WO2019144548A1 - Security test method, apparatus, computer device and storage medium - Google Patents

Security test method, apparatus, computer device and storage medium Download PDF

Info

Publication number
WO2019144548A1
WO2019144548A1 PCT/CN2018/088856 CN2018088856W WO2019144548A1 WO 2019144548 A1 WO2019144548 A1 WO 2019144548A1 CN 2018088856 W CN2018088856 W CN 2018088856W WO 2019144548 A1 WO2019144548 A1 WO 2019144548A1
Authority
WO
WIPO (PCT)
Prior art keywords
code
current
current code
parameter
network access
Prior art date
Application number
PCT/CN2018/088856
Other languages
French (fr)
Chinese (zh)
Inventor
林嘉思
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2019144548A1 publication Critical patent/WO2019144548A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Abstract

A security test method, comprising: receiving a current network access request, the current network access request carrying a uniform resource locator and access parameters; acquiring, according to the uniform resource locator, a current code corresponding to the current network access request; inserting a probe function in the current code; in the process of executing the current code according to the access parameters, recording an execution sequence of code statements in the current code by means of the probe function, so as to obtain an execution path of the current code; detecting whether the execution path of the current code is consistent with a predetermined path; and if the execution path is inconsistent with the predetermined path, determining that security vulnerabilities exist in the current code.

