CN113468075A - Security testing method and system for server-side software - Google Patents
Security testing method and system for server-side software Download PDFInfo
- Publication number
- CN113468075A CN113468075A CN202110933582.9A CN202110933582A CN113468075A CN 113468075 A CN113468075 A CN 113468075A CN 202110933582 A CN202110933582 A CN 202110933582A CN 113468075 A CN113468075 A CN 113468075A
- Authority
- CN
- China
- Prior art keywords
- software
- target software
- report
- vulnerability
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012360 testing method Methods 0.000 title claims abstract description 53
- 238000012795 verification Methods 0.000 claims abstract description 30
- 238000004088 simulation Methods 0.000 claims abstract description 24
- 230000006870 function Effects 0.000 claims description 29
- 238000000034 method Methods 0.000 claims description 27
- 239000000872 buffer Substances 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 6
- 238000011156 evaluation Methods 0.000 claims description 4
- 238000004891 communication Methods 0.000 claims description 3
- 238000011076 safety test Methods 0.000 claims 1
- 238000009781 safety test method Methods 0.000 claims 1
- 238000010998 test method Methods 0.000 abstract description 5
- 238000001514 detection method Methods 0.000 abstract description 4
- 238000010586 diagram Methods 0.000 description 6
- 230000000694 effects Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 241000282376 Panthera tigris Species 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Quality & Reliability (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a security test method and a system for server-side software, which relate to the technical field of end software security test.A black box is adopted to test whether a functional module of target software is valid or not and generate a functional verification report; the functional verification is to test the modules related to the safety of the target software by adopting a black box test method in the software test. A program for automatically detecting the security weakness of target software in a remote or local host by using a vulnerability scanner to generate a vulnerability scanning report; by using the vulnerability scanner, a system administrator can find the security vulnerability of the maintained software product, so that the software product is targeted and the vulnerability is repaired in time. Simulating attack target software to generate a simulated attack report; the security protection capability of the software or information system is verified by simulating an attack. And evaluating the safety of the target software according to the function verification report, the vulnerability scanning report and the simulation attack report. The detection efficiency and the accuracy are improved.
Description
Technical Field
The invention relates to the technical field of software security testing, in particular to a security testing method and system for server-side software.
Background
The software security test is a test for checking whether the existing software security measures in the software are effective or not, and is an important means for ensuring the system security. With the increasingly wide application field of software and the occurrence of software accidents in important fields such as aviation, nuclear industry, medical treatment and the like, the problem of software security is more and more emphasized. Software security tests can be divided into two aspects of security function tests and security vulnerability tests. The safety function test is to customize the safety function requirement of the software in the requirement analysis stage of the software, to make sure the safety function of the software, and to test whether the relevant function of the software is realized or not in the acceptance stage of the software. The main security functional requirements of software include privacy and integrity of data, access control, security management, etc. A security hole refers to a defect existing in a software system that can be exploited by malicious code or external attacks, and current code inspection tools aim at such tests. At present, the software security test performed in China basically performs basic scanning by using tools, the detectable vulnerability range is limited, the applicability of the software security test is limited, and the efficiency and the accuracy of the detection result are different.
Disclosure of Invention
In order to overcome the above problems or at least partially solve the above problems, embodiments of the present invention provide a method and a system for security testing of server-side software.
The embodiment of the invention is realized by the following steps:
in a first aspect, an embodiment of the present invention provides a method for testing security of server-side software, including:
testing whether a functional module of the target software is effective by adopting a black box, and generating a functional verification report;
a program for automatically detecting the security weakness of target software in a remote or local host by using a vulnerability scanner to generate a vulnerability scanning report;
simulating attack target software to generate a simulated attack report;
and evaluating the safety of the target software according to the function verification report, the vulnerability scanning report and the simulation attack report.
Based on the first aspect, in some embodiments of the present invention, the software for simulating an attack target includes:
masquerading as a privileged entity attacking the target software.
Based on the first aspect, in some embodiments of the present invention, the method for attacking target software by an entity impersonating as a privileged entity includes one or more of the following methods:
intercepting an identification sequence, and using the target software again after an effective identification sequence is used once;
identifying a host carrying target software, acquiring an available user account based on NetBIOS, Telnet or NFS service, and guessing a password to control the host carrying the target software;
writing a malicious program to further open a security gap, then placing the malicious program at the tail end of the effective load of the buffer area, and when the buffer area overflows, returning a pointer to point to the malicious program, and executing a malicious instruction to obtain the control right of the system.
