CN102541729A - Detection device and method for security vulnerability of software - Google Patents
Detection device and method for security vulnerability of software Download PDFInfo
- Publication number
- CN102541729A CN102541729A CN2010106155474A CN201010615547A CN102541729A CN 102541729 A CN102541729 A CN 102541729A CN 2010106155474 A CN2010106155474 A CN 2010106155474A CN 201010615547 A CN201010615547 A CN 201010615547A CN 102541729 A CN102541729 A CN 102541729A
- Authority
- CN
- China
- Prior art keywords
- leak
- test
- security
- analysis
- testing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Stored Programmes (AREA)
Abstract
The invention relates to the field of computers, in particular to a detection device and method for a security vulnerability of a dedicated information system. According to the detection device and method disclosed by the invention, a tester can not only access a target system to a testing network but also access the detection device to a production system by connecting a test terminal with the target system, wherein the target system is located in the production system. As the core of the detection device, a system security analysis and test management platform comprises a vulnerability discovering system, a vulnerability authenticating and analyzing system, a permeability testing system, a vulnerability library, a test case library, a report outputting system, a user and permission management system, a system management platform and the like. When the detection device and method for the security vulnerability of the software, provided by the invention, are adopted, the vulnerability can be found before the application of the software, and corresponding strategies can be provided, so that the detection device and method meet the requirement on the emphasis on information security in the current society in a better manner; and moreover, the detection device and method have a higher application value.
Description
Technical field
The present invention relates to computer realm, particularly a kind of large-scale design software security breaches pick-up unit and method.
Background technology
Information age; Network is divulged a secret increasing; Network security also more and more receives publicity, and arrives state secret greatly, all can receive risk and the threat that network is given away secrets to individual privacy for a short time; On Internet, can often utilize software vulnerability to make interconnecting terminal instance under attack; How to avoid this type of incident just need detect, also do not have effective means to stop this type of phenomenon fully at present, detect to become and avoid a kind of means that similar incidents take place to come into one's own day by day but do security breaches in advance to software itself to software vulnerability.
Summary of the invention
Technical matters to be solved by this invention is; Provide a kind of in LAN; Utilize and tentatively set up and progressively perfect special-purpose vulnerability database, test case library; The application systems software of the proprietary application system software that uses in important information system and the important information system, general application software and secondary development on the common software basis is tested object, the apparatus and method of process flowizations such as the required bug excavation of security of system analytical test, leak analysis checking, testing permeability, systematization, hardware and software platform.
Technical matters to be solved by this invention realizes through following technical scheme: a kind of software security flaw pick-up unit comprises test environment, security of system analysis and test management platform, special-purpose vulnerability database and test case library.Test environment comprises goal systems and test terminal, and the security test attendant can select, dispatch corresponding attack script according to the environment and the version of goal systems and carry out testing permeability work in test case library.Security of system analysis and test management platform comprise leak discovery system, leak checking and analytic system, testing permeability system, vulnerability database, test case library, report output system, user and Rights Management System, system management platform etc.Special-purpose vulnerability database and test case library not only comprise the leak information that serious safety problem takes place in history; The safety loophole information that also will comprise the large-scale design software of this project discovery, constituting one simultaneously can be to the penetration testing instrument and the test case library of large-scale design software leak.Leak discovery system component is responsible for goal systems is carried out bug excavation; System is with integrated multiple fuzz testing tool method collection and other known bugs digging technologies such as com component, file layout, procotol and data of being directed against; Adopt various multi-form " deformity " data of attacking demolition purpose that have that goal systems is tested; In order to trigger goal systems security breaches that possibly exist, that can produce abnormal behaviour; And to the management platform report, the details of the record leak of finding.Its integrated Com assembly blurs test module, file layout fuzz testing module, procotol and data fuzz testing module, can cover general and special-purpose application system.Leak analysis and verification system are responsible for the security breaches of the goal systems of being found are analyzed and checking work; System carries out safe debugging with binary code, adopts the dis-assembling form, the principle of work and power of analysis software; The leak of analysis software is accurately located principle, position that leak produces.The leak verification system mainly relies on the special-purpose debugger of leak, carries out the analysis and the checking of leak, and special-purpose debugger is operated with complete patterned mode, can show the dis-assembling code of leak program, single step run that can control program.The testing permeability system is responsible for to the security breaches of having found; Characteristic according to leak place system is called corresponding Shellcode code and different implantttion techniques; Take the form of simulated strike that goal systems is carried out penetration testing, with test safety leak necessary being whether.Test case library and testing permeability verification management system administer and maintain test case library, include library management, in batches import and export management, condition query, statistical study and data backup and recovery etc., user and Rights Management System are responsible for the user who uses this management platform is managed concentratedly, comprise functions such as user management, rights management.Through user management and empowerment management function; Authorized user can carry out the related work of security of system analytical test within the scope of authority; System will generate admin log automatically, and the time of user login, the operation of being engaged in (like newly-built task, continue to execute the task, operation such as task achievement warehouse-in, form import and export) are carried out detailed log record.Systems management component is the total management system of security of system analysis and test management platform; The user through Web mode login system management platform can be newly-built, continue to carry out that leak is found, leak analysis checking, testing permeability task; And can the achievement of each task be deposited in the corresponding database; Can the result of each task be exported with report form simultaneously, and can inquire about data-base content, add up, operation such as analysis.
