Method and apparatus for website scanning

Assignee

• NSFOCUS INFORMATION TECHNOLOGY CO., LTD. · CN

Inventors

• Da Zhou · Beijing, CN
• Xiaoming Wang · Sunnyvale, US
• Ming Lv · 马宅镇, CN
• Hui Jiang · Beijing, CN
• Guangxu Liu · Beijing, CN
• Xiaohai Lu · Beijing, CN
• Na Li · Beijing, CN
• Liang-Hsuan Lu · Taipei, TW
• Jingjing Zeng · Beijing, CN

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L67/02
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A website scanning apparatus having a policy analysis device for determining whether a link in a target website belongs to a known web application used by the target website, if the link belongs to the identified web application, then a vulnerability scanning is not performed on the link; a crawler device for obtaining the link content that the link points to; a web application identification device for determining whether the link belongs to a known web application; a full scan device for performing a full vulnerability scanning on a link determined as not belonging to the known web application; and a known web application vulnerability detection device for performing vulnerability detection on the website for the determined identified web application according to known vulnerabilities of the identified web application to determine whether the known vulnerabilities of the identified web application exist in the website is provided.