Based on the first aspect, in some embodiments of the present invention, the software targeted for simulation attack further includes:
adding incorrect information when a DNS server exchanges information with other name servers leads to unauthorized consequences.
Based on the first aspect, in some embodiments of the present invention, the software targeted for simulation attack further includes:
packets that are malformed, claiming their own size to exceed the ICMP upper limit, result in a TCP/IP stack crash, causing the recipient to go down.
Based on the first aspect, in some embodiments of the present invention, the functional module includes:
the system comprises one or more of a user management module, a right management module, an encryption module and an authentication module.
Based on the first aspect, in some embodiments of the present invention, the vulnerability scanner includes a host vulnerability scanner and a network vulnerability scanner, and the host vulnerability scanner is configured to run a first program for detecting a security vulnerability of target software on a local host; the network vulnerability scanner is used for remotely detecting a second program of the security vulnerability of the target software based on the network.
In a second aspect, an embodiment of the present invention provides a system for testing security of server-side software, including:
the function verification module is used for adopting a black box to test whether the function module of the target software is effective or not and generating a function verification report;
the vulnerability scanning module is used for automatically detecting a program of the security vulnerability of the target software in the remote or local host by using a vulnerability scanner and generating a vulnerability scanning report;
the simulation attack module is used for simulating attack target software and generating a simulation attack report;
and the evaluation module is used for evaluating the safety of the target software according to the function verification report, the vulnerability scanning report and the simulation attack report.
In a third aspect, an embodiment of the present invention provides an electronic device, including:
at least one processor, at least one memory, and a data bus; wherein: the processor and the memory complete mutual communication through the data bus; the memory stores program instructions executable by the processor, and the processor calls the program instructions to execute the method.
In a fourth aspect, an embodiment of the present invention provides a non-transitory computer-readable storage medium, which stores a computer program, where the computer program causes the computer to execute the method described above.
The embodiment of the invention at least has the following advantages or beneficial effects:
testing whether a functional module of the target software is effective by adopting a black box, and generating a functional verification report; the functional verification is to adopt a black box test method in software test to test modules related to the safety of target software, such as: the user management module, the authority management module, the encryption system, the authentication system and the like are tested, whether the modules are effective or not is mainly verified, and a black box testing method can be used as a specific method. A program for automatically detecting the security weakness of target software in a remote or local host by using a vulnerability scanner to generate a vulnerability scanning report; by using the vulnerability scanner, a system administrator can find the security vulnerability of the maintained software product, so that the software product is targeted and the vulnerability is repaired in time. Security vulnerability scanning can be used for daily security protection, can be used as a means for testing software products or can be used for discovering vulnerabilities and preventing the vulnerabilities before the vulnerabilities cause serious damage. Simulating attack target software to generate a simulated attack report; the security protection capability of the software or information system is verified by simulating an attack. And evaluating the safety of the target software according to the function verification report, the vulnerability scanning report and the simulation attack report. The detection efficiency and the accuracy are improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
FIG. 1 is a flowchart of an embodiment of a method for security testing of server-side software according to the present invention;
FIG. 2 is a block diagram of a security testing system for server software according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an electronic device according to the present invention.
Icon: 1. a function verification module; 2. a vulnerability scanning module; 3. an attack simulation module; 4. an evaluation module; 5. a processor; 6. a memory; 7. a data bus.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
In the embodiments provided in the present application, it should be understood that the disclosed system may be implemented in other ways. The system embodiments are merely illustrative, and for example, the block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems and computer program products according to various embodiments of the present application. In this regard, each block in the block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device, which may be a personal computer, a server, or a network device, to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In the description of the embodiments of the present invention, it should be further noted that unless otherwise explicitly stated or limited, the terms "disposed" and "connected" should be interpreted broadly, and may be, for example, fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations.