The present invention also provides a kind of system that large-scale design software security breaches detect that disposes, and comprises security of system analysis and test management platform service end, database server, client browser composition.The management platform service end provides leak to find functions such as system, leak analysis verification system, testing permeability system, report output system, vulnerability database management system, test case library and testing permeability verification management system and user and Rights Management System, system management platform; Database server is data storage capacities and the data base administration ability that vulnerability database, test case library and testing permeability checking etc. provide magnanimity; The security study analyst carries out the security of system analytical work through browser access management platform service end.
Checking of the mining analysis of unknown leak and penetration testing method in a kind of software security flaw detection method, step is following:
Step 1: goal systems is inserted test network, perhaps the present invention is inserted the network at goal systems place, utilize the FUZZ tool set to carry out FUZZ and find;
Step 2: utilize debugging acid to carry out leak analysis:
(1) if find leak, then call corresponding Shellcode code and different implantttion techniques according to the characteristic of leak place system, take the form of simulated strike that goal systems is carried out penetration testing, with test safety leak necessary being whether;
(2) if security breaches really exist, then produce corresponding testing tool, and newfound leak is write vulnerability database, test case is write test case library;
Step 3: the output leak is found report, leak analysis checking report, testing permeability report and system vulnerability reparation suggestion.
Checking of the mining analysis of known bugs and penetration testing method in a kind of software security flaw detection method, step is following:
Step 1: goal systems is inserted test network, perhaps the present invention is inserted the network at goal systems place, carry out vulnerability scanning;
Step 2: if find leak, then call corresponding Shellcode code and different implantttion techniques, take the form of simulated strike that goal systems is carried out penetration testing, with test safety leak necessary being whether according to the characteristic of leak place system;
Step 3: the output leak is found report, leak analysis checking report, testing permeability report and system vulnerability reparation suggestion.
The software security flaw detection method that utilizes this device and provide can be searched leak, and can provide corresponding strategy before software uses, satisfied the attention of current society to information security preferably, had higher use value.
Description of drawings
Fig. 1 is the large-scale design software security breaches of a present invention pick-up unit one-piece construction block diagram;
The system construction drawing that Fig. 2 detects for the large-scale design software security breaches of the present invention;
Fig. 3 is the mining analysis checking and the penetration testing process flow diagram of unknown leak;
Fig. 4 is the mining analysis checking and the penetration testing process flow diagram of known bugs.
Embodiment
Specify the present invention below in conjunction with Figure of description; As shown in Figure 1; A kind of large-scale design software security breaches pick-up unit; The tester links to each other with goal systems through the test terminal, can goal systems be inserted test network, also can this product be inserted the production system at goal systems place.The security test attendant can select, dispatch corresponding attack script according to the environment and the version of goal systems and carry out testing permeability work in test case library.Security of system analysis and test management platform are cores of the present invention, comprise leak discovery system, leak checking and analytic system, testing permeability system, vulnerability database, test case library, report output system, user and Rights Management System, system management platform etc.Special-purpose vulnerability database and test case library not only comprise the leak information that serious safety problem takes place in history; The safety loophole information that also will comprise newfound large-scale design software, constituting one simultaneously can be to the penetration testing instrument and the test case library of large-scale design software leak.Leak discovery system component is responsible for goal systems is carried out bug excavation; System is with integrated multiple fuzz testing tool method collection and other known bugs digging technologies such as com component, file layout, procotol and data of being directed against; Adopt various multi-form " deformity " data of attacking demolition purpose that have that goal systems is tested; In order to trigger goal systems security breaches that possibly exist, that can produce abnormal behaviour; And to the management platform report, the details of the record leak of finding.Leak analysis and verification system are responsible for the security breaches of the goal systems of being found are analyzed and checking work; System carries out safe debugging with binary code, adopts the dis-assembling form, the principle of work and power of analysis software; The leak of analysis software is accurately located principle, position that leak produces.The leak verification system mainly relies on the special-purpose debugger of leak, carries out the analysis and the checking of leak, and special-purpose debugger is operated with complete patterned mode, can show the dis-assembling code of leak program, single step run that can control program.The testing permeability system is responsible for to the security breaches of having found; Characteristic according to leak place system is called corresponding Shellcode code and different implantttion techniques; Take the form of simulated strike that goal systems is carried out penetration testing, with test safety leak necessary being whether.Test case library and testing permeability verification management system administer and maintain test case library.User and Rights Management System are responsible for the user who uses this management platform is managed concentratedly.Through user management and empowerment management function, authorized user can carry out the related work of security of system analytical test within the scope of authority, and system will generate admin log automatically.Systems management component is the total management system of security of system analysis and test management platform; The user through Web mode login system management platform can be newly-built, continue to carry out that leak is found, leak analysis checking, testing permeability task; And can the achievement of each task be deposited in the corresponding database; Can the result of each task be exported with report form simultaneously, and can inquire about data-base content, add up, operation such as analysis.
