerability information according to the analysis results, and ranking all users according to the contribution values.

图5为本发明具体实施例之漏洞提交的步骤流程图。如图5所示,当用户进入报告漏洞页面,接收用户的请求,提供用户输入身份验证信息;判断用户是否登录;若用户未登录,则进行登录提醒,提示用户输入登录帐号及密码;若用户忘记密码,可提供密码找回方式,例如发送邮件找回密码,若为新用户,则提供新用户信息注册;于用户身份验证通过时,提供用户进行安全漏洞的编辑与提交。Fig. 5 is a flow chart of the steps of vulnerability submission according to the specific embodiment of the present invention. As shown in Figure 5, when the user enters the report vulnerability page, the user's request is received, and the user is provided with input authentication information; it is judged whether the user is logged in; If you forget your password, you can provide a way to retrieve the password, such as sending an email to retrieve the password. If you are a new user, provide new user information to register; when the user identity verification is passed, the user is provided to edit and submit security vulnerabilities.

图6则为本发明具体实施例中新用户注册的步骤流程图。如图6所示,于新用户注册时,判断用户输入信息是否正确合法,若是,则发送账号激活邮件,并于激活链接有效时对帐号进行激活,完成新用户注册。Fig. 6 is a flow chart of steps for new user registration in a specific embodiment of the present invention. As shown in Figure 6, when a new user registers, it is judged whether the information entered by the user is correct and legal, and if so, an account activation email is sent, and the account is activated when the activation link is valid to complete the new user registration.

综上所述,本发明一种安全应急响应平台及其安全漏洞检测处理系统、方法通过提供平台搜集外部安全专家对安全漏洞的检测,对安全漏洞进行分析并进行修复处理,可提高网站安全漏洞的维护效率,降低人工成本。In summary, the present invention provides a security emergency response platform and its security vulnerability detection and processing system and method by providing a platform to collect external security experts to detect security vulnerabilities, analyze and repair the security vulnerabilities, and improve the security vulnerability of the website. High maintenance efficiency and reduced labor costs.

任何本领域技术人员均可在不违背本发明的精神及范畴下,对上述实施例进行修饰与改变。因此,本发明的权利保护范围,应如权利要求书所列。Any person skilled in the art can modify and change the above-mentioned embodiments without departing from the spirit and scope of the present invention. Therefore, the protection scope of the present invention should be listed in the claims.

Claims (10)

