CN114650168A - Application program security testing method - Google Patents

Application program security testing method Download PDF

Info

Publication number
CN114650168A
CN114650168A CN202210133634.9A CN202210133634A CN114650168A CN 114650168 A CN114650168 A CN 114650168A CN 202210133634 A CN202210133634 A CN 202210133634A CN 114650168 A CN114650168 A CN 114650168A
Authority
CN
China
Prior art keywords
application program
network data
wireshark
tool
tested
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210133634.9A
Other languages
Chinese (zh)
Inventor
庄陈阳
刘纯
郭电
魏莉坤
唐晓东
陈妮
李杨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Kirin Software Co Ltd
Original Assignee
Kirin Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kirin Software Co Ltd filed Critical Kirin Software Co Ltd
Priority to CN202210133634.9A priority Critical patent/CN114650168A/en
Publication of CN114650168A publication Critical patent/CN114650168A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Abstract

The invention relates to the technical field of computer science, in particular to an application program security testing method which is characterized by comprising the following steps: s1, loading an operating system in the computer; s2, configuring a packet grabbing tool in the operating system; s3, traversing all network data exchange functions of the application program to be tested in the operating system; s4, capturing corresponding network data packets for realizing all network data exchange functions by using the packet capturing tool; s5, judging whether the application program is safe or not based on the network data packet. The method can be used for carrying out application security test on the domestic operating system.