As shown in Figure 2, a kind of system that disposes large-scale design software security breaches detection comprises security of system analysis and test management platform service end, database server, client browser composition.The security study analyst carries out the security of system analytical work through browser access management platform service end.The management platform service end provides leak to find functions such as system, leak analysis verification system, testing permeability system, report output system, vulnerability database management system, test case library and testing permeability verification management system and user and Rights Management System, system management platform.Database server is data storage capacities and the data base administration ability that vulnerability database, test case library and testing permeability checking etc. provide magnanimity.
Checking of the mining analysis of unknown leak and penetration testing method in a kind of software security flaw detection method, shown in Figure of description 3, step is following:
Step 1: goal systems is inserted test network, perhaps the present invention is inserted the network at goal systems place, utilize the FUZZ tool set to carry out FUZZ and find;
Step 2: utilize debugging acid to carry out leak analysis:
(1) if find leak, then call corresponding Shellcode code and different implantttion techniques according to the characteristic of leak place system, take the form of simulated strike that goal systems is carried out penetration testing, with test safety leak necessary being whether;
(2) if security breaches really exist, then produce corresponding testing tool, and newfound leak is write vulnerability database, test case is write test case library;
Step 3: the output leak is found report, leak analysis checking report, testing permeability report and system vulnerability reparation suggestion.
Checking of the mining analysis of known bugs and penetration testing method in a kind of software security flaw detection method, shown in Figure of description 4, step is following:
Step 1: goal systems is inserted test network, perhaps the present invention is inserted the network at goal systems place, carry out vulnerability scanning;
Step 2: if find leak, then call corresponding Shellcode code and different implantttion techniques, take the form of simulated strike that goal systems is carried out penetration testing, with test safety leak necessary being whether according to the characteristic of leak place system.
If security breaches really exist, then produce corresponding testing tool, and newfound leak is write vulnerability database, test case is write test case library,
Step 3: the output leak is found report, leak analysis checking report, testing permeability report and system vulnerability reparation suggestion.
The software security flaw detection method that utilizes this device and provide can be searched leak, and can provide corresponding strategy before software uses, satisfied the attention of current society to information security preferably, had higher use value.
The present invention also has some other distortion or improves.For example client modules can be one, two or more, and client modules, central management module can all be loaded on the same computing machine, can also be loaded on respectively on the various computing machine.If the technician in present technique field receives the change of the conspicuous unsubstantiality that inspiration of the present invention makes or improves, all belong to the protection domain of claims of the present invention.
Claims (10)
1. software security flaw pick-up unit; It is characterized in that: comprise test environment, security of system analysis and test management platform, special-purpose vulnerability database and test case library; The test ring border comprises goal systems and test terminal, and security of system analysis and test management platform comprise leak discovery system, leak checking and analytic system, testing permeability system, vulnerability database, test case library, report output system, user and Rights Management System, system management platform etc.
2. software security flaw pick-up unit according to claim 1; It is characterized in that: special-purpose vulnerability database and test case library not only comprise the leak information that serious safety problem takes place in history; The safety loophole information that also will comprise the large-scale design software of this project discovery, constituting one simultaneously can be to the penetration testing instrument and the test case library of large-scale design software leak.
3. software security flaw pick-up unit according to claim 1; It is characterized in that: leak discovery system comprises that integrated Com assembly blurs test module, file layout fuzz testing module, procotol and data fuzz testing module, can cover general and special-purpose application system.
