多扫描器网站安全监测平台设计与实现  

作　　者：李娟[1] 偰赓[1] 施蕾[1] 崔甲[1] 

机构地区：[1]中国信息安全测评中心,北京100085

出　　处：《集成电路应用》2017年第11期66-70,共5页Application of IC

基　　金：国家自然科学基金(U153610076)

摘　　要：互联网的应用已经极为普遍,政府和企业的办公越来越多的依靠网络,并且这种依靠变的越来越紧密。由于WEB应用系统的易用性,使政府和企业在电子办公上更倾向于使用WEB应用系统,它所承载的政府企业形象、网上购物、银行交易、虚拟社区、虚拟货币等服务已经无所不在。互联网网站也已成为各种社会组织普遍采用的对外宣传、对内办公工具。在网站为组织带来利益和便利的同时,伴随而来的是很多单位因网站安全防护不足导致遭受攻击,甚至造成巨额经济损失和不良社会影响。可以说,互联网网站安全问题不仅关系到企业形象,还会直接或间接对业务连续性造成影响。目前安全市场中有众多的漏洞检测工具,不同的产品在针对统一网站进行扫描时产生的结果不尽相同。这是一个设计,可对多种扫描结果进行风险归一、漏洞归一、等级归一,确保服务输出结果的完整性与一致性的多扫描器网站安全监测平台。The use of the Internet has become so widespread that government and enterprise are increasingly relying on the Internet, and this dependence is becoming more and more intense. Due to the usability of the WEB application system, the government and enterprise are more inclined to use the WEB application system to simplify the electronic office work and improve the efficiency. As we know, the Internet-based services, such as the government and corporate Image, online shopping, banking transactions, virtual community and virtual currency, have become omnipresent nowadays. Therefore, the Internet websites have also become a popular external publicity and internal office tools used by various social organizations. Nevertheless, when the website brings benefits and convenience to its government and enterprise users, it also causes considerable attacks because of the lack of security, which may even lead to huge economic losses and negative social impact. This shows that the Internet website security not only relates to corporate image, but also directly or indirectly affects the continuity of business. In fact, there are many vulnerability detection tools in the security market, the results will be distinguishing when using different diverse detection products for the same website scanning. This paper will introduce a multi-scanner website security monitoring platform which ensures the integrity and consistency of service output results by normalizing the risk, vulnerability and level of multiple scanning results.

关 键 词：计算机系统 信息安全 扫描器 网站漏洞 

分 类 号：TP335[自动化与计算机技术—计算机系统结构]