Description

Application program security testing method
Technical Field
The invention relates to the technical field of computer science, in particular to a method for testing the safety of an application program.
Background
With the independent controllable requirement of the country, the chain of the information and creation industry is gradually perfected, and the important fields are gradually popularized and popularized. Through years of development, under the introduction of upper-layer policies and the large-scale research and development investment of enterprises and organizations, the Chinese information industry gradually realizes the conversion from 'available' to 'good-use', a substitute industry chain from an upstream chip to a downstream application is basically established, and a key link domestic operation system realizes better breakthrough. In order to ensure the reliable operation of products, the application adaptation test of a domestic operating system is an essential link, and the application security test is an important component in a test system.
Therefore, it is necessary to provide a method for testing the security of an application program, which solves the problem of missing of the security test in the homemade operating system.
Disclosure of Invention
Solves the technical problem
Aiming at the defects in the prior art, the invention provides an application program security testing method, which is used for realizing the application security testing of a domestic operating system.
Technical scheme
In order to achieve the purpose, the invention is realized by the following technical scheme:
the invention provides an application program safety testing method, which comprises the following steps:
s1, loading an operating system in the computer;
s2, configuring a packet grabbing tool in the operating system;
s3, traversing all network data exchange functions of the application program to be tested in the operating system;
s4, capturing corresponding network data packets for realizing all network data exchange functions by using the packet capturing tool;
s5, judging whether the application program to be tested is safe or not based on the network data packet.
Further, step S5 specifically includes: and if the http protocol exists in the network data packet and/or the transmission parameters in the network data packet are displayed in clear text, the application program to be tested is unsafe, otherwise, the application program to be tested is safe.
Further, the bale plucking tool is a Wireshark tool.
Further, step S2 specifically includes:
installing a Wireshark tool in the operating system;
adding a Wireshark user group in the Wireshark tool, modifying a dumpcap command in the Wireshark tool into the Wireshark user group, enabling the Dumpcap command to be contained in the Wireshark user group, and enabling the Wireshark user group to use the Dumpcap command based on root authority through a chmod command to grab the network data packet;
and adding a user name to be used into the Wireshark user group, wherein the user name corresponds to the root authority, so that when a user logs in through the user name, the Wireshark user group obtains the root authority, and captures the network data packet by using the dumpcap command.
Furthermore, the packet capturing tool captures the network data packet through the transmission interface of the application program to be detected.
Further, the packet capturing tool captures the network data packet through the transmission interface of the application program to be tested, and specifically includes:
monitoring the actions of all transmission interfaces of the computer by using the packet capturing tool;
and when the packet capturing tool monitors the action of the transmission interface of the application program to be detected, the packet capturing tool stops monitoring and captures the network data packet through the transmission interface of the application program to be detected.
Further, the method further includes performing security testing on the transmission interface of the application program to be tested, and specifically includes:
modifying transmission parameters of the network data packet;
and transmitting the modified network data packet to a transmission interface of the application program to be tested, wherein if the transmission interface carries out precautionary measures, the transmission interface is safe, otherwise, the transmission interface is unsafe.
Based on the same inventive concept, the present invention also provides an electronic device comprising a processor and a memory, wherein the memory stores a computer program, and the computer program realizes the method of any one of the above items when being executed by the processor.
Based on the same inventive idea, a readable storage medium having stored therein a computer program which, when executed by a processor, implements the method of any of the above.
Advantageous effects
Compared with the known public technology, the technical scheme provided by the invention has the following beneficial effects: the method for testing the application program safety can be applied to a domestic operating system, fills the gap of application level safety testing in the domestic operating system, promotes the attention to the application level safety testing, and expands the operating system testing technology of the application safety.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the invention, and that for a person skilled in the art, other drawings can be derived from them without inventive effort.
FIG. 1 is a schematic diagram illustrating steps of a method for testing security of an application according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating a method for testing security of an application according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention. It is to be understood that the embodiments described are only a few embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, an embodiment of the present invention provides an application security testing method, including the following steps:
s1, loading an operating system in the computer;
s2, configuring a packet grabbing tool in the operating system;
s3, traversing all network data exchange functions of the application program to be tested in the operating system;
s4, capturing corresponding network data packets for realizing all network data exchange functions by using the packet capturing tool;
and S5, judging whether the application program to be tested is safe or not based on the network data packet.
In this embodiment, whether the application program to be tested is safe is mainly determined by the following method: and if the http protocol exists in the network data packet and/or the transmission parameters in the network data packet are displayed in clear text, the application program to be tested is unsafe, otherwise, the application program to be tested is safe. Specifically, the http protocol is an unsafe network transmission protocol for the application program to be tested, and if the transmission parameters in the network data packet are shown in clear text, the application program to be tested is considered to have no parameter encryption during transmission, so that network safety hidden danger exists. Of course, it should be understood by those skilled in the art of the present invention that the network data packet is analyzed to further obtain the judgment on whether the application program to be tested is safe, and such analysis manners are not limited to the above two, and only need to perform security analysis on network transmission.
In this embodiment, the packet capturing tool is a general Wireshark tool, where the Wireshark tool (referred to as ethernet before) is a network packet analysis software, the function of the network packet analysis software is to intercept a network packet and display the most detailed network packet data as far as possible, and the Wireshark tool uses WinPCAP as an interface to directly perform data packet exchange with a network card.