4. software security flaw pick-up unit according to claim 3; It is characterized in that: leak discovery system is responsible for goal systems is carried out bug excavation; System is with integrated multiple fuzz testing tool method collection and other known bugs digging technologies such as com component, file layout, procotol and data of being directed against; Adopt various multi-form " deformity " data of attacking demolition purpose that have that goal systems is tested; In order to triggering goal systems security breaches that possibly exist, that can produce abnormal behaviour, and to the management platform report, the details of the record leak of finding.
5. software security flaw pick-up unit according to claim 1; It is characterized in that: leak checking and analytic system are responsible for the security breaches of the goal systems of being found are analyzed and checking work; System carries out safe debugging with binary code, adopts the dis-assembling form, the principle of work and power of analysis software; The leak of analysis software is accurately located principle, position that leak produces; The leak verification system mainly relies on the special-purpose debugger of leak, carries out the analysis and the checking of leak, and special-purpose debugger is operated with complete patterned mode, can show the dis-assembling code of leak program, single step run that can control program.
6. software security flaw pick-up unit according to claim 1; It is characterized in that: the testing permeability system is responsible for to the security breaches of having found; Characteristic according to leak place system is called corresponding Shellcode code and different implantttion techniques; Take the form of simulated strike that goal systems is carried out penetration testing, with test safety leak necessary being whether.
7. security of system analysis according to claim 1 and test management platform is characterized in that: user and Rights Management System are responsible for the user who uses this management platform is managed concentratedly, comprise functions such as user management, rights management; Through user management and empowerment management function, authorized user can carry out the related work of security of system analytical test within the scope of authority, and system will generate admin log automatically, and detailed log record is carried out in the time of user's login, the operation of being engaged in.
8. the system of a configuration software security breaches pick-up unit; It is characterized in that: comprise that security of system analysis and test management platform service end, database server, client browser form, the management platform service end provides leak to find functions such as system, leak analysis verification system, testing permeability system, report output system, vulnerability database management system, test case library and testing permeability verification management system and user and Rights Management System, system management platform; Database server is data storage capacities and the data base administration ability that vulnerability database, test case library and testing permeability checking etc. provide magnanimity; The security study analyst carries out the security of system analytical work through browser access management platform service end.
9. checking of the mining analysis of unknown leak and penetration testing method in one kind large-scale design software security flaw detection method, step is following:
Step 1: goal systems is inserted test network, perhaps the present invention is inserted the network at goal systems place, utilize the FUZZ tool set to carry out FUZZ and find;
Step 2: utilize debugging acid to carry out leak analysis:
(1) if find leak, then call corresponding Shellcode code and different implantttion techniques according to the characteristic of leak place system, take the form of simulated strike that goal systems is carried out penetration testing, with test safety leak necessary being whether;
(2) if security breaches really exist, then produce corresponding testing tool, and newfound leak is write vulnerability database, test case is write test case library;
Step 3: the output leak is found report, leak analysis checking report, testing permeability report and system vulnerability reparation suggestion.
10. checking of the mining analysis of known bugs and penetration testing method in one kind large-scale design software security flaw detection method, step is following:
Step 1: goal systems is inserted test network, perhaps the present invention is inserted the network at goal systems place, carry out vulnerability scanning;
Step 2: if find leak, then call corresponding Shellcode code and different implantttion techniques, take the form of simulated strike that goal systems is carried out penetration testing, with test safety leak necessary being whether according to the characteristic of leak place system;
Step 3: the output leak is found report, leak analysis checking report, testing permeability report and system vulnerability reparation suggestion.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010106155474A CN102541729A (en) | 2010-12-31 | 2010-12-31 | Detection device and method for security vulnerability of software |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010106155474A CN102541729A (en) | 2010-12-31 | 2010-12-31 | Detection device and method for security vulnerability of software |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102541729A true CN102541729A (en) | 2012-07-04 |
Family
ID=46348671
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010106155474A Pending CN102541729A (en) | 2010-12-31 | 2010-12-31 | Detection device and method for security vulnerability of software |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102541729A (en) |
Cited By (39)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102905256A (en) * | 2012-10-30 | 2013-01-30 | 东南大学 | Security assessment method for wireless local area network card based on penetration test |
| CN103544660A (en) * | 2013-10-30 | 2014-01-29 | 国家电网公司 | Method for safety testing before online implementation of electric power information system |
| CN104135483A (en) * | 2014-06-13 | 2014-11-05 | 汪志 | Automatic configuration management system for network security |
| CN104184728A (en) * | 2014-08-14 | 2014-12-03 | 电子科技大学 | Safety detection method and device for Web application system |
| CN104573523A (en) * | 2013-10-24 | 2015-04-29 | 深圳市腾讯计算机系统有限公司 | File vulnerability mining realization method and device |
| CN105554022A (en) * | 2016-01-12 | 2016-05-04 | 烟台南山学院 | Automatic testing method of software |
| CN105608381A (en) * | 2015-12-18 | 2016-05-25 | 北京奇虎科技有限公司 | Application test method and system |
| CN105991517A (en) * | 2015-01-28 | 2016-10-05 | 中国信息安全测评中心 | Vulnerability discovery method and device |
| CN106250768A (en) * | 2016-07-21 | 2016-12-21 | 杭州安恒信息技术有限公司 | A kind of behavioral value method of database object script security breaches |
| CN106357670A (en) * | 2016-10-17 | 2017-01-25 | 成都知道创宇信息技术有限公司 | Simulator-based android application server side Web vulnerability detection method |
| CN106446691A (en) * | 2016-11-24 | 2017-02-22 | 工业和信息化部电信研究院 | Method and device for detecting integrated or customized open source project bugs in software |
| CN106663171A (en) * | 2014-08-11 | 2017-05-10 | 日本电信电话株式会社 | Browser-emulator device, construction device, browser emulation method, browser emulation program, construction method, and construction program |
| CN107104853A (en) * | 2017-03-31 | 2017-08-29 | 北京北信源软件股份有限公司 | A kind of test bed system and method for testing for Terminal Security Management software |
| CN107305529A (en) * | 2016-04-25 | 2017-10-31 | 阿里巴巴集团控股有限公司 | The method and apparatus for detecting target software |
| CN107454081A (en) * | 2017-08-07 | 2017-12-08 | 四川长虹电器股份有限公司 | The method for automatically generating POC scripts |
| CN108153632A (en) * | 2017-12-25 | 2018-06-12 | 中山市小榄企业服务有限公司 | A kind of Information Technology Equipment safety detecting system and its detection method |
| CN108415398A (en) * | 2017-02-10 | 2018-08-17 | 上海辇联网络科技有限公司 | Automobile information safety automation tests system and test method |
| CN108958890A (en) * | 2018-07-25 | 2018-12-07 | 北京奇艺世纪科技有限公司 | Container microscope testing method, apparatus and electronic equipment |
| CN109145579A (en) * | 2018-08-18 | 2019-01-04 | 北京航空航天大学 | Intelligent network joins automobile information secure authentication testing method and system |
| CN109325351A (en) * | 2018-08-23 | 2019-02-12 | 中通服咨询设计研究院有限公司 | A kind of security breaches automatic Verification systems based on many survey platforms |
| CN109347696A (en) * | 2018-09-30 | 2019-02-15 | 中国人民解放军国防科技大学 | Network protocol fuzzy test method based on hierarchical variation |
| CN109582564A (en) * | 2018-10-29 | 2019-04-05 | 中国电力科学研究院有限公司 | A kind of test method of mobile application software |
| CN109714355A (en) * | 2019-01-08 | 2019-05-03 | 中国人民解放军火箭军工程大学 | A kind of leak analysis for VxWorks system utilizes method |
