CN103716197A - Method and device for testing network applications - Google Patents
Method and device for testing network applications Download PDFInfo
- Publication number
- CN103716197A CN103716197A CN201210379509.2A CN201210379509A CN103716197A CN 103716197 A CN103716197 A CN 103716197A CN 201210379509 A CN201210379509 A CN 201210379509A CN 103716197 A CN103716197 A CN 103716197A
- Authority
- CN
- China
- Prior art keywords
- network application
- public
- network
- test request
- station equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
This invention relates to a method and a device for testing a network application. The device comprises a reception module, a publication module, a detection module and a transmission module. The reception module is used for receiving the name of the network application which a detection supplicant wants to detect and an address of a website device which is fitted with the network application, wherein the network application is customized to meet requirements of part of the public. The publication module is used for publicizing the name of the network application and the address of the website device to the public in order to invite the public to log in the website device to detect the network application. The detection module is used for detecting whether the network application has security weaknesses when a security weakness report about the network application from the public is received. The transmission module is used for transmitting the received report to the detection supplicant when the detection result is positive. By utilizing the method and the device for testing the network application, the possibility of detecting the security weaknesses of the customized network application is improved.
Description
Technical field
The present invention relates to software test field, relate in particular to the method and apparatus for test network application.
Background technology
Along with the fast development of Internet technology, network application has obtained using more and more widely.Network application is divided into two kinds conventionally: standard network application and customized network application.Wherein, standard network application is the network application of working out in order to meet the public's demand, and it can be by widespread deployment.Customized network application is the network application customizing for meeting the part public's needs, and it is sporadicly disposed and/or the short time is disposed.
Conventionally, before dropping into actual use, standard network application and customized network application all will be carried out software test via professional software engineer, to find out and to eliminate the security vulnerabilities wherein existing.Security vulnerabilities is such as comprising weak login password, access privileges (unprivileged access), SQL injection attacks vector etc.Because the software engineer's of each company quantity is conditional, therefore, can not guarantee applying and no longer having security vulnerabilities through standard network application and customized network after software test.
Because standard network application is by widespread deployment, therefore, after being put into actual use, will having a large amount of public access and use standard network application.If standard network application still exists security vulnerabilities, these security vulnerabilities will be found in a large amount of public's use, can eliminate these security vulnerabilities by Standard modification network application.
Yet, because customized network application is for meeting that the part public's demand customizes and only being disposed by fragmentary and/or short time, therefore, after being put into actual use, conventionally only have seldom public access and the application of use customized network.In this case, if customized network application still exists security vulnerabilities, these security vulnerabilities probably can in use not be found, thereby customized network application can exist potential safety hazard.
Summary of the invention
Consider the problems referred to above of prior art, the embodiment of the present invention provides a kind of method and apparatus for test network application, and it can improve the possibility of the security vulnerabilities that detects customized network application.
According to a kind of method for test network application of the embodiment of the present invention, comprise: receive title and the network address that the network station equipment of described network application is installed from the network application of wanting test of test request side, wherein, described network application is to customize for meeting the part public's demand; To the public, announce the title of described network application and the network address of described network station equipment, to invite the public to login described network station equipment, test described network application; When receive from the public's the security vulnerabilities about described network application report time, detect described network application and whether have described security vulnerabilities; And, when testing result is for certainly time, received report is sent to described test request side.
Wherein, described method can also comprise: after the title of described network application and the network address of described network station equipment that receive from described test request side, check whether described test request side is legal.Wherein, described announcement step further comprises: when check result is for certainly time, to the public, announce the title of described network application and the network address of described network station equipment.
Wherein, described inspection step can comprise: after receiving the title of described network application and the network address of described network station equipment from described test request side, generate random text; To described test request side, send the text generating; And, determine the text that whether has described generation in described network station equipment, wherein, when definite result is for certainly time, show that described test request side is legal.
Wherein, described method can also comprise: when described testing result is for certainly time, to the public who sends described report, send the bonus that described test request side provides with charge free.
Wherein, described method can also comprise: after the described security vulnerabilities of described network application is eliminated by described test request side, to described in public, report.