Examples
Referring to fig. 1, in a first aspect, an embodiment of the present invention provides a method for security testing of server-side software, where the method is applied to a security testing system of the server-side software, and the testing system is adapted to a C/S framework, and includes:
s1: testing whether a functional module of the target software is effective by adopting a black box, and generating a functional verification report;
in this step, whether the functional module of the target software is valid or not is judged, and the module related to the safety of the target software is tested by adopting a black box test method in the software test, such as: the user management module, the authority management module, the encryption system, the authentication system and the like are tested, whether the modules are effective or not is mainly verified, and a black box testing method can be used as a specific method.
S2: a program for automatically detecting the security weakness of target software in a remote or local host by using a vulnerability scanner to generate a vulnerability scanning report;
by using the vulnerability scanner, a system administrator can find the security vulnerability of the maintained software product, so that the software product is targeted and the vulnerability is repaired in time. Security vulnerability scanning can be used for daily security protection, can be used as a means for testing software products or can be used for discovering vulnerabilities and preventing the vulnerabilities before the vulnerabilities cause serious damage.
Specifically, the vulnerability scanner includes a host vulnerability scanner and a network vulnerability scanner, and the host vulnerability scanner is used for running a first program for detecting the security vulnerability of the target software on the local host; the network vulnerability scanner is used for remotely detecting a second program of the security vulnerability of the target software based on a network; the first program includes COPS, Tripedire, Tiger free software, and the second program includes Satan and ISS Internet Scanner.
S3: simulating attack target software to generate a simulated attack report;
the security protection capability of the software or information system is verified by simulating an attack.
Based on the first aspect, in some embodiments of the present invention, the software for simulating an attack target includes:
masquerading as a privileged entity attacking the target software.
Impersonation is the production of another similar fake entity based on the faking of a real entity. Impersonation is often used with some other form of active attack, particularly replay and tampering of messages. For example, authentication sequences are intercepted and reused after a valid authentication sequence has been used once, thereby being spurious. For example, the host computer loaded with the target software is identified, an available user account based on NetBIOS, Telnet, or NFS services is acquired, and a password is guessed to control the host computer loaded with the target software.
The simulation attack target software further comprises:
writing a malicious program to further open a security gap, then placing the malicious program at the tail end of the effective load of the buffer area, and when the buffer area overflows, returning a pointer to point to the malicious program, and executing a malicious instruction to obtain the control right of the system.
Since a large number of programmers in many service programs use a function similar to "strcpy (), strcat ()" without valid bit check, eventually a malicious user may write a small program to further open a security gap and then put the code at the end of the buffer payload, so that when a buffer overflow occurs, the return pointer points to malicious code, and a malicious instruction is executed, so that control of the system can be obtained.
Based on the first aspect, in some embodiments of the present invention, the software targeted for simulation attack further includes:
adding incorrect information when a DNS server exchanges information with other name servers leads to unauthorized consequences. It should be noted that "grant" means "grant right", and includes two layers: rights here refer to the right to perform some kind of activity (e.g. access to data); such authority is granted to an entity, agent or process. The authorization actions are then those activities that fulfill the granted right (not revoked).
Since the DNS server does not authenticate when exchanging information with other name servers, hackers may join incorrect information.
Based on the first aspect, in some embodiments of the present invention, the software targeted for simulation attack further includes:
packets that are malformed, claiming their own size to exceed the ICMP upper limit, result in a TCP/IP stack crash, causing the recipient to go down.
Since routers have limitations on the maximum size of a packet, many operating systems implement TCP/IP stacks with 64KB on ICMP packets and, after reading the packet's header, generate buffers for the payload based on the information contained in the header. When malformed packets are generated that claim to be sized above the ICMP upper limit, i.e. packets are loaded that are sized above the 64K upper limit, a memory allocation error occurs, causing the TCP/IP stack to crash, causing a down-to-date receiver.
S4: and evaluating the safety of the target software according to the function verification report, the vulnerability scanning report and the simulation attack report.