| CN110162977A (en) * | 2019-04-24 | 2019-08-23 | 北京邮电大学 | A kind of Android vehicle-mounted terminal system leakage location and method |
| CN110221980A (en) * | 2019-06-17 | 2019-09-10 | 南京未来产业大数据研究院有限公司 | Information system and its method for penetration testing and loophole reparation |
| CN110298179A (en) * | 2019-07-10 | 2019-10-01 | 中国民航信息网络股份有限公司 | Open Framework security flaw detection method and device |
| CN110383238A (en) * | 2016-05-15 | 2019-10-25 | 新思科技有限公司 | System and method for the software analysis based on model |
| CN110502892A (en) * | 2019-07-09 | 2019-11-26 | 成都亚信网络安全产业技术研究院有限公司 | A kind of the determination method, apparatus and system of abnormality test process |
| CN110704267A (en) * | 2019-09-23 | 2020-01-17 | 福建经联网络技术有限公司 | Core control chip firmware analysis and verification system |
| CN110768951A (en) * | 2019-08-14 | 2020-02-07 | 奇安信科技集团股份有限公司 | Method and device for verifying system vulnerability, storage medium and electronic device |
| CN110908912A (en) * | 2019-11-25 | 2020-03-24 | 中国人寿保险股份有限公司 | Software security threat analysis method and system |
| CN111026012A (en) * | 2019-11-29 | 2020-04-17 | 哈尔滨安天科技集团股份有限公司 | Method and device for detecting PLC firmware level bugs, electronic equipment and storage medium |
| CN111382446A (en) * | 2020-03-15 | 2020-07-07 | 黎明职业大学 | Method for detecting common vulnerabilities of computer software |
| CN112347484A (en) * | 2020-10-27 | 2021-02-09 | 杭州安恒信息技术股份有限公司 | Software vulnerability detection method, device, equipment and computer readable storage medium |
| CN112671609A (en) * | 2020-12-21 | 2021-04-16 | 哈尔滨工大天创电子有限公司 | Asset census and safety detection method and device and terminal equipment |
| CN112887945A (en) * | 2021-01-11 | 2021-06-01 | 公安部第三研究所 | Penetration testing method for Internet of vehicles network |
| CN114707156A (en) * | 2022-04-14 | 2022-07-05 | 西安航空学院 | Automatic verification method for communication software security |
| CN115242461A (en) * | 2022-06-30 | 2022-10-25 | 中国人民解放军63891部队 | ROS safety test system and method for robot operating system |
| CN117150506A (en) * | 2023-09-04 | 2023-12-01 | 广东运通奇安科技有限公司 | Vulnerability full life cycle management operation system and method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1412714A (en) * | 2002-09-12 | 2003-04-23 | 福建榕基软件开发有限公司 | Network defect scanning system |
| US20040143756A1 (en) * | 1999-05-11 | 2004-07-22 | Munson John C. | Method of and system for detecting an anomalous operation of a computer system |
| CN1761208A (en) * | 2005-11-17 | 2006-04-19 | 郭世泽 | System and method for evaluating security and survivability of network information system |
| CN101482846A (en) * | 2008-12-25 | 2009-07-15 | 上海交通大学 | Bug excavation method based on executable code conversed analysis |
| CN101847121A (en) * | 2010-05-07 | 2010-09-29 | 北京大学 | Method for discovering software vulnerabilities |
-
2010
- 2010-12-31 CN CN2010106155474A patent/CN102541729A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040143756A1 (en) * | 1999-05-11 | 2004-07-22 | Munson John C. | Method of and system for detecting an anomalous operation of a computer system |
| CN1412714A (en) * | 2002-09-12 | 2003-04-23 | 福建榕基软件开发有限公司 | Network defect scanning system |
| CN1761208A (en) * | 2005-11-17 | 2006-04-19 | 郭世泽 | System and method for evaluating security and survivability of network information system |
| CN101482846A (en) * | 2008-12-25 | 2009-07-15 | 上海交通大学 | Bug excavation method based on executable code conversed analysis |
| CN101847121A (en) * | 2010-05-07 | 2010-09-29 | 北京大学 | Method for discovering software vulnerabilities |
Cited By (53)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102905256B (en) * | 2012-10-30 | 2014-10-29 | 东南大学 | Security assessment method for wireless local area network card based on penetration test |
| CN102905256A (en) * | 2012-10-30 | 2013-01-30 | 东南大学 | Security assessment method for wireless local area network card based on penetration test |
| CN104573523A (en) * | 2013-10-24 | 2015-04-29 | 深圳市腾讯计算机系统有限公司 | File vulnerability mining realization method and device |
| CN104573523B (en) * | 2013-10-24 | 2018-06-12 | 深圳市腾讯计算机系统有限公司 | The implementation method and device of file bug excavation |
| CN103544660A (en) * | 2013-10-30 | 2014-01-29 | 国家电网公司 | Method for safety testing before online implementation of electric power information system |
| CN104135483A (en) * | 2014-06-13 | 2014-11-05 | 汪志 | Automatic configuration management system for network security |
| CN106663171A (en) * | 2014-08-11 | 2017-05-10 | 日本电信电话株式会社 | Browser-emulator device, construction device, browser emulation method, browser emulation program, construction method, and construction program |
| CN104184728A (en) * | 2014-08-14 | 2014-12-03 | 电子科技大学 | Safety detection method and device for Web application system |
| CN105991517A (en) * | 2015-01-28 | 2016-10-05 | 中国信息安全测评中心 | Vulnerability discovery method and device |
| CN105991517B (en) * | 2015-01-28 | 2019-08-20 | 中国信息安全测评中心 | Vulnerability mining method and apparatus |
| CN105608381A (en) * | 2015-12-18 | 2016-05-25 | 北京奇虎科技有限公司 | Application test method and system |
| CN105554022A (en) * | 2016-01-12 | 2016-05-04 | 烟台南山学院 | Automatic testing method of software |
| CN107305529A (en) * | 2016-04-25 | 2017-10-31 | 阿里巴巴集团控股有限公司 | The method and apparatus for detecting target software |
| CN110383238B (en) * | 2016-05-15 | 2024-01-05 | 新思科技有限公司 | System and method for model-based software analysis |
| CN110383238A (en) * | 2016-05-15 | 2019-10-25 | 新思科技有限公司 | System and method for the software analysis based on model |
| CN106250768A (en) * | 2016-07-21 | 2016-12-21 | 杭州安恒信息技术有限公司 | A kind of behavioral value method of database object script security breaches |
| CN106250768B (en) * | 2016-07-21 | 2019-02-22 | 杭州安恒信息技术股份有限公司 | A kind of behavioral value method of database object script security breaches |
| CN106357670A (en) * | 2016-10-17 | 2017-01-25 | 成都知道创宇信息技术有限公司 | Simulator-based android application server side Web vulnerability detection method |
| CN106446691B (en) * | 2016-11-24 | 2019-07-05 | 工业和信息化部电信研究院 | The method and apparatus for the open source projects loophole for integrating or customizing in inspection software |
| CN106446691A (en) * | 2016-11-24 | 2017-02-22 | 工业和信息化部电信研究院 | Method and device for detecting integrated or customized open source project bugs in software |
| CN108415398B (en) * | 2017-02-10 | 2021-07-16 | 上海辇联网络科技有限公司 | Automatic test system and test method for automobile information safety |
| CN108415398A (en) * | 2017-02-10 | 2018-08-17 | 上海辇联网络科技有限公司 | Automobile information safety automation tests system and test method |
| CN107104853A (en) * | 2017-03-31 | 2017-08-29 | 北京北信源软件股份有限公司 | A kind of test bed system and method for testing for Terminal Security Management software |
| CN107104853B (en) * | 2017-03-31 | 2020-04-07 | 北京北信源软件股份有限公司 | Test bed system and test method for terminal safety management software |
| CN107454081A (en) * | 2017-08-07 | 2017-12-08 | 四川长虹电器股份有限公司 | The method for automatically generating POC scripts |
| CN108153632A (en) * | 2017-12-25 | 2018-06-12 | 中山市小榄企业服务有限公司 | A kind of Information Technology Equipment safety detecting system and its detection method |
| CN108958890A (en) * | 2018-07-25 | 2018-12-07 | 北京奇艺世纪科技有限公司 | Container microscope testing method, apparatus and electronic equipment |
| CN109145579A (en) * | 2018-08-18 | 2019-01-04 | 北京航空航天大学 | Intelligent network joins automobile information secure authentication testing method and system |
| CN109325351A (en) * | 2018-08-23 | 2019-02-12 | 中通服咨询设计研究院有限公司 | A kind of security breaches automatic Verification systems based on many survey platforms |
| CN109347696A (en) * | 2018-09-30 | 2019-02-15 | 中国人民解放军国防科技大学 | Network protocol fuzzy test method based on hierarchical variation |
| CN109347696B (en) * | 2018-09-30 | 2020-10-20 | 中国人民解放军国防科技大学 | Network protocol fuzzy test method based on hierarchical variation |
| CN109582564A (en) * | 2018-10-29 | 2019-04-05 | 中国电力科学研究院有限公司 | A kind of test method of mobile application software |
| CN109714355A (en) * | 2019-01-08 | 2019-05-03 | 中国人民解放军火箭军工程大学 | A kind of leak analysis for VxWorks system utilizes method |
| CN110162977A (en) * | 2019-04-24 | 2019-08-23 | 北京邮电大学 | A kind of Android vehicle-mounted terminal system leakage location and method |
| CN110221980A (en) * | 2019-06-17 | 2019-09-10 | 南京未来产业大数据研究院有限公司 | Information system and its method for penetration testing and loophole reparation |
| CN110502892A (en) * | 2019-07-09 | 2019-11-26 | 成都亚信网络安全产业技术研究院有限公司 | A kind of the determination method, apparatus and system of abnormality test process |
| CN110298179A (en) * | 2019-07-10 | 2019-10-01 | 中国民航信息网络股份有限公司 | Open Framework security flaw detection method and device |
| CN110768951A (en) * | 2019-08-14 | 2020-02-07 | 奇安信科技集团股份有限公司 | Method and device for verifying system vulnerability, storage medium and electronic device |
| CN110768951B (en) * | 2019-08-14 | 2022-07-05 | 奇安信科技集团股份有限公司 | Method and device for verifying system vulnerability, storage medium and electronic device |
| CN110704267A (en) * | 2019-09-23 | 2020-01-17 | 福建经联网络技术有限公司 | Core control chip firmware analysis and verification system |
| CN110704267B (en) * | 2019-09-23 | 2022-08-30 | 福建经联网络技术有限公司 | Core control chip firmware analysis and verification system |
| CN110908912B (en) * | 2019-11-25 | 2023-11-21 | 中国人寿保险股份有限公司 | Software security threat analysis method and system |
| CN110908912A (en) * | 2019-11-25 | 2020-03-24 | 中国人寿保险股份有限公司 | Software security threat analysis method and system |
| CN111026012A (en) * | 2019-11-29 | 2020-04-17 | 哈尔滨安天科技集团股份有限公司 | Method and device for detecting PLC firmware level bugs, electronic equipment and storage medium |
| CN111382446A (en) * | 2020-03-15 | 2020-07-07 | 黎明职业大学 | Method for detecting common vulnerabilities of computer software |
| CN112347484A (en) * | 2020-10-27 | 2021-02-09 | 杭州安恒信息技术股份有限公司 | Software vulnerability detection method, device, equipment and computer readable storage medium |
| CN112671609A (en) * | 2020-12-21 | 2021-04-16 | 哈尔滨工大天创电子有限公司 | Asset census and safety detection method and device and terminal equipment |
| CN112887945A (en) * | 2021-01-11 | 2021-06-01 | 公安部第三研究所 | Penetration testing method for Internet of vehicles network |
| CN114707156A (en) * | 2022-04-14 | 2022-07-05 | 西安航空学院 | Automatic verification method for communication software security |
| CN114707156B (en) * | 2022-04-14 | 2024-04-19 | 西安航空学院 | Automatic verification method for communication software security |
| CN115242461B (en) * | 2022-06-30 | 2023-08-25 | 中国人民解放军63891部队 | ROS safety test system and method for robot operating system |
| CN115242461A (en) * | 2022-06-30 | 2022-10-25 | 中国人民解放军63891部队 | ROS safety test system and method for robot operating system |
| CN117150506A (en) * | 2023-09-04 | 2023-12-01 | 广东运通奇安科技有限公司 | Vulnerability full life cycle management operation system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102541729A (en) | Detection device and method for security vulnerability of software | |
| EP2972877B1 (en) | Systems, methods, and apparatus to enhance the integrity assessment when using power fingerprinting systems for computer-based systems | |
| CN102647421B (en) | The web back door detection method of Behavior-based control feature and device | |
| CN104766011A (en) | Sandbox detection alarming method and system based on main engine characteristic | |
| CN111984975B (en) | Vulnerability attack detection system, method and medium based on mimicry defense mechanism | |
| CN103428196A (en) | URL white list-based WEB application intrusion detecting method and apparatus | |
| Liao et al. | Towards provenance-based anomaly detection in MapReduce | |
| Singh et al. | Sql injection detection and correction using machine learning techniques | |
| CN111611590B (en) | Method and device for data security related to application program | |
| Li et al. | LogicScope: Automatic discovery of logic vulnerabilities within web applications | |
| Autili et al. | Software engineering techniques for statically analyzing mobile apps: research trends, characteristics, and potential for industrial adoption | |
| Talukder et al. | Droidpatrol: a static analysis plugin for secure mobile software development | |
| Antunes et al. | Evaluating and improving penetration testing in web services | |
| CN108427882B (en) | Android software dynamic analysis detection method based on behavior feature extraction | |
| US10931693B2 (en) | Computation apparatus and method for identifying attacks on a technical system on the basis of events of an event sequence | |
| Garcia | Firmware modification analysis in programmable logic controllers | |
| CN116668107A (en) | Automatic patrol and network attack tracing method | |
| CN105893846A (en) | Method and device for protecting target application program and electronic equipment | |
| CN108874462A (en) | A kind of browser behavior acquisition methods, device, storage medium and electronic equipment | |
| CN101989230B (en) | Method for extracting requirements and describing behaviors during software safety test based on profile division | |
| Kahtan et al. | Evaluation dependability attributes of web application using vulnerability assessments tools | |
| Fovino et al. | Distributed intrusion detection system for SCADA protocols | |
| Tziatzios | Model-based testing for SQL databases | |
| CN114969759B (en) | Asset security assessment method, device, terminal and medium of industrial robot system | |
| Bărbieru et al. | Malware Analysis on Mobile Phone |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20120704 |