Description

安全测试方法、装置、计算机设备和存储介质Safety test method, device, computer device and storage medium
相关申请的交叉引用Cross-reference to related applications
本申请要求于2018年1月26日提交中国专利局,申请号为2018100791896,申请名称为“安全测试方法、装置、计算机设备和存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims priority to Chinese Patent Application No. 2018100791896, filed on Jan. 26, 2018, the entire disclosure of which is incorporated herein by reference. In this application.
技术领域Technical field
本申请涉及一种安全测试方法、装置、计算机设备和存储介质。The application relates to a security test method, apparatus, computer device and storage medium.
背景技术Background technique
随着互联网技术的发展以及网络信息的增长,越来越多的企业或者个人通过互联网提供信息服务。然而,在提供信息服务时,应用软件或操作系统设计时的缺陷或编码时产生的错误,或者在业务交互处理过程中的设计缺陷或逻辑流程上的不合理之处都会形成漏洞。为了避免漏洞被有意或无意地利用,从而造成损失,需要对进行漏洞检测。然而,发明人意识到,目前在检测漏洞时,通常需要了解代码的内部结构后再对代码进行安全测试,然而代码的数据量大,了解代码结构需要花费大量的时间,导致进行安全检测的效率低。With the development of Internet technology and the growth of network information, more and more enterprises or individuals provide information services through the Internet. However, when providing information services, bugs in the design of the application software or the operating system or errors in encoding, or design flaws in the business interaction process or irrationalities in the logic flow can create loopholes. In order to avoid the vulnerability being exploited intentionally or unintentionally, resulting in a loss, a vulnerability detection is required. However, the inventor realized that when detecting a vulnerability, it is usually necessary to understand the internal structure of the code and then perform security testing on the code. However, the amount of data in the code is large, and it takes a lot of time to understand the code structure, resulting in the efficiency of security detection. low.
发明内容Summary of the invention
根据本申请公开的各种实施例,提供一种安全测试方法、装置、计算机设备和存储介质。In accordance with various embodiments disclosed herein, a security testing method, apparatus, computer device, and storage medium are provided.
一种安全测试方法包括:A safety test method includes:
接收当前网络访问请求,所述当前网络访问请求携带有统一资源定位符以及访问参数;Receiving a current network access request, where the current network access request carries a uniform resource locator and an access parameter;
根据所述统一资源定位符获取所述当前网络访问请求对应的当前代码;在所述当前代码中插入探针函数;Obtaining, according to the uniform resource locator, a current code corresponding to the current network access request; inserting a probe function in the current code;
在根据所述访问参数执行所述当前代码的过程中,通过所述探针函数记录所述当前代码中代码语句的执行顺序,得到所述当前代码的执行路径;In the process of executing the current code according to the access parameter, the execution order of the code statement in the current code is recorded by the probe function, and an execution path of the current code is obtained;
检测所述当前代码的执行路径与预设路径是否一致;及Detecting whether the execution path of the current code is consistent with the preset path; and
当所述执行路径与预设路径不一致,确定所述当前代码存在安全漏洞。When the execution path is inconsistent with the preset path, it is determined that the current code has a security vulnerability.
一种安全测试装置包括:A safety test device includes:
请求接收模块,用于接收当前网络访问请求,所述当前网络访问请求携带有统一资源定位符以及访问参数;a request receiving module, configured to receive a current network access request, where the current network access request carries a uniform resource locator and an access parameter;
代码获取模块,用于根据所述统一资源定位符获取所述当前网络访问请求对应的当前代码;a code obtaining module, configured to acquire, according to the uniform resource locator, a current code corresponding to the current network access request;
探针插入模块,用于在所述当前代码中插入探针函数;a probe insertion module for inserting a probe function in the current code;
执行路径得到模块,用于在根据所述访问参数执行所述当前代码的过程中,通过所述探针函数记录所述当前代码中代码语句的执行顺序,得到所述当前代码的执行路径;An execution path obtaining module, configured to record, in the process of executing the current code according to the access parameter, an execution sequence of the code statement in the current code by using the probe function, to obtain an execution path of the current code;
检测模块,用于检测所述当前代码的执行路径与预设路径是否一致;及a detecting module, configured to detect whether an execution path of the current code is consistent with a preset path; and
漏洞确定模块,用于当所述执行路径与预设路径不一致,确定所述当前代码存在安全漏洞。The vulnerability determining module is configured to determine that the current code has a security vulnerability when the execution path is inconsistent with the preset path.
一种计算机设备,包括存储器和一个或多个处理器,所述存储器中存储有计算机可读指令,所述计算机可读指令被所述一个或多个处理器执行时,使得所述一个或多个处理器执行以下步骤:A computer device comprising a memory and one or more processors having stored therein computer readable instructions, the computer readable instructions being executed by the one or more processors such that the one or more The processors perform the following steps:
接收当前网络访问请求,所述当前网络访问请求携带有统一资源定位符以及访问参数;Receiving a current network access request, where the current network access request carries a uniform resource locator and an access parameter;
根据所述统一资源定位符获取所述当前网络访问请求对应的当前代码;在所述当前代码中插入探针函数;Obtaining, according to the uniform resource locator, a current code corresponding to the current network access request; inserting a probe function in the current code;
在根据所述访问参数执行所述当前代码的过程中,通过所述探针函数记录所述当前代码中代码语句的执行顺序,得到所述当前代码的执行路径;In the process of executing the current code according to the access parameter, the execution order of the code statement in the current code is recorded by the probe function, and an execution path of the current code is obtained;
检测所述当前代码的执行路径与预设路径是否一致;及Detecting whether the execution path of the current code is consistent with the preset path; and
当所述执行路径与预设路径不一致,确定所述当前代码存在安全漏洞。When the execution path is inconsistent with the preset path, it is determined that the current code has a security vulnerability.
一个或多个存储有计算机可读指令的非易失性计算机可读存储介质,所述计算机可读指令被一个或多个处理器执行时,使得所述一个或多个处理器执行以下步骤:One or more non-transitory computer readable storage mediums storing computer readable instructions, when executed by one or more processors, cause the one or more processors to perform the following steps:
接收当前网络访问请求,所述当前网络访问请求携带有统一资源定位符以及访问参数;Receiving a current network access request, where the current network access request carries a uniform resource locator and an access parameter;
根据所述统一资源定位符获取所述当前网络访问请求对应的当前代码;在所述当前代码中插入探针函数;Obtaining, according to the uniform resource locator, a current code corresponding to the current network access request; inserting a probe function in the current code;
在根据所述访问参数执行所述当前代码的过程中,通过所述探针函数记录所述当前代码中代码语句的执行顺序,得到所述当前代码的执行路径;In the process of executing the current code according to the access parameter, the execution order of the code statement in the current code is recorded by the probe function, and an execution path of the current code is obtained;
检测所述当前代码的执行路径与预设路径是否一致;及Detecting whether the execution path of the current code is consistent with the preset path; and
当所述执行路径与预设路径不一致,确定所述当前代码存在安全漏洞。When the execution path is inconsistent with the preset path, it is determined that the current code has a security vulnerability.
本申请的一个或多个实施例的细节在下面的附图和描述中提出。本申请的其它特征和优点将从说明书、附图以及权利要求书变得明显。Details of one or more embodiments of the present application are set forth in the accompanying drawings and description below. Other features and advantages of the present invention will be apparent from the description, drawings and claims.
附图说明DRAWINGS
为了更清楚地说明本申请实施例中的技术方案,下面将对实施例中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其它的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings to be used in the embodiments will be briefly described below. Obviously, the drawings in the following description are only some embodiments of the present application, Those skilled in the art can also obtain other drawings based on these drawings without any creative work.
图1为根据一个或多个实施例中安全测试方法的应用场景图。1 is an application scenario diagram of a security testing method in accordance with one or more embodiments.
图2为根据一个或多个实施例中安全测试方法的流程示意图。2 is a flow diagram of a method of security testing in accordance with one or more embodiments.
图3为另一个实施例中安全测试方法的流程示意图。FIG. 3 is a schematic flow chart of a safety test method in another embodiment.
图4为另一个实施例中安全测试方法的流程示意图。4 is a schematic flow chart of a safety test method in another embodiment.
图5为根据一个或多个实施例中安全测试装置的框图。FIG. 5 is a block diagram of a security testing device in accordance with one or more embodiments.
图6为另一个实施例中安全测试装置的框图。Figure 6 is a block diagram of a safety test apparatus in another embodiment.
图7为另一个实施例中安全测试装置的框图。Figure 7 is a block diagram of a safety test apparatus in another embodiment.
图8为根据一个或多个实施例中计算机设备的内部图。FIG. 8 is an internal diagram of a computer device in accordance with one or more embodiments.
具体实施方式Detailed ways
为了使本申请的技术方案及优点更加清楚明白,以下结合附图及实施例,对本申请进行进一步详细说明。应当理解,此处描述的具体实施例仅仅用以解释本申请,并不用于限定本申请。In order to make the technical solutions and advantages of the present application more clear, the present application will be further described in detail below with reference to the accompanying drawings and embodiments. It is understood that the specific embodiments described herein are merely illustrative of the application and are not intended to be limiting.
本申请提供的安全测试方法,可以应用于如图1所示的应用环境中。终端102通过网络与服务器104通过网络进行通信。服务器104上设置有中间件以及应用程序,中间件用于执行本申请实施例提供的方法。用户可以通过终端102发送网络访问请求,当接收到终端102发送的网络访问请求时,由于应用程序设置在中间件上,因此服务器104上的中间件可以获取当前网络访问请求对应的当前代码,并在当前代码中插入探针函数,以在执行当前代码的过程中,通过探针函数记录当前代码中代码语句的执行顺序,得到当前代码的执行路径,并检测当前代码的执行路径与预设路径是否一致,当执行路径与预设路径不一致,确定当前代码存在安全漏洞。其中,终端102可以但不限于是各种个人计算机、笔记本电脑、智能手机、平板电脑和便携式可穿戴设备等可以进行网络访问的设备,服务器104可以用独立的服务器或者是多个服务器组成的服务器集群来实现,中间件指提供系统软件和应用软件之间连接的软件,以便于软件各部件之间的沟通,中间件在操作系统、网络和数据库之上,应用软件的下层,能够为处于自己上层的应用软件提供运行与开发的环境。The security test method provided by the present application can be applied to the application environment as shown in FIG. 1. Terminal 102 communicates with server 104 over a network over a network. The middleware and the application are provided on the server 104, and the middleware is used to execute the method provided by the embodiment of the present application. The user can send a network access request through the terminal 102. When receiving the network access request sent by the terminal 102, since the application is set on the middleware, the middleware on the server 104 can obtain the current code corresponding to the current network access request, and Insert a probe function in the current code to record the execution order of the code statement in the current code through the probe function in the process of executing the current code, obtain the execution path of the current code, and detect the execution path and the preset path of the current code. Consistent, when the execution path is inconsistent with the preset path, it is determined that there is a security hole in the current code. The terminal 102 can be, but is not limited to, a network access device such as various personal computers, notebook computers, smart phones, tablets, and portable wearable devices. The server 104 can use a separate server or a server composed of multiple servers. The cluster is implemented. The middleware refers to the software that provides the connection between the system software and the application software, so as to facilitate the communication between the various components of the software. The middleware is on the operating system, the network and the database, and the lower layer of the application software can be in its own The upper application software provides an environment for operation and development.
在一些实施例中,如图2所示,提供了一种安全测试方法,以该方法应用于图1中的服务器为例进行说明,包括以下步骤:In some embodiments, as shown in FIG. 2, a security testing method is provided. The method is applied to the server in FIG. 1 as an example, and includes the following steps:
步骤S202,接收当前网络访问请求,当前网络访问请求携带有统一资源定位符以及访问参数。Step S202: Receive a current network access request, where the current network access request carries a uniform resource locator and an access parameter.
具体地,统一资源定位符(URL,Universal ResourceLocator)是对可以从因特网上得到的资源的位置和访问方法的一种简洁的表示。通过统一资源定位符可以定位到对应的资源。访问参数可以是用户输入的,也可以是在发出网络访问请求对应的网络页面上选择的。例如,访问参数可以是用户在登录应用程序时输入的用户名以及密码、输入的检索词等。当要访问数据库时,用户也可以通过在数据库的前端页面上选择对应检索选项,检索选项为访问参数。当需要访问相应的页面时,用户可以在终端上输入或者选择访问参数,发出网络访问请求,终端向服务器发送网络访问请求,并携带对应的统一资源定位符以及访问参数。例如网络访问请求携带的数据可以为“http://ww.test.com/login?username=123&pwd=234”,其中,“?”后面的字符username=123&pwd=234中,表示用户名为123,密码为234。统一资源定位符为“http://ww.test.com/login”。Specifically, a Uniform Resource Locator (URL) is a compact representation of the location and access method of resources that can be obtained from the Internet. The uniform resource locator can be used to locate the corresponding resource. The access parameter may be entered by the user or may be selected on the web page corresponding to the outgoing network access request. For example, the access parameter may be a user name and password entered by the user when logging in to the application, a search term entered, and the like. When accessing the database, the user can also retrieve the option as an access parameter by selecting the corresponding search option on the front-end page of the database. When the corresponding page needs to be accessed, the user can input or select an access parameter on the terminal, issue a network access request, and the terminal sends a network access request to the server, and carries the corresponding uniform resource locator and the access parameter. For example, the data carried in the network access request may be "http://ww.test.com/login?username=123&pwd=234", where the character "=" in the username=123&pwd=234 indicates that the user name is 123. The password is 234. The uniform resource locator is "http://ww.test.com/login".
步骤S204,根据统一资源定位符获取当前网络访问请求对应的当前代码。Step S204: Acquire a current code corresponding to the current network access request according to the uniform resource locator.
具体地,预先设置了统一资源定位符与代码的对应关系,因此可以根据当前网络访问请求携带的统一资源定位符获取执行当前网络访问请求对应的当前代码。当前代码可以包括一个或多个代码语句。Specifically, the correspondence between the uniform resource locator and the code is set in advance, so that the current code corresponding to the current network access request can be obtained according to the uniform resource locator carried by the current network access request. The current code can include one or more code statements.
步骤S206,在当前代码中插入探针函数。Step S206, inserting a probe function into the current code.
具体地,插入探针函数是指对当前代码进行插桩处理,插桩处理可以在不破坏代码原有逻辑完整性的前提下,在代码的相应位置上插入探针,以对代码执行过程中的信息进行采集,例如控制流以及数据流信息等。可以调用开源框架spring的拦截器功能进行代码插桩。插入探针的函数的位置可以是每一个代码语句。Specifically, the insertion probe function refers to the instrumentation processing of the current code, and the instrumentation processing can insert the probe at the corresponding position of the code without destroying the original logical integrity of the code, so as to execute the code during the execution of the code. The information is collected, such as control flow and data flow information. You can call the open source framework spring's interceptor function for code instrumentation. The location of the function that inserts the probe can be every code statement.
在一些实施例中,为了减少探针数量的同时且能够采集到关键的路径,因此在当前代码中插入探针函数的步骤包括:对当前代码进行检测,得到当前代码的目标语句,在当前代码的目标语句上插入探针函数。其中目标语句包括以下代码语句中的至少一个:当前代码的起始语句、终止语句、判断语句、变量约束条件对应的语句以及访问参数对应的代码语句。In some embodiments, in order to reduce the number of probes and to capture a critical path, the step of inserting the probe function in the current code includes: detecting the current code, obtaining the target statement of the current code, in the current code Insert a probe function on the target statement. The target statement includes at least one of the following code statements: a start statement, a termination statement, a judgment statement, a statement corresponding to the variable constraint condition, and a code statement corresponding to the access parameter of the current code.
具体地,在进行代码插桩时,可以选择代码的关键位置进行代码插桩,例如关键位置可以是代码的起始位置、终止位置、代码中变量约束条件对应的位置、网络访问参数对应的代码位置以及代码的判断语句之中的一个或多个。在一些实施例中,也可以是在代码的判断语句的位置上进行插桩,例如,当判断代码中包括“if”语句,则进行代码插桩。Specifically, when performing code instrumentation, the key position of the code may be selected for code instrumentation. For example, the key position may be the start position of the code, the termination position, the position corresponding to the variable constraint in the code, and the code corresponding to the network access parameter. One or more of the location and the judgment statement of the code. In some embodiments, the instrumentation may also be performed at the position of the judgment statement of the code. For example, when the judgment code includes an "if" statement, the code is inserted.
在一些实施例中,为了降低服务器的负载,可以根据访问参数的信息类型确定漏洞检测策略,当访问参数的信息类型为静态信息,则不执行漏洞检测或者仅对当前代码进行静态漏洞检测。当参数的信息类型为动态信息,则执行静态漏洞检测以及动态漏洞检测。静态信息是指在当前网络访问请求对应的当前网络访问页面上可以选择的参数,动态信息是指用户输入的参数。因此,在接收到当前网络访问请求时,可以将当前网络访问请求的访问参数与当前网络访问页面上展示的参数进行对比。当不是当前网络访问页面上展示的参数,则对当前代码插入探针函数。静态漏洞检测是指不运行代码进行漏洞检测,动态漏洞检测是指需要运行代码进行漏洞检测。In some embodiments, in order to reduce the load of the server, the vulnerability detection policy may be determined according to the information type of the access parameter. When the information type of the access parameter is static information, the vulnerability detection is not performed or only the current code is static vulnerability detection. When the information type of the parameter is dynamic information, static vulnerability detection and dynamic vulnerability detection are performed. The static information refers to a parameter that can be selected on the current network access page corresponding to the current network access request, and the dynamic information refers to a parameter input by the user. Therefore, when receiving the current network access request, the access parameters of the current network access request can be compared with the parameters displayed on the current network access page. When not the parameters shown on the current network access page, the probe function is inserted into the current code. Static vulnerability detection means that the code is not run for vulnerability detection. Dynamic vulnerability detection refers to the need to run code for vulnerability detection.
在一些实施例中,为了减少中间件进行漏洞检测的负载,还可以根据当前网络访问请求的访问参数以及当前网络访问请求的类型确定是否在当前代码中插入探针函数,以进行漏洞检测,具体的规则可以根据实际需要进行设置。例如,当用户参数中包括“?”字符而且用户请求的类型为获取数据,则进行漏洞检测。或者当前网络访问请求中包括命令分隔符包括如“:”、“。”,而且当前网络访问请求的类型为获取数据时在当前代码中插入探针函数,以进行漏洞检测。In some embodiments, in order to reduce the load of the middleware for detecting the vulnerability, it is also possible to determine whether to insert a probe function into the current code according to the access parameter of the current network access request and the type of the current network access request, to perform vulnerability detection. The rules can be set according to actual needs. For example, when the user parameter includes the "?" character and the type requested by the user is the acquired data, vulnerability detection is performed. Or the current network access request includes command separators including ":", ".", and the current type of network access request is to insert a probe function in the current code for vulnerability detection.
步骤S208,在根据访问参数执行当前代码的过程中,通过探针函数记录当前代码中代码语句的执行顺序,得到当前代码的执行路径。Step S208, in the process of executing the current code according to the access parameter, the execution order of the code statement in the current code is recorded by the probe function, and the execution path of the current code is obtained.
具体地,得到当前代码后,根据访问参数执行当前代码。例如,当访问参数为进行登录的用户名以及密码时,则执行当前代码,以进行登录。在访问条件是数据库的检索条件时,则根据检索条件以及对应的代码执行检索。代码语句的执行顺序可以是通过记录代码语句的执行时间得到。得到代码语句的执行顺序后,按照执行顺序组成执行路径。例如,当前代码的代码语句包括A、B、C、D四个代码语句,当是在A、C上插入了探针函数,探针函数得到的在执行当前代码的过程中的执行顺序依次为A、C。则执行路径为A→C。Specifically, after the current code is obtained, the current code is executed according to the access parameters. For example, when the access parameter is the username and password for logging in, the current code is executed to log in. When the access condition is a search condition of the database, the search is performed based on the search condition and the corresponding code. The order in which code statements are executed can be obtained by recording the execution time of the code statement. After the execution order of the code statements is obtained, the execution paths are composed in the order of execution. For example, the code statement of the current code includes four code statements A, B, C, and D. When the probe function is inserted on A and C, the execution order of the probe function in the process of executing the current code is A, C. Then the execution path is A→C.
步骤S210,检测当前代码的执行路径与预设路径是否一致。Step S210: It is detected whether the execution path of the current code is consistent with the preset path.
具体地,预设路径是预先设置的。例如可以预先设置预设路径为:A→C→B。预设路径可以是根据当前代码对应的历史网络访问请求对应的执行路径得到的。获取到当前代码的执行路径后,将当前代码与预设路径进行对比,检测当前代码与预设路径是否一致。Specifically, the preset path is preset. For example, the preset path can be preset to be: A→C→B. The preset path may be obtained according to an execution path corresponding to the historical network access request corresponding to the current code. After obtaining the execution path of the current code, the current code is compared with the preset path to detect whether the current code is consistent with the preset path.