In this embodiment, on the premise of using the Wireshark tool, step S2 specifically includes:
1) installing a Wireshark tool in the operating system;
2) adding a Wireshark user group in the Wireshark tool, modifying a dumpcap command in the Wireshark tool into the Wireshark user group, enabling the Dumpcap command to be contained in the Wireshark user group, and enabling the Wireshark user group to use the Dumpcap command based on root authority through a chmod command to grab the network data packet;
3) and adding a user name to be used into the Wireshark user group, wherein the user name corresponds to the root authority, so that when a user logs in through the user name, the Wireshark user group obtains the root authority, and captures the network data packet by using the dumpcap command.
Specifically, the configuration process of the Wireshark tool includes an authorization process for the Wireshark tool, because when the Wireshark tool is started to perform configuration, it is necessary to pay attention to whether the operating system is the specificity of the Linux system, and therefore the Wireshark tool needs to be authorized accordingly, otherwise it cannot be used normally. In addition, when an application program with network data transmission is used, a Wireshark tool is required to capture some network data packets in the using process, and the Wireshark tool needs to have corresponding authority in the process, so root authority needs to be added to the Wireshark, but the root is inconvenient if the application program to be tested is operated directly, and the authorization process becomes particularly important.
In this embodiment, the packet capturing tool captures the network data packet through the transmission interface of the application program to be tested. The method specifically comprises the following steps:
1) monitoring the actions of all transmission interfaces of the computer by using the packet capturing tool;
2) and when the packet capturing tool monitors the action of the transmission interface of the application program to be detected, the packet capturing tool stops monitoring and captures the network data packet through the transmission interface of the application program to be detected.
In addition, for the transmission interface of the application program to be tested, the security test of the transmission interface of the application program to be tested should also be included, which specifically includes:
1) modifying transmission parameters of the network data packet;
2) and transmitting the modified network data packet to a transmission interface of the application program to be tested, wherein if the transmission interface carries out precautionary measures, the transmission interface is safe, otherwise, the transmission interface is unsafe.
In specific implementation, referring to fig. 2, the method includes:
step 101, inputting a command on the operating system to open the application program to be tested, or directly running the application program to be tested on a graphical interface, so that the application program to be tested normally runs, and particularly, the normal network connection is kept, and when the application program to be tested is selected, an application related to a network transmission function is selected as the application program to be tested.
102, traversing the functions of the application program to be tested related to network transmission, and verifying the application security based on the packet capturing tool to analyze whether messages and documents in the process of exchanging application use protocols and network data can be captured or randomly changed in the midway; when the packet capturing tool is operated, the network data exchange function of the application is traversed;
and 103, selecting a capture interface by using a packet capture tool, monitoring various interfaces such as wired, wireless, Bluetooth and external equipment, selecting the interface type to be captured in a checking mode, starting to acquire a packet by using the packet capture tool, stopping acquiring the partition and storing the partition as a local file when the transmission interface of the application to be detected appears.
Step 104, opening the local network data packet obtained in step 103, screening data files according to an application port to be tested, obtaining a network data packet of the application to be tested, obtaining a corresponding function network data packet according to the operation time of an application module to be tested, analyzing the obtained network data packet, and judging whether an unsafe network transmission protocol http exists or not, wherein potential safety hazards exist in the interface; checking whether the transmission parameters in the network data packet are displayed in a plaintext or not, if the transmission parameters are displayed in the plaintext, the interface does not carry out parameter encryption, and the potential safety hazard of the network exists; changing the parameters of the network data packet, repeating the step 103 to perform sql injection to check whether the network interface has a precautionary measure, and if not, having the network safety hidden danger, realizing the safety test of the transmission interface.
Based on the same inventive concept, the invention further provides an electronic device, which includes a processor and a memory, where the memory stores a computer program, and the computer program, when executed by the processor, implements the application program security testing method.
The processor may be, in some embodiments, a Central Processing Unit (CPU), a controller, a microcontroller, a microprocessor (e.g., a GPU), or other data Processing chip. The processor is typically used to control the overall operation of the electronic device. In this embodiment, the processor is configured to execute the program code stored in the memory or process data, for example, execute the program code of the application security testing method.
The memory includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Read Only Memory (ROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a Programmable Read Only Memory (PROM), a magnetic memory, a magnetic disk, an optical disk, etc. In some embodiments, the storage may be an internal storage unit of the electronic device, such as a hard disk or a memory of the electronic device. In other embodiments, the memory may also be an external storage device of the electronic device, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a flash memory Card (FlashCard), and the like provided on the electronic device. Of course, the memory may also include both internal and external memory units of the electronic device. In this embodiment, the memory is generally used for storing an operating method installed in the electronic device and various types of application software, such as a program code of the application security testing method. In addition, the memory may also be used to temporarily store various types of data that have been output or are to be output.
Based on the same idea, the invention further provides a readable storage medium, in which a computer program is stored, and when the computer program is executed by a processor, the computer program implements the application security testing method.
In summary, the method for testing the application program security provided by the invention can be applied to a domestic operating system, fills the gap of application level security testing in the domestic operating system, promotes the attention on the application level security testing, and expands the operating system testing technology of the application security.
The above examples are only intended to illustrate the technical solution of the present invention, and not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and the modifications or the substitutions do not depart from the essence of the corresponding technical solutions from the scope of the technical solutions of the embodiments of the present invention.