Comprehensively evaluating the security of target software according to a functional verification report, a vulnerability scanning report and a simulation attack report
Referring to fig. 2, a second aspect of the present invention provides a security testing system for server software, the testing system is suitable for a C/S framework, and during testing, a computer is connected to a server, and a web end is used to invoke security testing software in an electronic device for testing. The test system comprises: the function verification module 1 is used for testing whether the function module of the target software is effective or not by adopting a black box and generating a function verification report; the vulnerability scanning module 2 is used for automatically detecting a program of the security vulnerability of the target software in the remote or local host by using a vulnerability scanner and generating a vulnerability scanning report; the simulation attack module 3 is used for simulating attack target software and generating a simulation attack report; and the evaluation module 4 is used for evaluating the security of the target software according to the functional verification report, the vulnerability scanning report and the simulation attack report.
It should be noted that, the specific implementation of the system embodiment refers to the above method embodiment, and is not described herein too much.
Referring to fig. 3, in a third aspect, an embodiment of the invention provides an electronic device, including:
at least one processor 5, at least one memory 6 and a data bus 7; wherein: the processor 5 and the memory 6 complete communication with each other through the data bus 7; the memory 6 stores program instructions executable by the processor 5, and the processor 5 calls the program instructions to execute the method. For example, execution of S1: testing whether a functional module of the target software is effective by adopting a black box, and generating a functional verification report; s2: a program for automatically detecting the security weakness of target software in a remote or local host by using a vulnerability scanner to generate a vulnerability scanning report; s3: simulating attack target software to generate a simulated attack report; s4: and evaluating the safety of the target software according to the function verification report, the vulnerability scanning report and the simulation attack report. The electronic equipment can be a computer, the computer is provided with an operating system and can be provided with test software, the computer is connected with a server, and a web terminal is used for calling the safety test software in the electronic equipment for testing.
In a fourth aspect, an embodiment of the present invention provides a non-transitory computer-readable storage medium, which stores a computer program, where the computer program causes the computer to execute the method described above. For example, execution of S1: testing whether a functional module of the target software is effective by adopting a black box, and generating a functional verification report; s2: a program for automatically detecting the security weakness of target software in a remote or local host by using a vulnerability scanner to generate a vulnerability scanning report; s3: simulating attack target software to generate a simulated attack report; s4: and evaluating the safety of the target software according to the function verification report, the vulnerability scanning report and the simulation attack report.
In summary, embodiments of the present invention provide a method and a system for testing the security of server-side software, where a black box is used to test whether a functional module of a target software is valid, and a functional verification report is generated; the functional verification is to adopt a black box test method in software test to test modules related to the safety of target software, such as: the user management module, the authority management module, the encryption system, the authentication system and the like are tested, whether the modules are effective or not is mainly verified, and a black box testing method can be used as a specific method. A program for automatically detecting the security weakness of target software in a remote or local host by using a vulnerability scanner to generate a vulnerability scanning report; by using the vulnerability scanner, a system administrator can find the security vulnerability of the maintained software product, so that the software product is targeted and the vulnerability is repaired in time. Security vulnerability scanning can be used for daily security protection, can be used as a means for testing software products or can be used for discovering vulnerabilities and preventing the vulnerabilities before the vulnerabilities cause serious damage. Simulating attack target software to generate a simulated attack report; the security protection capability of the software or information system is verified by simulating an attack. And evaluating the safety of the target software according to the function verification report, the vulnerability scanning report and the simulation attack report. The detection efficiency and the accuracy are improved.
The above is only a preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes will occur to those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
It will be evident to those skilled in the art that the present application is not limited to the details of the foregoing illustrative embodiments, and that the present application may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the application being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Claims (10)
1. A safety test method for server-side software is characterized by comprising the following steps:
testing whether a functional module of the target software is effective by adopting a black box, and generating a functional verification report;
a program for automatically detecting the security weakness of target software in a remote or local host by using a vulnerability scanner to generate a vulnerability scanning report;
simulating attack target software to generate a simulated attack report;
and evaluating the safety of the target software according to the function verification report, the vulnerability scanning report and the simulation attack report.
2. The method for security testing of server-side software according to claim 1, wherein the simulating attack target software comprises:
masquerading as a privileged entity attacking the target software.
3. The method for security testing of server-side software according to claim 2, wherein the method for impersonating a privileged entity to attack the target software comprises one or more of the following methods:
intercepting an identification sequence, and using the target software again after an effective identification sequence is used once;
identifying a host carrying target software, acquiring an available user account based on NetBIOS, Telnet or NFS service, and guessing a password to control the host carrying the target software;
writing a malicious program to further open a security gap, then placing the malicious program at the tail end of the effective load of the buffer area, and when the buffer area overflows, returning a pointer to point to the malicious program, and executing a malicious instruction to obtain the control right of the system.