在一些实施例中,可以获取当前代码对应的多个历史网络访问请求的历史执行路径,计算各个历史执行路径的分布比例,将超过预设分布比例的历史执行路径作为预设路径。计算各个历史执行路径的分布比例,将超过预设分布比例的历史执行路径作为预设路径的方法可以根据需要进行设置。例如,可以将各个历史网络访问请求的历史执行路径进行对比,确定各个历史执行路径的执行次数,以统计各个历史执行路径的分布比例,将分布比例超过预设比例如90%历史执行路径作为预设路径。或者,对接收到历史网络访问请求时执行当前代码所调用的进程进行分析,确定是否是白名单中的进程,当为是,将该历史网络访问请求对应的执行路径作为预设路径。In some embodiments, the historical execution path of the plurality of historical network access requests corresponding to the current code may be obtained, the distribution ratio of each historical execution path is calculated, and the historical execution path exceeding the preset distribution ratio is used as the preset path. The distribution ratio of each historical execution path is calculated, and the method of using the historical execution path exceeding the preset distribution ratio as the preset path may be set as needed. For example, the historical execution paths of the respective historical network access requests may be compared, the number of executions of each historical execution path may be determined, and the distribution ratio of each historical execution path may be counted, and the distribution ratio exceeds a preset ratio, for example, 90% of the historical execution path as a pre- Set the path. Alternatively, the process that is executed by the current code is received when the historical network access request is received, and the process is determined to be a process in the whitelist. If yes, the execution path corresponding to the historical network access request is used as the preset path.
步骤S212,当执行路径与预设路径不一致,确定当前代码存在安全漏洞。Step S212: When the execution path is inconsistent with the preset path, it is determined that the current code has a security vulnerability.
具体地,当执行路径与预设路径不一致,说明存在异常,可以判断当前代码存在漏洞。例如当预设路径为A→C→B,而执行路径为A→B→C,执行路径与预设路径不一致。当执行路径与预设路径一致,则可以判断当前代码不存在漏洞。当然,当执行路径与预设路径一致,也可以根据其他漏洞检测规则进一步确定当前代码是否存在漏洞。例如可以获取根据访问参数执行当前代码得到的数据,根据运行结果确定是否存在异常。当为异常,判断当前代码存在漏洞。Specifically, when the execution path is inconsistent with the preset path, it indicates that there is an abnormality, and it may be determined that the current code has a vulnerability. For example, when the preset path is A→C→B, and the execution path is A→B→C, the execution path is inconsistent with the preset path. When the execution path is consistent with the preset path, it can be determined that the current code does not have a vulnerability. Of course, when the execution path is consistent with the preset path, the current code may be further determined according to other vulnerability detection rules. For example, it is possible to obtain data obtained by executing the current code according to the access parameter, and determine whether there is an abnormality according to the running result. When it is abnormal, it is judged that there is a vulnerability in the current code.
在一些实施例中,对于运行结果,可以获取运行结果的数据量的大小,当数据量大于预设阈值,则可以判断当前代码存在漏洞,预设阈值可以根据实际需要进行设置,例如为1G。例如,对于获取数据库数据的网络访问请求,当根据检索条件得到的数量的数据量大于1G,说明存在异常,则可以确定当前存在漏洞。In some embodiments, for the running result, the size of the data volume of the running result may be obtained. When the data volume is greater than the preset threshold, the current code may be determined to have a vulnerability, and the preset threshold may be set according to actual needs, for example, 1G. For example, for a network access request for obtaining database data, if the amount of data obtained according to the retrieval condition is greater than 1 G, indicating that there is an abnormality, it may be determined that a vulnerability exists.
在一些实施例中,还可以判断运行结果的数据的类型以及数据的显示形式,当数据的类型为敏感数据以及数据显示形式中的一种或两种为明文时,则可以判断当前代码存在漏洞。例如,当发现得到的数据为密码信息,且数据为明文,则可以判断当前代码存在漏洞。In some embodiments, the type of the data of the running result and the display form of the data may also be determined. When the type of the data is sensitive data and one or both of the data display forms are plaintext, the current code may be judged to be vulnerable. . For example, when the obtained data is found to be password information, and the data is plaintext, it can be judged that the current code has a vulnerability.
在一些实施例中,还可以获取根据访问参数执行当前代码的执行时长,将执行时长与时长阈值进行比对,当超过预设时长,则表明当前代码存在漏洞。时长阈值可以是一个固定的时长,也可以是动态变化的。例如,根据历史网络访问请求的运行时长进行确定时长阈值,将超过预设阈值例如95%的历史网络访问请求的运行时长的值作为时长阈值。In some embodiments, the execution duration of the current code is also obtained according to the access parameter, and the execution duration is compared with the duration threshold. When the preset duration is exceeded, the current code is vulnerable. The duration threshold can be a fixed duration or dynamically changed. For example, the duration threshold is determined according to the running time of the historical network access request, and the value of the running time of the historical network access request exceeding the preset threshold, for example, 95%, is used as the duration threshold.
在一些实施例中,当检测到当前代码存在漏洞,可以丢弃当前网络访问请求,如不向发出当前网络访问请求的终端发送当前网络访问请求对应的响应信息例如数据查询结果,以避免用户通过当前代码的漏洞侵害服务器。当不存在漏洞,则可以将前网络访问请求对应的响应信息返回到终端中。In some embodiments, when it is detected that there is a vulnerability in the current code, the current network access request may be discarded, such as not sending the response information corresponding to the current network access request, such as a data query result, to the terminal that issued the current network access request, to prevent the user from passing the current The vulnerability of the code violates the server. When there is no vulnerability, the response information corresponding to the previous network access request may be returned to the terminal.
在一些实施例中,当检测到漏洞,可以发出漏洞提醒信息,以提醒测试人员检测当前代码,对漏洞进行修复。在进行修复前,可以将当前代码的状态标识为待修正,当在代码状态为待修正时,接收到当前代码对应的网络访问请求,则可以拒绝对网络访问请求进行响应。In some embodiments, when a vulnerability is detected, a vulnerability alert message can be issued to alert the tester to the current code and fix the vulnerability. Before the repair is performed, the status of the current code may be identified as being to be corrected. When the code status is to be corrected, and the network access request corresponding to the current code is received, the network access request may be rejected.
在一些实施例中,在进行动态测试即根据访问参数执行当前代码,以进行漏洞测试之前,也可以对当前代码进行静态漏洞检测,判断当前代码中是否存在恶意代码。例如将当前代码与预设的堆喷射代码、iframe代码和shellcode代码等恶意代码进行对比,确定是否存在恶意代码。当不存在,进一步进行动态测试。当存在,则可以判断当前代码存在漏洞,不再进行动态测试。In some embodiments, before the dynamic test is performed, the current code is executed according to the access parameters, and the vulnerability detection may be performed on the current code to determine whether there is malicious code in the current code. For example, compare the current code with malicious code such as the preset heap injection code, iframe code, and shellcode code to determine if there is malicious code. When not present, further dynamic testing is performed. When it exists, it can be judged that the current code has a vulnerability and no dynamic testing is performed.
上述安全测试方法中,接收当前网络访问请求,当前网络访问请求携带有统一资源定位符以及访问参数,根据统一资源定位符获取执行当前网络访问请求的当前代码,在当前代码中插入探针函数,在根据访问参数执行当前代码的过程中,通过探针函数记录当前代码中代码语句的执行顺序,得到当前代码的执行路径,检测当前代码的执行路径与预设路径是否一致,当执行路径与预设路径不一致,确定当前代码存在安全漏洞,本申请实施例提供的方法利用探针函数获取网络访问请求对应的代码的执行路径,并将执行路径与预设路径对比得到漏洞测试结果,能够动态根据接收的网络访问请求进行漏洞检测,安全检测效率高。In the foregoing security test method, the current network access request is received, the current network access request carries a uniform resource locator and an access parameter, and the current code for executing the current network access request is obtained according to the uniform resource locator, and a probe function is inserted in the current code. In the process of executing the current code according to the access parameter, the execution order of the code statement in the current code is recorded by the probe function, and the execution path of the current code is obtained, and it is detected whether the execution path of the current code is consistent with the preset path, when the execution path and the pre-execution path are The path is inconsistent, and the current code is determined to have a security vulnerability. The method provided by the embodiment of the present application uses the probe function to obtain the execution path of the code corresponding to the network access request, and compares the execution path with the preset path to obtain a vulnerability test result, which can be dynamically Received network access requests for vulnerability detection, and security detection is efficient.
在一些实施例中,如图3所示,安全检测方法还可以包括以下步骤:In some embodiments, as shown in FIG. 3, the security detection method may further include the following steps:
步骤S302,获取当前网络访问请求对应的当前网络页面。Step S302: Acquire a current network page corresponding to the current network access request.
具体地。当前网络页面是指发送当前网络访问请求的页面,例如,当当前网络访问请求为检索请求时,输入检索关键词的页面为检索请求对应的当前网络页面。当当前网络访问请求为获取数据库中的数据的请求时,数据库对应的用于输入或者选择检索条件的前端页面为获取数据库中的数据的请求对应的当前网络页面。specifically. The current web page refers to a page that sends a current network access request. For example, when the current network access request is a retrieval request, the page for inputting the retrieval keyword is the current web page corresponding to the retrieval request. When the current network access request is a request for acquiring data in the database, the front-end page corresponding to the database for inputting or selecting the retrieval condition is the current web page corresponding to the request for acquiring data in the database.
步骤S304,将访问参数与当前网络页面上预设的选项参数进行对比,确定选项参数与访问参数的包含关系。Step S304, comparing the access parameter with an option parameter preset on the current network page, and determining an inclusion relationship between the option parameter and the access parameter.
具体地,当前网络页面上预设的选项参数是指可以在当前网络页面上进行选择的参数。例如,当前网络页面上可以设置有选择参数的下拉框,可以点击该下拉框并选择下拉框上展示的参数,则下拉框上展示的参数为预设的选项参数。在得到当前网络页面后,获取当前网络页面上预设的选项参数,并将访问参数与预设的选择参数进行对比,确定选择参数与访问参数的包含关系,即预设的选择参数是否包括访问参数。Specifically, the option parameter preset on the current network page refers to a parameter that can be selected on the current network page. For example, a drop-down box for selecting a parameter may be set on the current web page, and the drop-down box may be clicked and the parameter displayed on the drop-down box may be selected, and the parameter displayed on the drop-down box is a preset option parameter. After obtaining the current web page, the preset parameter parameters on the current web page are obtained, and the access parameter is compared with the preset selection parameter to determine the inclusion relationship between the selection parameter and the access parameter, that is, whether the preset selection parameter includes access. parameter.
在一些实施例中,步骤S206即在所述当前代码中插入探针函数的步骤包括:当检测到选项参数不包括访问参数,在所述当前代码中插入探针函数。In some embodiments, the step of inserting the probe function in the current code in step S206 comprises inserting a probe function in the current code when detecting that the option parameter does not include an access parameter.
具体地,选项参数不包括访问参数是指访问参数中的至少一个不是选项参数。当检测到选项参数不包括访问参数,说明访问参数是用户自行构造的,为动态信息,可能存在风险,因此可以在当前代码中插入探针函数,以进行动态漏洞检测。当为访问参数静态信息,即选项参数包括访问参数时,可以进行静态漏洞检测。Specifically, the option parameter not including the access parameter means that at least one of the access parameters is not an option parameter. When it is detected that the option parameter does not include the access parameter, the access parameter is constructed by the user and is dynamic. There may be risks. Therefore, the probe function can be inserted in the current code for dynamic vulnerability detection. Static vulnerability detection can be performed when accessing parameter static information, ie, option parameters include access parameters.
在一些实施例中,如图4所示,安全检测方法还包括:In some embodiments, as shown in FIG. 4, the security detection method further includes:
步骤S402,获取当前代码的代码特征,代码特征包括当前代码对应的变量约束条件。Step S402: Obtain a code feature of the current code, where the code feature includes a variable constraint condition corresponding to the current code.
具体地,变量约束条件是指当前代码中对输入的变量进行限制的限制条件。可以在执行当前代码的过程中获取当前代码对应的变量约束条件。也可以是在执行当前代码之前或者当检测到当前代码存在漏洞时获取当前代码对应的变量约束条件。获取变量约束条件时,可以 判断当前代码中是否存在if语句,当存在,提取if语句中的变量约束条件。Specifically, the variable constraint refers to a restriction in the current code that limits the input variable. The variable constraint corresponding to the current code can be obtained during the execution of the current code. It is also possible to obtain a variable constraint corresponding to the current code before executing the current code or when detecting that the current code has a vulnerability. When the variable constraint is obtained, it can be judged whether the if statement exists in the current code. When it exists, the variable constraint condition in the if statement is extracted.
步骤S404,根据变量约束条件构造测试参数。Step S404, constructing test parameters according to variable constraints.
具体地,测试参数用于对当前代码进行测试。得到变量约束条件后,则可以根据变量约束条件构造测试函数。根据变量约束条件构造测试参数的规则可以根据需要进行设置。Specifically, the test parameters are used to test the current code. After the variable constraints are obtained, the test function can be constructed according to the variable constraints. Rules for constructing test parameters based on variable constraints can be set as needed.
在一些实施例中,可以构造变量约束条件的边界值作为测试参数。例如,当代码中变量约束条件为x大于5,则可以构造边界值5附近的参数作为测试参数,如5.1、4.9999999999等。In some embodiments, the boundary values of the variable constraints can be constructed as test parameters. For example, when the variable constraint condition in the code is x greater than 5, the parameter near the boundary value 5 can be constructed as a test parameter, such as 5.1, 4.9999999999, and the like.
在一些实施例中,当变量约束条件包括两个以上时,则可以根据各个变量约束条件构造测试参数,再将各个变量约束条件的测试参数进行组合,得到最终的测试参数。例如登录密码的变量约束条件包括两个:大于10个字符以及首字符为数字。则可以根据大于10个字符的变量约束条件构造大于10个字符的有效测试参数、小于等于10个字符的无效测试参数。以及根据首字符为数字的变量约束条件构造首字母为数字的有效参数、首字符为非数字的无效测试参数。然后将根据变量约束条件构造的测试参数进行两两组合,得到测试参数,假设构造的小于10个字符的测试参数为1001,首字符为数字的测试参数为a,则组合后最终得到的测试参数为a1001。In some embodiments, when the variable constraint condition includes more than two, the test parameter may be constructed according to each variable constraint condition, and then the test parameters of each variable constraint condition are combined to obtain a final test parameter. For example, the variable constraint for a login password consists of two: greater than 10 characters and the first character is a number. Then, a valid test parameter of more than 10 characters and an invalid test parameter of 10 characters or less can be constructed according to a variable constraint of more than 10 characters. And constructing a valid parameter whose first letter is a number according to a variable constraint whose first character is a number, and an invalid test parameter whose first character is a non-numeric. Then, the test parameters constructed according to the variable constraints are combined in pairs to obtain the test parameters. It is assumed that the test parameter of less than 10 characters is 1001, and the test parameter with the first character is number is a, then the test parameters finally obtained after combination For a1001.
在一些实施例中,当执行路径与预设路径不一致,可以根据访问参数构造测试参数,如将访问参数进行变形后得到黑盒的测试参数。例如,当访问参数为用户名“admin”,且利用该用户名进行登录时存在漏洞。则可以将adminx01、admin1作为测试参数。In some embodiments, when the execution path is inconsistent with the preset path, the test parameter may be constructed according to the access parameter, such as deforming the access parameter to obtain a test parameter of the black box. For example, when the access parameter is the username "admin" and there is a vulnerability when logging in with that username. You can use adminx01 and admin1 as test parameters.
步骤S406,根据测试参数执行当前代码,得到代码运行数据。Step S406, executing the current code according to the test parameters, and obtaining code operation data.
具体地,得到当前测试参数后,可以将测试参数传入当前代码中,以根据测试参数执行当前代码,得到代码运行数据。代码运行数据可以是根据测试参数执行当前代码对应的路径,也可以是根据测试参数执行当前代码得到的结果例如对数据库进行查询得到的数据等。Specifically, after the current test parameters are obtained, the test parameters can be passed into the current code to execute the current code according to the test parameters, and the code operation data is obtained. The code running data may be a path corresponding to the current code according to the test parameter, or may be a result obtained by executing the current code according to the test parameter, such as data obtained by querying the database.
在一些实施例中,代码特征包括当前代码对应的功能控件,因此根据测试参数执行当前代码,得到代码运行数据的步骤包括:根据功能控件以及测试参数构造测试网络访问请求,并根据测试网络访问请求执行当前代码,得到代码运行数据。In some embodiments, the code feature includes a function control corresponding to the current code, and thus executing the current code according to the test parameter, the step of obtaining the code operation data includes: constructing a test network access request according to the function control and the test parameter, and according to the test network access request Execute the current code to get the code to run the data.
具体的,代码对应的控件标识可以是对代码进行检测得到的,也可以是预先设置的。得到控件标识后,根据变量约束条件构造测试参数,并触发点击控件的动作,发送测试网络访问请求,测试网络请求携带测试参数,以根据测试网络访问请求执行当前代码,得到代码运行数据。Specifically, the control identifier corresponding to the code may be obtained by detecting the code, or may be preset. After the control identifier is obtained, the test parameter is constructed according to the variable constraint condition, and the action of clicking the control is triggered, the test network access request is sent, the test network request carries the test parameter, and the current code is executed according to the test network access request, and the code operation data is obtained.
步骤S408,根据代码运行数据确定当前代码对应的漏洞检测结果。Step S408, determining a vulnerability detection result corresponding to the current code according to the code operation data.
具体地,漏洞检测结果可以包括存在漏洞以及不存在漏洞。根据代码运行数据确定当前代码对应的漏洞检测结果的规则可以根据实际进行设置。例如,可以判断根据测试参数执行当前代码对应的路径是否与预设路径一致,当不一致,则存在漏洞。也可以判断根据测试参数执行当前代码得到的数据的数据量是否大于预设值。例如对数据库进行查询得到的数据量是否大于预设值,当大于预设值,则可以判断当前代码存在漏洞。Specifically, the vulnerability detection result may include a vulnerability and no vulnerability. The rules for determining the vulnerability detection result corresponding to the current code according to the code running data can be set according to the actual situation. For example, it may be determined whether the path corresponding to the current code according to the test parameter is consistent with the preset path, and if it is inconsistent, there is a vulnerability. It is also possible to judge whether the data amount of the data obtained by executing the current code according to the test parameter is greater than a preset value. For example, if the amount of data obtained by querying the database is greater than a preset value, when the value is greater than the preset value, it may be determined that the current code has a vulnerability.
本申请实施例中,根据变量约束条件构造测试参数可以对当前代码进行进一步的漏洞测 试,提高了漏洞测试的准确性以及全面性。In the embodiment of the present application, constructing test parameters according to variable constraints can perform further vulnerability testing on the current code, and improve the accuracy and comprehensiveness of the vulnerability test.
应该理解的是,虽然上述的流程图中的各个步骤按照箭头的指示依次显示,但是这些步骤并不是必然按照箭头指示的顺序依次执行。除非本文中有明确的说明,这些步骤的执行并没有严格的顺序限制,这些步骤可以以其它的顺序执行。而且,上述中的至少一部分步骤可以包括多个子步骤或者多个阶段,这些子步骤或者阶段并不必然是在同一时刻执行完成,而是可以在不同的时刻执行,这些子步骤或者阶段的执行顺序也不必然是依次进行,而是可以与其它步骤或者其它步骤的子步骤或者阶段的至少一部分轮流或者交替地执行。It should be understood that although the various steps in the above-described flowcharts are sequentially displayed as indicated by the arrows, these steps are not necessarily performed in the order indicated by the arrows. Except as explicitly stated herein, the execution of these steps is not strictly limited, and the steps may be performed in other orders. Moreover, at least some of the steps may include a plurality of sub-steps or stages, which are not necessarily performed at the same time, but may be executed at different times, the execution order of the sub-steps or stages Nor is it necessarily performed sequentially, but may be performed alternately or alternately with at least a portion of other steps or sub-steps or stages of other steps.
在一些实施例中,如图5所示,提供了一种安全测试装置,包括:请求接收模块502、代码获取模块504、探针插入模块506、执行路径得到模块508、检测模块510和漏洞确定模块512,其中:In some embodiments, as shown in FIG. 5, a security testing apparatus is provided, including: a request receiving module 502, a code obtaining module 504, a probe inserting module 506, an execution path obtaining module 508, a detecting module 510, and a vulnerability determination. Module 512, wherein:
请求接收模块502,用于接收当前网络访问请求,当前网络访问请求携带有统一资源定位符以及访问参数。The request receiving module 502 is configured to receive a current network access request, where the current network access request carries a uniform resource locator and an access parameter.
代码获取模块504,用于根据统一资源定位符获取当前网络访问请求对应的当前代码。The code obtaining module 504 is configured to obtain a current code corresponding to the current network access request according to the uniform resource locator.
探针插入模块506,用于在当前代码中插入探针函数。A probe insertion module 506 is used to insert a probe function in the current code.
执行路径得到模块508,用于在根据访问参数执行当前代码的过程中,通过探针函数记录当前代码中代码语句的执行顺序,得到当前代码的执行路径。The execution path obtaining module 508 is configured to record the execution order of the code statements in the current code by using a probe function in the process of executing the current code according to the access parameter, to obtain an execution path of the current code.
检测模块510,用于检测当前代码的执行路径与预设路径是否一致。The detecting module 510 is configured to detect whether the execution path of the current code is consistent with the preset path.
漏洞确定模块512,用于当执行路径与预设路径不一致,确定当前代码存在安全漏洞。The vulnerability determination module 512 is configured to determine that the current code has a security vulnerability when the execution path is inconsistent with the preset path.
在一些实施例中,如图6所示,安全检测装置还包括:In some embodiments, as shown in FIG. 6, the security detecting device further includes:
页面获取模块602,用于获取当前网络访问请求对应的当前网络页面。The page obtaining module 602 is configured to obtain a current web page corresponding to the current network access request.
包含关系确定模块604,用于将访问参数与当前网络页面上预设的选项参数进行对比,确定选项参数与访问参数的包含关系。The inclusion relationship determining module 604 is configured to compare the access parameter with an option parameter preset on the current network page, and determine an inclusion relationship of the option parameter and the access parameter.
执行探针插入模块506用于:当检测到选项参数不包括访问参数,在当前代码中插入探针函数。The execution probe insertion module 506 is configured to insert a probe function in the current code when detecting that the option parameter does not include the access parameter.
在一些实施例中,安全测试装置还包括:历史路径得到模块,用于获取当前代码对应的多个历史网络访问请求的历史执行路径。以及,预设路径得到模块,用于计算各个历史执行路径的分布比例,将超过预设分布比例的历史执行路径作为预设路径。In some embodiments, the security testing device further includes: a historical path obtaining module, configured to acquire a historical execution path of the plurality of historical network access requests corresponding to the current code. And a preset path obtaining module, configured to calculate a distribution ratio of each historical execution path, and use a historical execution path exceeding a preset distribution ratio as a preset path.
在一些实施例中,如图7所示,安全测试装置还包括:In some embodiments, as shown in FIG. 7, the security testing device further includes:
代码特征获取模块702,用于获取当前代码的代码特征,代码特征包括当前代码对应的变量约束条件。The code feature obtaining module 702 is configured to obtain a code feature of the current code, where the code feature includes a variable constraint condition corresponding to the current code.
参数构造模块704,用于根据变量约束条件构造测试参数。The parameter construction module 704 is configured to construct a test parameter according to the variable constraint condition.
执行模块706,用于根据测试参数执行当前代码,得到代码运行数据。The executing module 706 is configured to execute the current code according to the test parameter to obtain code running data.
结果得到模块708,用于根据代码运行数据确定当前代码对应的漏洞检测结果。The result is obtained by a module 708, configured to determine, according to the code operation data, a vulnerability detection result corresponding to the current code.
在一些实施例中,代码特征还包括当前代码对应的功能控件,执行模块用于:根据功能控件以及测试参数构造测试网络访问请求。根据测试网络访问请求执行当前代码,得到代码运行数据。In some embodiments, the code feature further includes a function control corresponding to the current code, and the execution module is configured to: construct a test network access request according to the function control and the test parameter. Execute the current code according to the test network access request to get the code to run the data.
在一些实施例中,装置还包括丢弃模块,用于当确定当前代码存在漏洞,丢弃当前网络访问请求。In some embodiments, the apparatus further includes a discarding module for discarding the current network access request when it is determined that the current code is vulnerable.
在一些实施例中,探针插入模块506用于:对当前代码进行检测,得到当前代码的目标语句,目标语句包括以下代码语句中的至少一个:当前代码的起始语句、终止语句、判断语句、变量约束条件对应的语句以及访问参数对应的代码语句。在当前代码的目标语句上插入探针函数。In some embodiments, the probe insertion module 506 is configured to: detect the current code to obtain a target statement of the current code, and the target statement includes at least one of the following code statements: a start statement, a termination statement, and a judgment statement of the current code The statement corresponding to the variable constraint and the code statement corresponding to the access parameter. Insert a probe function on the target statement of the current code.
关于安全测试装置的具体限定可以参见上文中对于安全测试方法的限定,在此不再赘述。上述安全测试装置中的各个模块可全部或部分通过软件、硬件及其组合来实现。上述各模块可以硬件形式内嵌于或独立于计算机设备中的处理器中,也可以以软件形式存储于计算机设备中的存储器中,以便于处理器调用执行以上各个模块对应的操作。For specific definitions of the safety test device, reference may be made to the above definition of the safety test method, and details are not described herein again. Each of the above-described security test devices may be implemented in whole or in part by software, hardware, and combinations thereof. Each of the above modules may be embedded in or independent of the processor in the computer device, or may be stored in a memory in the computer device in a software form, so that the processor invokes the operations corresponding to the above modules.
在一些实施例中,提供了一种计算机设备,该计算机设备可以是服务器,其内部结构图可以如图8所示。该计算机设备包括通过系统总线连接的处理器、存储器和网络接口。其中,该计算机设备的处理器用于提供计算和控制能力。该计算机设备的存储器包括非易失性存储介质和内存储器。该非易失性存储介质存储有操作系统和计算机可读指令。该内存储器为非易失性存储介质中的操作系统和计算机可读指令的运行提供环境。该计算机设备的网络接口用于与外部的终端通过网络连接通信。该计算机可读指令被处理器执行时以实现一种安全测试方法。In some embodiments, a computer device is provided, which may be a server, the internal structure of which may be as shown in FIG. The computer device includes a processor, memory, and network interface coupled by a system bus. The processor of the computer device is used to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores operating systems and computer readable instructions. The internal memory provides an environment for operation of an operating system and computer readable instructions in a non-volatile storage medium. The network interface of the computer device is used to communicate with an external terminal via a network connection. The computer readable instructions are executed by the processor to implement a secure test method.
本领域技术人员可以理解,图8中示出的结构,仅仅是与本申请方案相关的部分结构的框图,并不构成对本申请方案所应用于其上的计算机设备的限定,具体的计算机设备可以包括比图中所示更多或更少的部件,或者组合某些部件,或者具有不同的部件布置。It will be understood by those skilled in the art that the structure shown in FIG. 8 is only a block diagram of a part of the structure related to the solution of the present application, and does not constitute a limitation of the computer device to which the solution of the present application is applied. The specific computer device may It includes more or fewer components than those shown in the figures, or some components are combined, or have different component arrangements.
一种计算机设备,包括存储器和一个或多个处理器,存储器中储存有计算机可读指令,计算机可读指令被处理器执行时,使得一个或多个处理器执行以下步骤:接收当前网络访问请求,当前网络访问请求携带有统一资源定位符以及访问参数;根据统一资源定位符获取当前网络访问请求对应的当前代码;在当前代码中插入探针函数;在根据访问参数执行当前代码的过程中,通过探针函数记录当前代码中代码语句的执行顺序,得到当前代码的执行路径;检测当前代码的执行路径与预设路径是否一致;及,当执行路径与预设路径不一致,确定当前代码存在安全漏洞。A computer device comprising a memory and one or more processors, the memory storing computer readable instructions, the computer readable instructions being executed by the processor, causing the one or more processors to perform the step of: receiving a current network access request The current network access request carries a uniform resource locator and an access parameter; the current code corresponding to the current network access request is obtained according to the uniform resource locator; the probe function is inserted in the current code; in the process of executing the current code according to the access parameter, The execution order of the code statement in the current code is recorded by the probe function, and the execution path of the current code is obtained; whether the execution path of the current code is consistent with the preset path; and when the execution path is inconsistent with the preset path, it is determined that the current code is safe. Vulnerabilities.
一个或多个存储有计算机可读指令的非易失性存储介质,计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行以下步骤:接收当前网络访问请求,当前网络访问请求携带有统一资源定位符以及访问参数;根据统一资源定位符获取当前网络访问请求对应的当前代码;在当前代码中插入探针函数;在根据访问参数执行当前代码的过程中,通过探针函数记录当前代码中代码语句的执行顺序,得到当前代码的执行路径;检测当前代码的执行路径与预设路径是否一致;及,当执行路径与预设路径不一致,确定当前代码存在安全漏洞。One or more non-volatile storage media storing computer readable instructions, when executed by one or more processors, cause one or more processors to perform the steps of: receiving a current network access request, current The network access request carries a uniform resource locator and an access parameter; the current code corresponding to the current network access request is obtained according to the uniform resource locator; the probe function is inserted in the current code; and the current code is executed according to the access parameter, The pin function records the execution order of the code statement in the current code, and obtains the execution path of the current code; detects whether the execution path of the current code is consistent with the preset path; and, when the execution path is inconsistent with the preset path, determines that the current code has a security hole.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机可读指令来指令相关的硬件来完成,计算机可读指令可存储于一非易失性计算机可读取 存储介质中,该计算机可读指令在执行时,可包括如上述各方法的实施例的流程。其中,本申请所提供的各实施例中所使用的对存储器、存储、数据库或其它介质的任何引用,均可包括非易失性和/或易失性存储器。非易失性存储器可包括只读存储器(ROM)、可编程ROM(PROM)、电可编程ROM(EPROM)、电可擦除可编程ROM(EEPROM)或闪存。易失性存储器可包括随机存取存储器(RAM)或者外部高速缓冲存储器。作为说明而非局限,RAM以多种形式可得,诸如静态RAM(SRAM)、动态RAM(DRAM)、同步DRAM(SDRAM)、双数据率SDRAM(DDRSDRAM)、增强型SDRAM(ESDRAM)、同步链路(Synchlink)DRAM(SLDRAM)、存储器总线(Rambus)直接RAM(RDRAM)、直接存储器总线动态RAM(DRDRAM)、以及存储器总线动态RAM(RDRAM)等。A person skilled in the art can understand that all or part of the process of implementing the above embodiment method can be completed by computer-readable instructions for instructing related hardware, and the computer readable instructions can be stored in a non-volatile computer readable. In the storage medium, the computer readable instructions, when executed, may include the flow of an embodiment of the methods as described above. Any reference to a memory, storage, database or other medium used in the various embodiments provided herein may include non-volatile and/or volatile memory. Non-volatile memory can include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory. Volatile memory can include random access memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of formats, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronization chain. Synchlink DRAM (SLDRAM), Memory Bus (Rambus) Direct RAM (RDRAM), Direct Memory Bus Dynamic RAM (DRDRAM), and Memory Bus Dynamic RAM (RDRAM).
以上实施例的各技术特征可以进行任意的组合,为使描述简洁,未对上述实施例中的各个技术特征所有可能的组合都进行描述,然而,只要这些技术特征的组合不存在矛盾,都应当认为是本说明书记载的范围。The technical features of the above embodiments may be arbitrarily combined. For the sake of brevity of description, all possible combinations of the technical features in the above embodiments are not described. However, as long as there is no contradiction in the combination of these technical features, It is considered to be the range described in this specification.
以上所述实施例仅表达了本申请的几种实施方式,其描述较为具体和详细,但并不能因此而理解为对发明专利范围的限制。应当指出的是,对于本领域的普通技术人员来说,在不脱离本申请构思的前提下,还可以做出若干变形和改进,这些都属于本申请的保护范围。因此,本申请专利的保护范围应以所附权利要求为准。The above-mentioned embodiments are merely illustrative of several embodiments of the present application, and the description thereof is more specific and detailed, but is not to be construed as limiting the scope of the invention. It should be noted that a number of variations and modifications may be made by those skilled in the art without departing from the spirit and scope of the present application. Therefore, the scope of the invention should be determined by the appended claims.