Claims (9)

1. The application program safety testing method is characterized by comprising the following steps:
s1, loading an operating system in the computer;
s2, configuring a packet grabbing tool in the operating system;
s3, traversing all network data exchange functions of the application program to be tested in the operating system;
s4, capturing corresponding network data packets for realizing all network data exchange functions by using the packet capturing tool;
and S5, judging whether the application program to be tested is safe or not based on the network data packet.
2. The method for testing the security of the application program according to claim 1, wherein the step S5 specifically includes: and if the http protocol exists in the network data packet and/or the transmission parameters in the network data packet are displayed in clear text, the application program to be tested is unsafe, otherwise, the application program to be tested is safe.
3. The method for testing the security of the application program according to claim 1, wherein the bale plucker is a Wireshark tool.
4. The method for testing the safety of the application program according to claim 3, wherein the step S2 specifically comprises:
installing a Wireshark tool in the operating system;
adding a Wireshark user group in the Wireshark tool, modifying a dumpcap command in the Wireshark tool into the Wireshark user group, enabling the dumpcap command to be contained in the Wireshark user group, and enabling the Wireshark user group to use the dumpcap command based on root authority through a chmod command to grab the network data packet;
and adding a user name to be used into the Wireshark user group, wherein the user name corresponds to the root authority, so that when a user logs in through the user name, the Wireshark user group obtains the root authority, and captures the network data packet by using the dumpcap command.
5. The method as claimed in claim 1, wherein the packet capturing tool captures the network data packet through a transmission interface of the application to be tested.
6. The method for testing the security of the application program according to claim 5, wherein the packet capturing tool captures the network data packet through a transmission interface of the application program to be tested, specifically comprising:
monitoring the actions of all transmission interfaces of the computer by using the packet capturing tool;
and when the packet capturing tool monitors the action of the transmission interface of the application program to be detected, the packet capturing tool stops monitoring and captures the network data packet through the transmission interface of the application program to be detected.
7. The method for testing the security of the application program according to claim 6, further comprising performing a security test on a transmission interface of the application program to be tested, specifically comprising:
modifying transmission parameters of the network data packet;
and transmitting the modified network data packet to a transmission interface of the application program to be tested, wherein if the transmission interface carries out precautionary measures, the transmission interface is safe, otherwise, the transmission interface is unsafe.
8. An electronic device comprising a processor and a memory, the memory having stored thereon a computer program which, when executed by the processor, implements the method of any of claims 1 to 7.
9. A readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the method of any one of claims 1 to 7.
CN202210133634.9A 2022-02-14 2022-02-14 Application program security testing method Pending CN114650168A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210133634.9A CN114650168A (en) 2022-02-14 2022-02-14 Application program security testing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210133634.9A CN114650168A (en) 2022-02-14 2022-02-14 Application program security testing method

Publications (1)

Publication Number Publication Date
CN114650168A true CN114650168A (en) 2022-06-21

Family

ID=81992663

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210133634.9A Pending CN114650168A (en) 2022-02-14 2022-02-14 Application program security testing method

Country Status (1)

Country Link
CN (1) CN114650168A (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108363662A (en) * 2018-01-29 2018-08-03 深圳壹账通智能科技有限公司 A kind of applied program testing method, storage medium and terminal device
CN109344071A (en) * 2018-10-11 2019-02-15 四川长虹电器股份有限公司 The method for automatically generating LoadRunner performance test script
US20190258805A1 (en) * 2016-11-04 2019-08-22 Singapore University Of Technology And Design Computer-implemented method and data processing system for testing device security
CN110336714A (en) * 2019-07-05 2019-10-15 中邮建技术有限公司 A kind of test method of mobile phone app access network signaling mechanisms
CN110851838A (en) * 2019-11-11 2020-02-28 广东电网有限责任公司 Cloud testing system and security testing method based on Internet
CN110875858A (en) * 2018-08-31 2020-03-10 北京京东尚科信息技术有限公司 Application test data capturing method, system, equipment and storage medium
CN110888795A (en) * 2018-09-11 2020-03-17 中数通信息有限公司 Method for acquiring APP security evaluation data
CN112783777A (en) * 2021-01-27 2021-05-11 济南大学 Method and system for collecting real-time information and network traffic in android environment
CN113656251A (en) * 2021-08-20 2021-11-16 中金金融认证中心有限公司 Method for monitoring application program behavior and related product