In addition, according to a kind of device for test network application of the embodiment of the present invention, comprise: receiver module, for receiving the title and the network address that the network station equipment of described network application is installed from the network application of wanting test of test request side, wherein, described network application is to customize for meeting the part public's demand; Announce module, for announce the title of described network application and the network address of described network station equipment to the public, to invite the public to login described network station equipment, test described network application; Detection module, during for report when receiving from the public's the security vulnerabilities about described network application, detects described network application and whether has described security vulnerabilities; And sending module, for when testing result is for certainly time, sends to described test request side received report.
Wherein, described device can also comprise: checking module, after the title of described network application and the network address of described network station equipment receiving from described test request side, checks whether described test request side is legal.Wherein, described announcement module is further used for: when check result is for certainly time, to the public, announce the title of described network application and the network address of described network station equipment.
Wherein, described checking module can comprise: generation module, after the title of described network application and the network address of described network station equipment receiving from described test request side, generates random text; Delivery module, for sending the text generating to described test request side; And determination module, for determining whether described network station equipment exists the text of described generation, wherein, when definite result is when sure, shows that described test request side is legal.
Wherein, described device can also comprise: send module with charge free, for when described testing result is for certainly time, to the public who sends described report, send the bonus that described test request side provides with charge free.
Wherein, described device can also comprise: open module, after eliminating the described security vulnerabilities of described network application in described test request side, to described in public, report.
As can be seen from the above, the present invention utilizes the public to test customized network application.Because the public's quantity obviously wants software engineer's the quantity of Bi Yuyige company and the user's of customized network application quantity much more, therefore, compared with prior art, the present invention can improve the possibility of the security vulnerabilities that detects customized network application.
Accompanying drawing explanation
Other feature of the present invention, feature, advantage and benefit will become more apparent by the detailed description below in conjunction with accompanying drawing.Wherein:
Fig. 1 shows the method flow diagram for test network application according to one embodiment of the invention;
Fig. 2 shows according to the schematic diagram of the device for test network application of one embodiment of the invention; And
Fig. 3 shows according to the schematic diagram of the equipment for test network application of one embodiment of the invention.
Embodiment
The technical scheme providing according to the embodiment of the present invention, the title that reception is applied from test request person's the customized network of wanting test and the network address that the network station equipment of this customized network application is installed, and to the public, announce the title of customized network application and the network address of network station equipment that receive and apply with invitation public Website login testing of equipment customized network; When the public reports that customized network application exists security vulnerabilities, detect customized network application and whether have reported security vulnerabilities; And, when detect finding that customized network application exists the security vulnerabilities of reporting, received report is sent to application testing requesting party, thereby test request side can revise customized network and applies to eliminate reported security vulnerabilities.Because being utilizes the public to test customized network application, and the public's quantity obviously wants software engineer's the quantity of Bi Yuyige company and the user's of customized network application quantity much more, therefore, compared with prior art, the technical scheme that the embodiment of the present invention provides can improve the possibility of the security vulnerabilities that detects customized network application.
With reference now to Fig. 1,, it shows the method flow diagram for test network application according to one embodiment of the invention.As shown in Figure 1, at step S100, test request side D installs the customized network application WY that wants test on network station equipment W1.Network station equipment W1 can be that test request side D is one's own or rent.
At step S104, test request side D sends the network address and the title of wanting the customized network application WY of test of network station equipment W1 to network station equipment W2.
At step S108, after the network address of network station equipment W1 and the title of customized network application WY that receive from test request side D, network station equipment W2 announces the network address of network station equipment W1 and the title of customized network application WY to the public, to invite the public to arrive network station equipment W1 test customized network application WY.
To this, if the public wants to participate in the test to customized network application WY, the public can test customized network application WY by access websites equipment W1.When test finds that customized network application WY exists security vulnerabilities, the public can send the report about the security vulnerabilities of customized network application WY to network station equipment W2.
At step S112, network station equipment W2 receives the report from the public's the security vulnerabilities about customized network application WY.
At step S116, network station equipment W2 debarkation net station equipment W1 also detects the customized network application WY installing in network station equipment W1 and whether has the indicated security vulnerabilities of received report.
At step S120, when the testing result of step S116 is when being, network station equipment W2 sends to received report the test request side D of customized network application WY.
After test request side D receives the report about the security vulnerabilities of customized network application WY, can revise customized network application WY to eliminate the indicated security vulnerabilities of this report.
When the testing result of step S116 is while being no, flow process finishes.
Other modification
It will be appreciated by those skilled in the art that the embodiment for above, in order to prevent false test, can invite before the public tests customized network application WY, the test request side D of the first definite customized network application WY of network station equipment W2 is legal.Particularly, after the network address of network station equipment W1 and the title of customized network application WY that receive from test request side D, network station equipment W2 generates random text J and generated text J is sent to test request side D.If test request side D is legal, test request side D, after receiving text J, can copy received text J in network station equipment W1 to, otherwise received text J can not copied in network station equipment W1.Then, network station equipment W2 access websites equipment W1 is to determine whether there is text J in network station equipment W1.If there is text J in network station equipment W1, show that test request side D is legal, otherwise be illegal.
Those skilled in the art are to be understood that, for embodiment above, in order to encourage the public to test enthusiastically customized network application WY test request side D, can provide bonus for the test of customized network application WY, and when the testing result of step S116 is when being, network station equipment W2 is distributed to provided bonus the public of the security vulnerabilities of finding customized network application WY.
It will be appreciated by those skilled in the art that the embodiment for above, in order to show the fairness of test, the testing result that can work as step S116 when being, the report of the security vulnerabilities about customized network application WY that network station equipment W2 receives to public.
Those skilled in the art are to be understood that, although in the above embodiments, network station equipment W2 is by access websites equipment W1 and detect the customized network application WY installing in network station equipment W1 and whether have the indicated security vulnerabilities of received report, detect customized network application WY and whether have the indicated security vulnerabilities of received report, yet the present invention is not limited thereto.In some other embodiment of the present invention, also can be that test request side D sends to network station equipment W2 customized network application WY in advance, then whether network station equipment W2 there is the indicated security vulnerabilities of received report by detecting the customized network application WY receiving, and determines whether customized network application WY exists the indicated security vulnerabilities of received report.
With reference now to Fig. 2,, it shows according to the schematic diagram of the device for test network application of one embodiment of the invention.Device shown in Fig. 2 can utilize the mode of software, hardware or software and hardware combining to realize, and can be arranged in network station equipment W2.
As shown in Figure 2, the device 20 for test network application can comprise receiver module 202, announce module 204, detection module 206 and sending module 208.
Wherein, receiver module 202 is for receiving the title and the network address at network station equipment W1 that network application WY is installed from the network application WY that wants test of test request person D.Announce module 204 for announce the network address of network station equipment W1 and the title of network application WY to the public, to invite public's Website login equipment W1 test network application WY.Detection module 206 is during for report when receiving from the public's the security vulnerabilities about network application WY, and whether Sampling network application WY exists the indicated security vulnerabilities of received report.Sending module 208, for when testing result is for certainly time, sends to test request person D received report.
In addition, device 20 can also comprise checking module 210, and after the title of network application WY and the network address of network station equipment W1 receiving from test request person D, whether checkout requestor D is legal.In this case, announcing module 202 is further used for, when the check result of checking module 210 is when sure, to the public, announcing the network address of network station equipment W1 and the title of network application WY.
In addition, checking module 210 can comprise: generation module 2102, for when receiving from the title of network application WY of test request person D and the network address of network station equipment W1, generates random text; Notification module 2104, for sending the text generating to test request person D; And determination module 2106, for determining whether network station equipment W1 exists generated text, wherein, when definite result is when sure, shows that test request person D is legal, otherwise is illegal.
In addition, device 20 can also comprise and sends module 212 with charge free, for the testing result when detection module 206, for certainly time, to sending the public who reports, sends the bonus that test request person D provides with charge free.
In addition, device 20 can also comprise open module 214, for after test request person D eliminates the security vulnerabilities of network application WY, and the report receiving to public.
With reference now to Fig. 3,, it shows according to the schematic diagram of the network station equipment for test network application of one embodiment of the invention.As shown in Figure 2, the network station equipment 30 for test network application can comprise memory 302 and the processor 304 for stores executable instructions.
Wherein, processor 304 can, for the executable instruction of storing according to memory 302, be carried out following steps: receive title and the network address at network station equipment W1 that network application WY is installed from the network application WY that wants test of test request person D; To the public, announce the network address of network station equipment W1 and the title of network application WY, to invite public's Website login equipment W1 test network application WY; When receive from the public's the security vulnerabilities about network application WY report time, whether Sampling network application WY there is the indicated security vulnerabilities of received report; And, when testing result is for certainly time, received report is sent to test request person D.
In addition, processor 304 can also be for the executable instruction of storing according to memory 302, carry out following steps: after the title of network application WY and the network address of network station equipment W1 that receive from test request person D, whether checkout requestor D is legal; And, when check result is for certainly time, to the public, announce the network address of network station equipment W1 and the title of network application WY.
In addition, for test request person D, it is whether legal step, processor 304 can be for the executable instruction of storing according to memory 302, further carry out following steps: when receiving from the title of network application WY of test request person D and the network address of network station equipment W1, generate random text; To test request person D, send the title of the text generating; And, determine in network station equipment W1 whether have generated text, wherein, when definite result is for certainly time, show that test request person D is legal, otherwise be illegal.
In addition, processor 304 can also be for the executable instruction of storing according to memory 302, carries out following steps: when testing result is for certainly time, to the public who sends report, send the bonus that test request person D provides with charge free.
In addition, processor 304 can also, for the executable instruction of storing according to memory 302, be carried out following steps: after test request person D eliminates the security vulnerabilities of network application WY, and the report receiving to public.
The embodiment of the present invention also provides machine readable media, stores executable instruction on it, when this executable instruction is performed, makes machine carry out the performed step of processor 304.
By accompanying drawing and preferred embodiment, the present invention has been carried out to detail display and explanation above, yet the invention is not restricted to the embodiment that these have disclosed.Other schemes that those skilled in the art therefrom derive are also within protection scope of the present invention.
Claims (12)
1. for a method for test network application, comprising:
Reception is from the title and the network address that the network station equipment of described network application is installed of the network application of the need test of test request side, and wherein, described network application is to customize for meeting the part public's demand;
To the public, announce the title of described network application and the network address of described network station equipment, to invite the public to login described network station equipment, test described network application;
When receive from the public's the security vulnerabilities about described network application report time, detect described network application and whether have described security vulnerabilities; And
When testing result is for certainly time, received report is sent to described test request side.
2. the method for claim 1, wherein also comprise step:
After the title of described network application and the network address of described network station equipment that receive from described test request side, check that whether described test request side is legal,
Wherein, described announcement step further comprises: when check result is for certainly time, to the public, announce the title of described network application and the network address of described network station equipment.
3. method as claimed in claim 2, wherein, whether the described test request side of described inspection is that legal step comprises:
After receiving the title of described network application and the network address of described network station equipment from described test request side, generate random text;
To described test request side, send the text generating; And
Determine the text that whether has described generation in described network station equipment,
Wherein, when definite result is for certainly time, show that described test request side is legal.
4. the method for claim 1, wherein also comprise:
When described testing result is for certainly time, to the public who sends described report, send the bonus that described test request side provides with charge free.
5. the method for claim 1, wherein also comprise:
After the described security vulnerabilities of described network application is eliminated by described test request side, to described in public, report.
6. for a device for test network application, comprising:
Receiver module, for receiving the title and the network address that the network station equipment of described network application is installed from the network application of wanting test of test request side, wherein, described network application is to customize for meeting the part public's demand;
Announce module, for announce the title of described network application and the network address of described network station equipment to the public, to invite the public to login described network station equipment, test described network application;
Detection module, during for report when receiving from the public's the security vulnerabilities about described network application, detects described network application and whether has described security vulnerabilities; And
Sending module, for when testing result is for certainly time, sends to described test request side received report.
7. device as claimed in claim 6, wherein, also comprises:
Checking module, after the title of described network application and the network address of described network station equipment receiving from described test request side, checks whether described test request side is legal,
Wherein, described announcement module is further used for: when check result is for certainly time, to the public, announce the title of described network application and the network address of described network station equipment.
8. device as claimed in claim 7, wherein, described checking module comprises:
Generation module, after the title of described network application and the network address of described network station equipment receiving from described test request side, generates random text;
Delivery module, for sending the text generating to described test request side; And
Determination module, for determining whether described network station equipment exists the text of described generation,
Wherein, when definite result is for certainly time, show that described test request side is legal.
9. device as claimed in claim 6, wherein, also comprises:
Send module with charge free, for when described testing result is for certainly time, to the public who sends described report, send the bonus that described test request side provides with charge free.
10. device as claimed in claim 6, wherein, also comprises:
Open module, after eliminating the described security vulnerabilities of described network application in described test request side, reports to described in public.
11. 1 kinds of network station equipments for test network application, comprising:
Memory, for stores executable instructions; And
Processor, for according to stored executable instruction, executes claims the included step of any one claim of 1-5.
12. 1 kinds of machine readable medias, store executable instruction on it, when described executable instruction is performed, make machine execute claims the included step of any one claim of 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210379509.2A CN103716197A (en) | 2012-09-29 | 2012-09-29 | Method and device for testing network applications |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210379509.2A CN103716197A (en) | 2012-09-29 | 2012-09-29 | Method and device for testing network applications |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103716197A true CN103716197A (en) | 2014-04-09 |
Family
ID=50408802
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210379509.2A Pending CN103716197A (en) | 2012-09-29 | 2012-09-29 | Method and device for testing network applications |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103716197A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101001183A (en) * | 2007-01-10 | 2007-07-18 | 网之易信息技术(北京)有限公司 | Test method and system for network application software |
| CN101247251A (en) * | 2008-03-13 | 2008-08-20 | 腾讯科技(深圳)有限公司 | System and method for internet service resource popularization |
| CN101447898A (en) * | 2008-11-19 | 2009-06-03 | 中国人民解放军信息安全测评认证中心 | Test system used for network safety product and test method thereof |
| US20120246008A1 (en) * | 2011-03-23 | 2012-09-27 | International Business Machines Corporation | Implementing computer interaction response tests |
-
2012
- 2012-09-29 CN CN201210379509.2A patent/CN103716197A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101001183A (en) * | 2007-01-10 | 2007-07-18 | 网之易信息技术(北京)有限公司 | Test method and system for network application software |
| CN101247251A (en) * | 2008-03-13 | 2008-08-20 | 腾讯科技(深圳)有限公司 | System and method for internet service resource popularization |
| CN101447898A (en) * | 2008-11-19 | 2009-06-03 | 中国人民解放军信息安全测评认证中心 | Test system used for network safety product and test method thereof |
| US20120246008A1 (en) * | 2011-03-23 | 2012-09-27 | International Business Machines Corporation | Implementing computer interaction response tests |
Non-Patent Citations (2)
| Title |
|---|
| 无: "瑞星布局移动互联网手机安全软件强势公测_", 《计算机与网络》 * |
| 福建世锦天成信息技术有限公司: "《百度文库》", 30 August 2011 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107612895B (en) | Internet anti-attack method and authentication server | |
| CN107135073B (en) | Interface calling method and device | |
| CN103916244B (en) | Verification method and device | |
| EP2755157B1 (en) | Detecting undesirable content | |
| US10212151B2 (en) | Method for operating a designated service, service unlocking method, and terminal | |
| US8453220B2 (en) | Device association | |
| CN105099676B (en) | A kind of user login method, user terminal and server | |
| US10599873B2 (en) | Method for rate-limiting interactions based on dynamically calculated values by supplying problems of varying difficulty to be solved | |
| CN102215254A (en) | Securely providing session key information for user consent to remote management of a computer device | |
| AU2017238773A1 (en) | Systems and techniques for guiding a response to a cybersecurity incident | |
| CN105429943B (en) | Information processing method and terminal thereof | |
| CN105471815A (en) | Internet-of-things data security method and Internet-of-things data security device based on security authentication | |
| CN104980393A (en) | Verification method, verification system, server and terminal | |
| CN103888465B (en) | A kind of webpage kidnaps detection method and device | |
| CN112968892A (en) | Information verification method, device, computing equipment and medium | |
| US20140373158A1 (en) | Detecting security vulnerabilities on computing devices | |
| CN110011953A (en) | Stolen password is prevented to use again | |
| CN111259368A (en) | Method and equipment for logging in system | |
| EP3236685B1 (en) | Detecting and warning of base stations with a security risk | |
| CN110677391B (en) | Third-party link verification method based on URL Scheme technology and related equipment | |
| CN110245523B (en) | Data verification method, system and device and computer readable storage medium | |
| CN104660480B (en) | A kind of method, apparatus and system of account number abnormality processing | |
| CN105049444B (en) | The method and client that are controlled are logged in browser client | |
| KR101161182B1 (en) | Method and system capable of user integrated authentication according to security level of internet site by automatically detecting user authentication request | |
| CN103823702A (en) | Application installation method and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140409 |