Claims (20)

  1. 一种安全测试方法,包括:A method of security testing, including:
    接收当前网络访问请求,所述当前网络访问请求携带有统一资源定位符以及访问参数;Receiving a current network access request, where the current network access request carries a uniform resource locator and an access parameter;
    根据所述统一资源定位符获取所述当前网络访问请求对应的当前代码;Obtaining, according to the uniform resource locator, a current code corresponding to the current network access request;
    在所述当前代码中插入探针函数;Inserting a probe function into the current code;
    在根据所述访问参数执行所述当前代码的过程中,通过所述探针函数记录所述当前代码中代码语句的执行顺序,得到所述当前代码的执行路径;In the process of executing the current code according to the access parameter, the execution order of the code statement in the current code is recorded by the probe function, and an execution path of the current code is obtained;
    检测所述当前代码的执行路径与预设路径是否一致;及Detecting whether the execution path of the current code is consistent with the preset path; and
    当所述执行路径与预设路径不一致,确定所述当前代码存在安全漏洞。When the execution path is inconsistent with the preset path, it is determined that the current code has a security vulnerability.
  2. 根据权利要求1所述的方法,其特征在于,还包括:The method of claim 1 further comprising:
    获取所述当前网络访问请求对应的当前网络页面;Obtaining a current network page corresponding to the current network access request;
    将所述访问参数与所述当前网络页面上预设的选项参数进行对比,确定所述选项参数与所述访问参数的包含关系;及Comparing the access parameter with an option parameter preset on the current network page, and determining an inclusion relationship between the option parameter and the access parameter; and
    所述在所述当前代码中插入探针函数的步骤包括:The step of inserting a probe function in the current code includes:
    当检测到所述选项参数不包括所述访问参数,在所述当前代码中插入探针函数。When it is detected that the option parameter does not include the access parameter, a probe function is inserted in the current code.
  3. 根据权利要求1所述的方法,其特征在于,还包括:The method of claim 1 further comprising:
    获取所述当前代码对应的多个历史网络访问请求的历史执行路径;及Obtaining a historical execution path of the plurality of historical network access requests corresponding to the current code; and
    计算所述各个历史执行路径的分布比例,将超过预设分布比例的历史执行路径作为所述预设路径。Calculating a distribution ratio of each of the historical execution paths, and using a historical execution path exceeding a preset distribution ratio as the preset path.
  4. 根据权利要求1至3任意一项所述的方法,其特征在于,还包括:The method according to any one of claims 1 to 3, further comprising:
    获取所述当前代码的代码特征,所述代码特征包括所述当前代码对应的变量约束条件;Obtaining a code feature of the current code, the code feature including a variable constraint condition corresponding to the current code;
    根据所述变量约束条件构造测试参数;Constructing test parameters according to the variable constraints;
    根据所述测试参数执行所述当前代码,得到代码运行数据;及Performing the current code according to the test parameter to obtain code operation data; and
    根据所述代码运行数据确定所述当前代码对应的漏洞检测结果。Determining a vulnerability detection result corresponding to the current code according to the code running data.
  5. 根据权利要求4所述的方法,其特征在于,所述代码特征还包括所述当前代码对应的功能控件,所述根据所述测试参数执行所述当前代码,得到代码运行数据,包括:The method according to claim 4, wherein the code feature further comprises a function control corresponding to the current code, and the executing the current code according to the test parameter to obtain code operation data comprises:
    根据所述功能控件以及所述测试参数构造测试网络访问请求;及Constructing a test network access request according to the functional control and the test parameter; and
    根据所述测试网络访问请求执行所述当前代码,得到代码运行数据。Executing the current code according to the test network access request to obtain code operation data.
  6. 根据权利要求1至3任意一项所述的方法,其特征在于,还包括:The method according to any one of claims 1 to 3, further comprising:
    当确定所述当前代码存在漏洞,丢弃所述当前网络访问请求。When it is determined that the current code has a vulnerability, the current network access request is discarded.
  7. 根据权利要求1至3任意一项所述的方法,其特征在于,所述在所述当前代码中插入探针函数,包括:The method according to any one of claims 1 to 3, wherein the inserting the probe function in the current code comprises:
    对所述当前代码进行检测,得到所述当前代码的目标语句,所述目标语句包括以下代码语句中的至少一个:当前代码的起始语句、终止语句、判断语句、变量约束条件对应的语句以及访问参数对应的代码语句;及Detecting the current code to obtain a target statement of the current code, where the target statement includes at least one of the following code statements: a start statement, a termination statement, a judgment statement, a statement corresponding to a variable constraint condition of the current code, and Access the code statement corresponding to the parameter; and
    在所述当前代码的目标语句上插入探针函数。A probe function is inserted on the target statement of the current code.
  8. 一种安全测试装置,所述装置包括:A safety testing device, the device comprising:
    请求接收模块,用于接收当前网络访问请求,所述当前网络访问请求携带有统一资源定位符以及访问参数;a request receiving module, configured to receive a current network access request, where the current network access request carries a uniform resource locator and an access parameter;
    代码获取模块,用于根据所述统一资源定位符获取所述当前网络访问请求对应的当前代码;a code obtaining module, configured to acquire, according to the uniform resource locator, a current code corresponding to the current network access request;
    探针插入模块,用于在所述当前代码中插入探针函数;a probe insertion module for inserting a probe function in the current code;
    执行路径得到模块,用于在根据所述访问参数执行所述当前代码的过程中,通过所述探针函数记录所述当前代码中代码语句的执行顺序,得到所述当前代码的执行路径;An execution path obtaining module, configured to record, in the process of executing the current code according to the access parameter, an execution sequence of the code statement in the current code by using the probe function, to obtain an execution path of the current code;
    检测模块,用于检测所述当前代码的执行路径与预设路径是否一致;及a detecting module, configured to detect whether an execution path of the current code is consistent with a preset path; and
    漏洞确定模块,用于当所述执行路径与预设路径不一致,确定所述当前代码存在安全漏洞。The vulnerability determining module is configured to determine that the current code has a security vulnerability when the execution path is inconsistent with the preset path.
  9. 一种计算机设备,包括存储器及一个或多个处理器,所述存储器中储存有计算机可读指令,所述计算机可读指令被所述一个或多个处理器执行时,使得所述一个或多个处理器执行以下步骤:A computer device comprising a memory and one or more processors having stored therein computer readable instructions, the computer readable instructions being executed by the one or more processors to cause the one or more The processors perform the following steps:
    接收当前网络访问请求,所述当前网络访问请求携带有统一资源定位符以及访问参数;Receiving a current network access request, where the current network access request carries a uniform resource locator and an access parameter;
    根据所述统一资源定位符获取所述当前网络访问请求对应的当前代码;Obtaining, according to the uniform resource locator, a current code corresponding to the current network access request;
    在所述当前代码中插入探针函数;Inserting a probe function into the current code;
    在根据所述访问参数执行所述当前代码的过程中,通过所述探针函数记录所述当前代码中代码语句的执行顺序,得到所述当前代码的执行路径;In the process of executing the current code according to the access parameter, the execution order of the code statement in the current code is recorded by the probe function, and an execution path of the current code is obtained;
    检测所述当前代码的执行路径与预设路径是否一致;及Detecting whether the execution path of the current code is consistent with the preset path; and
    当所述执行路径与预设路径不一致,确定所述当前代码存在安全漏洞。When the execution path is inconsistent with the preset path, it is determined that the current code has a security vulnerability.
  10. 根据权利要求9所述的计算机设备,其特征在于,所述计算机可读指令被所述处理器执行时还执行以下步骤:The computer apparatus according to claim 9, wherein said computer readable instructions are further executed by said processor to perform the following steps:
    获取所述当前网络访问请求对应的当前网络页面;Obtaining a current network page corresponding to the current network access request;
    将所述访问参数与所述当前网络页面上预设的选项参数进行对比,确定所述选项参数与所述访问参数的包含关系;及Comparing the access parameter with an option parameter preset on the current network page, and determining an inclusion relationship between the option parameter and the access parameter; and
    所述在所述当前代码中插入探针函数的步骤包括:The step of inserting a probe function in the current code includes:
    当检测到所述选项参数不包括所述访问参数,在所述当前代码中插入探针函数。When it is detected that the option parameter does not include the access parameter, a probe function is inserted in the current code.
  11. 根据权利要求9所述的计算机设备,其特征在于,所述计算机可读指令被所述处理器执行时还执行以下步骤:The computer apparatus according to claim 9, wherein said computer readable instructions are further executed by said processor to perform the following steps:
    获取所述当前代码对应的多个历史网络访问请求的历史执行路径;及Obtaining a historical execution path of the plurality of historical network access requests corresponding to the current code; and
    计算所述各个历史执行路径的分布比例,将超过预设分布比例的历史执行路径作为所述预设路径。Calculating a distribution ratio of each of the historical execution paths, and using a historical execution path exceeding a preset distribution ratio as the preset path.
  12. 根据权利要求9至11任意一项所述的计算机设备,其特征在于,所述计算机可读指令被所述处理器执行时还执行以下步骤:A computer apparatus according to any one of claims 9 to 11, wherein the computer readable instructions are further executed by the processor to perform the following steps:
    获取所述当前代码的代码特征,所述代码特征包括所述当前代码对应的变量约束条件;Obtaining a code feature of the current code, the code feature including a variable constraint condition corresponding to the current code;
    根据所述变量约束条件构造测试参数;Constructing test parameters according to the variable constraints;
    根据所述测试参数执行所述当前代码,得到代码运行数据;及Performing the current code according to the test parameter to obtain code operation data; and
    根据所述代码运行数据确定所述当前代码对应的漏洞检测结果。Determining a vulnerability detection result corresponding to the current code according to the code running data.
  13. 根据权利要求12所述的计算机设备,其特征在于,所述代码特征还包括所述当前代码对应的功能控件,所述处理器所执行的所述根据所述测试参数执行所述当前代码,得到代码运行数据,包括:The computer device according to claim 12, wherein the code feature further comprises a function control corresponding to the current code, and the executing, by the processor, the executing the current code according to the test parameter, Code running data, including:
    根据所述功能控件以及所述测试参数构造测试网络访问请求;及Constructing a test network access request according to the functional control and the test parameter; and
    根据所述测试网络访问请求执行所述当前代码,得到代码运行数据。Executing the current code according to the test network access request to obtain code operation data.
  14. 根据权利要求9至11任意一项所述的计算机设备,其特征在于,所述计算机可读指令被所述处理器执行时还执行以下步骤:A computer apparatus according to any one of claims 9 to 11, wherein the computer readable instructions are further executed by the processor to perform the following steps:
    当确定所述当前代码存在漏洞,丢弃所述当前网络访问请求。When it is determined that the current code has a vulnerability, the current network access request is discarded.
  15. 一个或多个存储有计算机可读指令的非易失性计算机可读存储介质,所述计算机可读指令被一个或多个处理器执行时,使得所述一个或多个处理器执行以下步骤:接收当前网络访问请求,所述当前网络访问请求携带有统一资源定位符以及访问参数;One or more non-transitory computer readable storage mediums storing computer readable instructions, when executed by one or more processors, cause the one or more processors to perform the following steps: Receiving a current network access request, where the current network access request carries a uniform resource locator and an access parameter;
    根据所述统一资源定位符获取所述当前网络访问请求对应的当前代码;Obtaining, according to the uniform resource locator, a current code corresponding to the current network access request;
    在所述当前代码中插入探针函数;Inserting a probe function into the current code;
    在根据所述访问参数执行所述当前代码的过程中,通过所述探针函数记录所述当前代码中代码语句的执行顺序,得到所述当前代码的执行路径;In the process of executing the current code according to the access parameter, the execution order of the code statement in the current code is recorded by the probe function, and an execution path of the current code is obtained;
    检测所述当前代码的执行路径与预设路径是否一致;及Detecting whether the execution path of the current code is consistent with the preset path; and
    当所述执行路径与预设路径不一致,确定所述当前代码存在安全漏洞。When the execution path is inconsistent with the preset path, it is determined that the current code has a security vulnerability.
  16. 根据权利要求15所述的存储介质,其特征在于,所述计算机可读指令被所述处理器执行时还执行以下步骤:The storage medium of claim 15 wherein said computer readable instructions, when executed by said processor, further perform the following steps:
    获取所述当前网络访问请求对应的当前网络页面;Obtaining a current network page corresponding to the current network access request;
    将所述访问参数与所述当前网络页面上预设的选项参数进行对比,确定所述选项参数与所述访问参数的包含关系;及Comparing the access parameter with an option parameter preset on the current network page, and determining an inclusion relationship between the option parameter and the access parameter; and
    所述在所述当前代码中插入探针函数的步骤包括:The step of inserting a probe function in the current code includes:
    当检测到所述选项参数不包括所述访问参数,在所述当前代码中插入探针函数。When it is detected that the option parameter does not include the access parameter, a probe function is inserted in the current code.
  17. 根据权利要求15所述的存储介质,其特征在于,所述计算机可读指令被所述处理器执行时还执行以下步骤:The storage medium of claim 15 wherein said computer readable instructions, when executed by said processor, further perform the following steps:
    获取所述当前代码对应的多个历史网络访问请求的历史执行路径;及Obtaining a historical execution path of the plurality of historical network access requests corresponding to the current code; and
    计算所述各个历史执行路径的分布比例,将超过预设分布比例的历史执行路径作为所述预设路径。Calculating a distribution ratio of each of the historical execution paths, and using a historical execution path exceeding a preset distribution ratio as the preset path.
  18. 根据权利要求15至17任意一项所述的存储介质,其特征在于,所述计算机可读指令被所述处理器执行时还执行以下步骤:The storage medium according to any one of claims 15 to 17, wherein the computer readable instructions are further executed by the processor to perform the following steps:
    获取所述当前代码的代码特征,所述代码特征包括所述当前代码对应的变量约束条件;Obtaining a code feature of the current code, the code feature including a variable constraint condition corresponding to the current code;
    根据所述变量约束条件构造测试参数;Constructing test parameters according to the variable constraints;
    根据所述测试参数执行所述当前代码,得到代码运行数据;及Performing the current code according to the test parameter to obtain code operation data; and
    根据所述代码运行数据确定所述当前代码对应的漏洞检测结果。Determining a vulnerability detection result corresponding to the current code according to the code running data.
  19. 根据权利要求18所述的存储介质,其特征在于,所述代码特征还包括所述当前代码对应的功能控件,所述处理器所执行的所述根据所述测试参数执行所述当前代码,得到代码运行数据,包括:The storage medium according to claim 18, wherein the code feature further comprises a function control corresponding to the current code, and the executing, by the processor, executing the current code according to the test parameter Code running data, including:
    根据所述功能控件以及所述测试参数构造测试网络访问请求;及Constructing a test network access request according to the functional control and the test parameter; and
    根据所述测试网络访问请求执行所述当前代码,得到代码运行数据。Executing the current code according to the test network access request to obtain code operation data.
  20. 根据权利要求15至17任意一项所述的存储介质,其特征在于,所述计算机可读指令被所述处理器执行时还执行以下步骤:The storage medium according to any one of claims 15 to 17, wherein the computer readable instructions are further executed by the processor to perform the following steps:
    当确定所述当前代码存在漏洞,丢弃所述当前网络访问请求。When it is determined that the current code has a vulnerability, the current network access request is discarded.
PCT/CN2018/088856 2018-01-26 2018-05-29 Security test method, apparatus, computer device and storage medium WO2019144548A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810079189.6A CN108256322B (en) 2018-01-26 2018-01-26 Security testing method and device, computer equipment and storage medium
CN201810079189.6 2018-01-26