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190258805A1 (en) * 2016-11-04 2019-08-22 Singapore University Of Technology And Design Computer-implemented method and data processing system for testing device security
CN108363662A (en) * 2018-01-29 2018-08-03 深圳壹账通智能科技有限公司 A kind of applied program testing method, storage medium and terminal device
CN110875858A (en) * 2018-08-31 2020-03-10 北京京东尚科信息技术有限公司 Application test data capturing method, system, equipment and storage medium
CN110888795A (en) * 2018-09-11 2020-03-17 中数通信息有限公司 Method for acquiring APP security evaluation data
CN109344071A (en) * 2018-10-11 2019-02-15 四川长虹电器股份有限公司 The method for automatically generating LoadRunner performance test script
CN110336714A (en) * 2019-07-05 2019-10-15 中邮建技术有限公司 A kind of test method of mobile phone app access network signaling mechanisms
CN110851838A (en) * 2019-11-11 2020-02-28 广东电网有限责任公司 Cloud testing system and security testing method based on Internet
CN112783777A (en) * 2021-01-27 2021-05-11 济南大学 Method and system for collecting real-time information and network traffic in android environment
CN113656251A (en) * 2021-08-20 2021-11-16 中金金融认证中心有限公司 Method for monitoring application program behavior and related product

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
于艳编著: "《软件测试策略、设计及其自动化实战》", 西安电子科技大学出版社 *
孤独剑客ZZY: "[转]Ubuntu使用Wireshark找不到interface的解决方法", pages 139 - 17, Retrieved from the Internet <URL:https://www.cnblogs.com/jackyzzy/p/4374272.html> *

Similar Documents

Publication Publication Date Title
Gao et al. On gray-box program tracking for anomaly detection
US20120311562A1 (en) Extendable event processing
EP2479698A1 (en) Systems and methods for detecting fraud associated with systems application processing
CN109460343A (en) System exception monitoring method, device, equipment and storage medium based on log
CN110245004A (en) Command executing method, device, equipment and computer readable storage medium
CN112651029B (en) System and method for detecting application system loopholes, storage medium and electronic equipment
CN110708278B (en) Method, system, device and readable storage medium for detecting HTTP response header
CN109446053A (en) Test method, computer readable storage medium and the terminal of application program
CN114050937B (en) Mailbox service unavailability processing method and device, electronic equipment and storage medium
Morais et al. Security protocol testing using attack trees
CN114650168A (en) Application program security testing method
CN112115060A (en) Audio test method and system based on terminal
CN111241547A (en) Detection method, device and system for unauthorized vulnerability
CN112291138A (en) Mail data auditing method and device, electronic equipment and storage medium
CN113162947A (en) System and method for testing sensor network password security protocol
CN113449034A (en) Intelligent contract data security management method, system and storage medium based on block chain network
CN113360568A (en) Method and system for shielding alliance link data and computer readable storage medium
CN107526961B (en) Method and device for changing network parameters and user passwords of server
US9154513B2 (en) Communication information analysis system
CN115398431A (en) User information violation acquisition detection method and related equipment
CN111130926B (en) State monitoring method, system and device suitable for encryption machine and storage medium
CN106951777B (en) The estimating method of user interface when Android application operation
CN114553490B (en) Industrial passive fuzzy test method, system and readable storage medium
CN114884699B (en) Vulnerability detection method, device, equipment and storage medium
CN114745216B (en) Dynamic access method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination