基于Python的企业安全漏洞管理方法研究

发布时间：2018-04-11 06:30

本文选题：漏洞 + 漏洞库　；参考：《北京邮电大学》2015年硕士论文

【摘要】：飞速发展的互联网技术,正逐渐改变人们的生活娱乐方式,同时推动了生产系统的更新换代和生产方式的变革。然而生产力大大提高的同时,网络的脆弱性也将生产系统暴露给别有用心者,甚至导致灾难性的破坏。生产系统内部若能有效地管理漏洞,并及时地推动漏洞发布与修复,脆弱性带来的风险将大大降低。因此,研究企业安全漏洞管理方法,搭建标准统一的漏洞管理系统,对于提高各厂商产品安全性具有重要意义。本文首先介绍了当今世界的网络安全形势,以及厂商建立安全漏洞库的必要性,对比分析了国内外知名漏洞库的相关情况。明确了安全漏洞的定义,概括了漏洞的特点及漏洞分类,并介绍了国内外权威的漏洞发布方式。另外,本文简述了爬虫的定义和网络爬虫原理,详细介绍了Python脚本语言以及Python编写爬虫程序的可行性。这些理论是构建安全漏洞库的重要基础。其后,本文重点研究了主流漏洞库的漏洞特征,设计了安全漏洞管理平台,并详尽论述了漏洞管理平台的组织架构以及核心模块的实现机制。首先编写了漏洞管理平台的漏洞爬取模块,抓取目标漏洞库中的特定漏洞信息；利用目标漏洞库的分析结果,漏洞信息解析模块进行漏洞信息的内容格式解析；最后借助数据库操作模块的Mysql程序,完成漏洞信息的本地化存储,保证目标厂商漏洞的完整综合呈现。最后,本文设计了企业安全漏洞描述语言。基于在实习公司的漏洞处理工作,本文针对企业内部漏洞处理流程,量身定制了一套漏洞描述的语言,规范了漏洞管理平台中存储的漏洞信息,实现了漏洞信息在企业内部的无障碍流通。
[Abstract]:The rapid development of Internet technology, is gradually changing the way people live and entertainment, while promoting the upgrading of production systems and the transformation of production methods.However, while productivity increases greatly, the vulnerability of the network also exposes the production system to ulterior motives, even leading to catastrophic damage.The risk of vulnerability will be greatly reduced if the vulnerability can be managed effectively and the vulnerability can be published and fixed in time.Therefore, it is of great significance to study the methods of enterprise security vulnerability management and to set up a unified vulnerability management system.This paper first introduces the network security situation in the world today and the necessity for manufacturers to set up a security vulnerability library, and compares and analyzes the relevant situation of well-known vulnerability library at home and abroad.This paper clarifies the definition of security vulnerabilities, summarizes the characteristics and classification of vulnerabilities, and introduces the issuing methods of vulnerabilities at home and abroad.In addition, this paper briefly describes the definition of crawler and the principle of web crawler, and introduces in detail the Python script language and the feasibility of Python programming crawler program.These theories are the important foundation of constructing security vulnerability library.Then, this paper focuses on the vulnerability characteristics of the mainstream vulnerability library, designs a security vulnerability management platform, and discusses in detail the organizational structure of the vulnerability management platform and the implementation mechanism of the core modules.Firstly, the vulnerability crawling module of the vulnerability management platform is written to capture the specific vulnerability information in the target vulnerability library, and the content format of the vulnerability information is analyzed by using the analysis result of the target vulnerability library.Finally, with the help of the Mysql program of the database operation module, the localization storage of vulnerability information is completed to ensure the integrated presentation of the vulnerability of the target manufacturer.Finally, this paper designs the enterprise security vulnerability description language.Based on the vulnerability handling work in the internship company, this paper customizes a set of vulnerability description language for the internal vulnerability processing process of the enterprise, and standardizes the vulnerability information stored in the vulnerability management platform.Realized the loophole information in the enterprise internal barrier-free circulation.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2015
【分类号】：TP393.08

【参考文献】