1.一种安全应急响应平台,包括:1. A security emergency response platform, comprising: 安全漏洞检测处理系统,用于提供接口获取外部所输入的安全漏洞信息,于获取所述安全漏洞信息后对所述安全漏洞信息进行分析处理,并进行安全漏洞修复;A security vulnerability detection and processing system, which is used to provide an interface to obtain externally input security vulnerability information, analyze and process the security vulnerability information after obtaining the security vulnerability information, and perform security vulnerability repair; 奖励模块,于所述安全漏洞检测处理系统对提交的安全漏洞信息进行分析确认后,根据分析结果对提交所述安全漏洞信息的用户进行奖励;A reward module, after the security vulnerability detection and processing system analyzes and confirms the submitted security vulnerability information, rewards the user who submitted the security vulnerability information according to the analysis result; 分享互动模块,用于提供提交安全漏洞信息的用户分享相应信息的途径。The sharing interactive module is used to provide a way for users who submit security vulnerability information to share corresponding information. 2.如权利要求1所述的一种安全应急响应平台,其特征在于:所述平台还包括排名模块,于所述安全漏洞检测处理系统对提交的安全漏洞信息进行分析确认后,根据分析结果对提交所述安全漏洞信息的用户分配相应的贡献值,并依据贡献值对所有用户进行排名。2. A kind of security emergency response platform as claimed in claim 1, it is characterized in that: described platform also comprises ranking module, after described security loophole detection processing system analyzes and confirms the security loophole information submitted, according to analysis result Assign corresponding contribution values to users who submit the security vulnerability information, and rank all users according to the contribution values. 3.如权利要求1所述的一种安全应急响应平台,其特征在于:所述安全漏洞检测处理系统用于接收外部人员输入包括选择漏洞类型、漏洞危害程度以及填写漏洞详情描述信息的安全漏洞信息。3. A security emergency response platform as claimed in claim 1, characterized in that: the security vulnerability detection and processing system is used to receive input from external personnel, including selecting the type of vulnerability, the degree of hazard of the vulnerability, and filling in the security vulnerability of the detailed description information of the vulnerability information. 4.一种安全漏洞检测处理系统,包括:4. A security vulnerability detection and processing system, comprising: 请求单元,用于接收用户的安全漏洞提交请求;A request unit, configured to receive a user's request for submitting a security vulnerability; 身份验证单元,于接收到用户的安全漏洞提交请求时,提供对当前用户的身份验证;The identity verification unit provides identity verification of the current user when receiving the user's security vulnerability submission request; 安全漏洞检测提交单元,于所述身份验证单元通过对用户的身份验证时,提供用户对安全漏洞信息的输入,并于用户完成安全漏洞信息的输入后,将安全漏洞提交至漏洞分析单元;The security vulnerability detection and submitting unit provides the user with input of security vulnerability information when the identity verification unit passes the authentication of the user, and submits the security vulnerability to the vulnerability analysis unit after the user completes the input of the security vulnerability information; 漏洞分析单元,对用户提交的安全漏洞信息进行分析,生成漏洞修复处理建议;Vulnerability analysis unit, which analyzes the security vulnerability information submitted by users, and generates suggestions for vulnerability repair and processing; 修复处理单元,根据所述漏洞分析单元生成的漏洞修复处理建议对安全漏洞进行修复处理。The repair processing unit repairs the security hole according to the vulnerability repair processing suggestion generated by the vulnerability analysis unit. 5.如权利要求4所述的一种安全漏洞检测处理系统,其特征在于:所述安全漏洞检测处理系统还包括身份注册单元,用于提供新用户的身份信息注册。5. A security breach detection and processing system according to claim 4, characterized in that: said security breach detection and processing system further comprises an identity registration unit for providing identity information registration of new users. 6.如权利要求4所述的一种安全漏洞检测处理系统,其特征在于:所述安全漏洞检测提交单元获取包括漏洞类型、漏洞危害程度以及漏洞详情描述信息的安全漏洞信息。6 . The security vulnerability detection and processing system according to claim 4 , wherein the security vulnerability detection and submitting unit acquires security vulnerability information including vulnerability type, vulnerability degree of vulnerability and vulnerability detailed description information. 7 . 7.一种安全漏洞检测处理方法,包括如下步骤:7. A method for detecting and processing security vulnerabilities, comprising the steps of: 步骤一,接收用户的安全漏洞提交请求;Step 1, receiving the user's security vulnerability submission request; 步骤二,于接收到用户的安全漏洞提交请求时,提供对当前用户的身份验证;Step 2, when receiving the user's security vulnerability submission request, provide the current user's identity verification; 步骤三,于通过对用户的身份验证时,提供用户对安全漏洞信息的输入,并于用户完成安全漏洞信息的输入后,对安全漏洞进行提交;Step 3: Provide the user with input of security vulnerability information when the user is authenticated, and submit the security vulnerability after the user completes the input of the security vulnerability information; 步骤四,对用户提交的安全漏洞信息进行分析,生成漏洞修复处理建议;Step 4, analyze the security vulnerability information submitted by the user, and generate a suggestion for vulnerability repair; 步骤五,根据生成的漏洞修复处理建议对安全漏洞进行修复处理。In step five, the security vulnerability is repaired according to the generated vulnerability repair suggestion. 8.如权利要求7所述的一种安全漏洞检测处理方法,其特征在于:于步骤四之后,还包括根据分析结果对提交所述安全漏洞信息的用户进行奖励的步骤。8. A security vulnerability detection and processing method according to claim 7, characterized in that: after step 4, further comprising a step of rewarding users who submit the security vulnerability information according to the analysis results. 9.如权利要求7所述的一种安全漏洞检测处理方法,其特征在于:于步骤四之后,还包括根据分析结果对提交所述安全漏洞信息的用户分配相应的贡献值,并依据贡献值对所有用户进行排名的步骤。9. A method for detecting and processing security vulnerabilities as claimed in claim 7, characterized in that: after step 4, it also includes assigning corresponding contribution values to users who submit the security vulnerability information according to the analysis results, and according to the contribution values Steps to rank all users. 10.如权利要求7所述的一种安全漏洞检测处理方法,其特征在于:于步骤二中,于接收到用户的安全漏洞提交请求时,当用户为新用户时,提供用户进行新用户的身份信息注册。10. A method for detecting and processing security vulnerabilities as claimed in claim 7, characterized in that: in step 2, when receiving the user's security vulnerability submission request, when the user is a new user, provide the user with a new user Identity information registration.
CN201710204883.1A 2017-03-31 2017-03-31 A kind of safe emergency response platform and its security breaches detection process system, method Pending CN106980790A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710204883.1A CN106980790A (en) 2017-03-31 2017-03-31 A kind of safe emergency response platform and its security breaches detection process system, method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710204883.1A CN106980790A (en) 2017-03-31 2017-03-31 A kind of safe emergency response platform and its security breaches detection process system, method

Publications (1)