4. The method for security testing of server-side software according to claim 1, wherein the simulating attack target software further comprises:
adding incorrect information when a DNS server exchanges information with other name servers leads to unauthorized consequences.
5. The method for security testing of server-side software according to claim 1, wherein the simulating attack target software further comprises:
packets that are malformed, claiming their own size to exceed the ICMP upper limit, result in a TCP/IP stack crash, causing the recipient to go down.
6. The method for security testing of server-side software according to claim 1, wherein the functional module comprises:
the system comprises one or more of a user management module, a right management module, an encryption module and an authentication module.
7. The security testing method of server-side software according to claim 1,
the vulnerability scanner comprises a host vulnerability scanner and a network vulnerability scanner, and the host vulnerability scanner is used for running a first program for detecting the security vulnerability of the target software on the local host; the network vulnerability scanner is used for remotely detecting a second program of the security vulnerability of the target software based on the network.
8. A safety test system for server-side software is characterized by comprising:
the function verification module is used for adopting a black box to test whether the function module of the target software is effective or not and generating a function verification report;
the vulnerability scanning module is used for automatically detecting a program of the security vulnerability of the target software in the remote or local host by using a vulnerability scanner and generating a vulnerability scanning report;
the simulation attack module is used for simulating attack target software and generating a simulation attack report;
and the evaluation module is used for evaluating the safety of the target software according to the function verification report, the vulnerability scanning report and the simulation attack report.
9. An electronic device, comprising:
at least one processor, at least one memory, and a data bus; wherein:
the processor and the memory complete mutual communication through the data bus; the memory stores program instructions executable by the processor, the processor calling the program instructions to perform the method of any of claims 1 to 7.
10. A non-transitory computer-readable storage medium storing a computer program that causes a computer to perform the method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110933582.9A CN113468075A (en) | 2021-08-14 | 2021-08-14 | Security testing method and system for server-side software |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110933582.9A CN113468075A (en) | 2021-08-14 | 2021-08-14 | Security testing method and system for server-side software |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113468075A true CN113468075A (en) | 2021-10-01 |
Family
ID=77866646
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110933582.9A Pending CN113468075A (en) | 2021-08-14 | 2021-08-14 | Security testing method and system for server-side software |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113468075A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115208695A (en) * | 2022-09-13 | 2022-10-18 | 平安银行股份有限公司 | Black box safety scanning method, device and system and electronic equipment |
| CN117240609A (en) * | 2023-11-10 | 2023-12-15 | 深圳海云安网络安全技术有限公司 | Network security monitoring method and system based on vulnerability dynamic verification |
| CN117407872A (en) * | 2023-12-13 | 2024-01-16 | 深圳市科力锐科技有限公司 | Security protection detection method, device, equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101154258A (en) * | 2007-08-14 | 2008-04-02 | 电子科技大学 | Automatic analyzing system and method for dynamic action of malicious program |
| CN101959193A (en) * | 2010-09-26 | 2011-01-26 | 宇龙计算机通信科技(深圳)有限公司 | Information safety detection method and a mobile terminal |
| CN102930210A (en) * | 2012-10-14 | 2013-02-13 | 江苏金陵科技集团公司 | System and method for automatically analyzing, detecting and classifying malicious program behavior |
| CN105554022A (en) * | 2016-01-12 | 2016-05-04 | 烟台南山学院 | Automatic testing method of software |
| CN105787373A (en) * | 2016-05-17 | 2016-07-20 | 武汉大学 | Android terminal data leak-proof method in mobile office system |
| CN111625296A (en) * | 2020-05-27 | 2020-09-04 | 重庆夏软科技有限公司 | Method for protecting program by constructing code copy |
-
2021
- 2021-08-14 CN CN202110933582.9A patent/CN113468075A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101154258A (en) * | 2007-08-14 | 2008-04-02 | 电子科技大学 | Automatic analyzing system and method for dynamic action of malicious program |
| CN101959193A (en) * | 2010-09-26 | 2011-01-26 | 宇龙计算机通信科技(深圳)有限公司 | Information safety detection method and a mobile terminal |
| CN102930210A (en) * | 2012-10-14 | 2013-02-13 | 江苏金陵科技集团公司 | System and method for automatically analyzing, detecting and classifying malicious program behavior |
| CN105554022A (en) * | 2016-01-12 | 2016-05-04 | 烟台南山学院 | Automatic testing method of software |
| CN105787373A (en) * | 2016-05-17 | 2016-07-20 | 武汉大学 | Android terminal data leak-proof method in mobile office system |
| CN111625296A (en) * | 2020-05-27 | 2020-09-04 | 重庆夏软科技有限公司 | Method for protecting program by constructing code copy |
Non-Patent Citations (2)
| Title |
|---|
| 刘新生: "《软件测试理论》", 31 August 2010 * |
| 相马软件: "《网络安全—黑客攻防》", 30 March 2001 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115208695A (en) * | 2022-09-13 | 2022-10-18 | 平安银行股份有限公司 | Black box safety scanning method, device and system and electronic equipment |
| CN117240609A (en) * | 2023-11-10 | 2023-12-15 | 深圳海云安网络安全技术有限公司 | Network security monitoring method and system based on vulnerability dynamic verification |
| CN117240609B (en) * | 2023-11-10 | 2024-01-26 | 深圳海云安网络安全技术有限公司 | Network security monitoring method and system based on vulnerability dynamic verification |
| CN117407872A (en) * | 2023-12-13 | 2024-01-16 | 深圳市科力锐科技有限公司 | Security protection detection method, device, equipment and storage medium |
| CN117407872B (en) * | 2023-12-13 | 2024-04-09 | 深圳市科力锐科技有限公司 | Security protection detection method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10873594B2 (en) | Test system and method for identifying security vulnerabilities of a device under test | |
| US10230750B2 (en) | Secure computing environment | |
| Acer et al. | Where the wild warnings are: Root causes of Chrome HTTPS certificate errors | |
| CN113468075A (en) | Security testing method and system for server-side software | |
| Vetterl et al. | Bitter harvest: Systematically fingerprinting low-and medium-interaction honeypots at internet scale | |
| US20140181972A1 (en) | Preventive intrusion device and method for mobile devices | |
| US20040030931A1 (en) | System and method for providing enhanced network security | |
| CN114598540A (en) | Access control system, method, device and storage medium | |
| Vats et al. | A comprehensive literature review of penetration testing & its applications | |
| Holík et al. | Vulnerabilities of modern web applications | |
| Weerathunga et al. | The importance of testing Smart Grid IEDs against security vulnerabilities | |
| Zhou et al. | Verify results of network intrusion alerts using lightweight protocol analysis | |
| Ravindran et al. | A Review on Web Application Vulnerability Assessment and Penetration Testing. | |
| US20150163238A1 (en) | Systems and methods for testing and managing defensive network devices | |
| Pothamsetty et al. | A vulnerability taxonomy for network protocols: Corresponding engineering best practice countermeasures. | |
| KR100772177B1 (en) | Method and apparatus for generating intrusion detection event to test security function | |
| US11108800B1 (en) | Penetration test monitoring server and system | |
| CN109255243B (en) | Method, system, device and storage medium for repairing potential threats in terminal | |
| Nilsson et al. | Vulnerability scanners | |
| CN111800427A (en) | Internet of things equipment evaluation method, device and system | |
| Gandikota et al. | Web Application Security through Comprehensive Vulnerability Assessment | |
| Choi et al. | Cookies and Sessions: A Study of what they are, how they can be Stolen and a Discussion on Security | |
| Deepa | Vulnerability Assessment in Contemporary Computing | |
| Kamil | Methodology of Security testing of IKID website and Security Vulnerabilities | |
| Silver | Mitigating real-time relay phishing attacks against mobile push notification based two-factor authentication systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20220705 Address after: 200000 No. 381, Cangwu Road, Xuhui District, Shanghai Applicant after: SHANGHAI INSTITUTE OF QUALITY INSPECTION AND TECHNICAL RESEARCH Address before: Room 502, No. 123, Lane 1321, Yixian Road, Baoshan District, Shanghai 200001 Applicant before: Kang Jianping |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20211001 |