Publications (1)

Publication Number Publication Date
WO2019144548A1 true WO2019144548A1 (en) 2019-08-01

Family

ID=62742967

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/088856 WO2019144548A1 (en) 2018-01-26 2018-05-29 Security test method, apparatus, computer device and storage medium

Country Status (2)

Country Link
CN (1) CN108256322B (en)
WO (1) WO2019144548A1 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109344611B (en) * 2018-09-06 2024-02-27 天翼安全科技有限公司 Application access control method, terminal equipment and medium
CN110300119B (en) * 2019-07-09 2021-09-14 国家计算机网络与信息安全管理中心 Vulnerability verification method and electronic equipment
CN111176975B (en) * 2019-08-02 2021-06-25 腾讯科技(深圳)有限公司 Test method, device, equipment and computer readable storage medium
CN112905443A (en) * 2019-12-04 2021-06-04 阿里巴巴集团控股有限公司 Test case generation method, device and storage medium
CN112527691B (en) * 2021-02-18 2021-06-11 深圳开源互联网安全技术有限公司 Program safety detection protection method, middleware system and safety middleware system
CN113360419B (en) * 2021-08-11 2022-06-07 云智慧(北京)科技有限公司 Application data processing method, device and equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102088379A (en) * 2011-01-24 2011-06-08 国家计算机网络与信息安全管理中心 Detecting method and device of client honeypot webpage malicious code based on sandboxing technology
CN102982282A (en) * 2012-11-26 2013-03-20 北京神州绿盟信息安全科技股份有限公司 Program bug detection system and method
CN103473171A (en) * 2013-08-28 2013-12-25 北京信息科技大学 Coverage rate dynamic tracking method and device based on function call paths
CN104765687A (en) * 2015-04-10 2015-07-08 江西师范大学 J2EE (Java 2 Enterprise Edition) program bug detection method based on object tracking and taint analysis
CN106411906A (en) * 2016-10-10 2017-02-15 合肥红珊瑚软件服务有限公司 SQL (Structured Query Language) injection flaw positioning and detecting method

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105653949B (en) * 2014-11-17 2019-06-21 华为技术有限公司 A kind of malware detection methods and device
CN105939350B (en) * 2016-05-30 2020-02-07 北京京东尚科信息技术有限公司 Network access control method and system
CN106101145B (en) * 2016-08-10 2019-11-15 北京神州绿盟信息安全科技股份有限公司 A kind of website vulnerability detection method and device
CN106529286A (en) * 2016-10-17 2017-03-22 杭州迪普科技股份有限公司 Behavior detection method and apparatus
CN107315961B (en) * 2017-07-11 2020-06-23 北京奇虎科技有限公司 Program vulnerability detection method and device, computing equipment and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102088379A (en) * 2011-01-24 2011-06-08 国家计算机网络与信息安全管理中心 Detecting method and device of client honeypot webpage malicious code based on sandboxing technology
CN102982282A (en) * 2012-11-26 2013-03-20 北京神州绿盟信息安全科技股份有限公司 Program bug detection system and method
CN103473171A (en) * 2013-08-28 2013-12-25 北京信息科技大学 Coverage rate dynamic tracking method and device based on function call paths
CN104765687A (en) * 2015-04-10 2015-07-08 江西师范大学 J2EE (Java 2 Enterprise Edition) program bug detection method based on object tracking and taint analysis
CN106411906A (en) * 2016-10-10 2017-02-15 合肥红珊瑚软件服务有限公司 SQL (Structured Query Language) injection flaw positioning and detecting method

Also Published As

Publication number Publication date
CN108256322B (en) 2020-10-27
CN108256322A (en) 2018-07-06

Similar Documents

Publication Publication Date Title
US11025674B2 (en) Cybersecurity profiling and rating using active and passive external reconnaissance
WO2019144548A1 (en) Security test method, apparatus, computer device and storage medium
Zuo et al. Why does your data leak? uncovering the data leakage in cloud from mobile apps
US11601475B2 (en) Rating organization cybersecurity using active and passive external reconnaissance
US20220014560A1 (en) Correlating network event anomalies using active and passive external reconnaissance to identify attack information
US20210297447A1 (en) Detecting and mitigating attacks using forged authentication objects within a domain
US11005824B2 (en) Detecting and mitigating forged authentication object attacks using an advanced cyber decision platform
US9679125B2 (en) Characterizing user behavior via intelligent identity analytics
CN108932426B (en) Unauthorized vulnerability detection method and device
WO2019144549A1 (en) Vulnerability testing method and device, computer equipment, and storage medium
US11552968B2 (en) System and methods for detecting and mitigating golden SAML attacks against federated services
CN104685510B (en) Recognition application whether be rogue program method, system and storage medium
US20210021644A1 (en) Advanced cybersecurity threat mitigation using software supply chain analysis
US20180075240A1 (en) Method and device for detecting a suspicious process by analyzing data flow characteristics of a computing device
CN113489713B (en) Network attack detection method, device, equipment and storage medium
US11757849B2 (en) Detecting and mitigating forged authentication object attacks in multi-cloud environments
US20210360032A1 (en) Cybersecurity risk analysis and anomaly detection using active and passive external reconnaissance
US20220014561A1 (en) System and methods for automated internet-scale web application vulnerability scanning and enhanced security profiling
US20210281609A1 (en) Rating organization cybersecurity using probe-based network reconnaissance techniques
US20230283641A1 (en) Dynamic cybersecurity scoring using traffic fingerprinting and risk score improvement
CN109145651B (en) Data processing method and device
US20230388278A1 (en) Detecting and mitigating forged authentication object attacks in multi - cloud environments with attestation
CN114138590A (en) Operation and maintenance processing method and device for Kubernetes cluster and electronic equipment
Alidoosti et al. Evaluating the web‐application resiliency to business‐layer DoS attacks
CN116094849B (en) Application access authentication method, device, computer equipment and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18902841

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 10/11/2020)

122 Ep: pct application non-entry in european phase

Ref document number: 18902841

Country of ref document: EP

Kind code of ref document: A1