Publication Number Publication Date
CN106980790A true CN106980790A (en) 2017-07-25

Family

ID=59338310

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710204883.1A Pending CN106980790A (en) 2017-03-31 2017-03-31 A kind of safe emergency response platform and its security breaches detection process system, method

Country Status (1)

Country Link
CN (1) CN106980790A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108932638A (en) * 2018-07-16 2018-12-04 赛飞特工程技术集团有限公司 System and method for promoting enterprise communication and sharing potential safety hazard data
CN110348210A (en) * 2018-04-08 2019-10-18 腾讯科技(深圳)有限公司 Safety protecting method and device
CN110958243A (en) * 2019-11-28 2020-04-03 米哈游科技(上海)有限公司 Network vulnerability submitting method and device, storage medium and electronic equipment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102130949A (en) * 2011-03-10 2011-07-20 肖智刚 User contribution-based method and system for sharing personalized digital resources
CN103177213A (en) * 2011-12-20 2013-06-26 腾讯科技(深圳)有限公司 Software bug fix method and software bug fix system
CN104346571A (en) * 2013-07-23 2015-02-11 深圳市腾讯计算机系统有限公司 Security vulnerability management method and system and device
CN105227387A (en) * 2014-06-16 2016-01-06 腾讯科技(深圳)有限公司 The detection method of webpage leak, Apparatus and system
US20160337392A1 (en) * 2014-06-11 2016-11-17 Tencent Technology (Shenzhen) Company Limited Web page vulnerability detection method and apparatus
CN106372514A (en) * 2016-08-30 2017-02-01 东软集团股份有限公司 Security hole maintenance method and security hole maintenance system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102130949A (en) * 2011-03-10 2011-07-20 肖智刚 User contribution-based method and system for sharing personalized digital resources
CN103177213A (en) * 2011-12-20 2013-06-26 腾讯科技(深圳)有限公司 Software bug fix method and software bug fix system
CN104346571A (en) * 2013-07-23 2015-02-11 深圳市腾讯计算机系统有限公司 Security vulnerability management method and system and device
US20160337392A1 (en) * 2014-06-11 2016-11-17 Tencent Technology (Shenzhen) Company Limited Web page vulnerability detection method and apparatus
CN105227387A (en) * 2014-06-16 2016-01-06 腾讯科技(深圳)有限公司 The detection method of webpage leak, Apparatus and system
CN106372514A (en) * 2016-08-30 2017-02-01 东软集团股份有限公司 Security hole maintenance method and security hole maintenance system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110348210A (en) * 2018-04-08 2019-10-18 腾讯科技(深圳)有限公司 Safety protecting method and device
CN108932638A (en) * 2018-07-16 2018-12-04 赛飞特工程技术集团有限公司 System and method for promoting enterprise communication and sharing potential safety hazard data
CN110958243A (en) * 2019-11-28 2020-04-03 米哈游科技(上海)有限公司 Network vulnerability submitting method and device, storage medium and electronic equipment

Similar Documents

Publication Publication Date Title
US10121009B2 (en) Computer system for discovery of vulnerabilities in applications including guided tester paths based on application coverage measures
US10643149B2 (en) Whitelist construction
US9270696B2 (en) Systems and method for identifying and mitigating information security risks
US9398029B2 (en) Cybersecurity training system with automated application of branded content
US8499053B2 (en) Segmenting access to electronic message boards
US8321791B2 (en) Indicating website reputations during website manipulation of user information
US10740411B2 (en) Determining repeat website users via browser uniqueness tracking
Silberman et al. Sellers' problems in human computation markets
CN110413908A (en) The method and apparatus classified based on web site contents to uniform resource locator
US20220030002A1 (en) System and method for secure access control
US9769159B2 (en) Cookie optimization
JP2014532219A (en) Generate processed web address information
US20240291847A1 (en) Security risk remediation tool
CN111770086B (en) Fishing user simulation collection method, device, system and computer readable storage medium
US20140188677A1 (en) Know your customer exchange system and method
CN106980790A (en) A kind of safe emergency response platform and its security breaches detection process system, method
US10652276B1 (en) System and method for distinguishing authentic and malicious electronic messages
CN102236689A (en) Method and system for quickly registering, browsing and managing websites
US11201888B2 (en) Methods and systems for discovering network security gaps
CN103581321B (en) A kind of creation method of refer chains, device and safety detection method and client
WO2024215625A1 (en) Methods and systems for user data management
US20150199323A1 (en) Method and system for posting comments on web pages
Ramadas et al. Client management system with two factor authentication and anti input injection for Asian Life Travels Sdn Bhd
Harris Invoice System
Coffie MonitR: A mobile application for monitoring online accounts’ security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170725

RJ01 Rejection of invention patent application after publication