CN101902470A - Form feature-based Web security vulnerability dynamic testing method - Google Patents

Form feature-based Web security vulnerability dynamic testing method Download PDF

Info

Publication number
CN101902470A
CN101902470A CN2010102264716A CN201010226471A CN101902470A CN 101902470 A CN101902470 A CN 101902470A CN 2010102264716 A CN2010102264716 A CN 2010102264716A CN 201010226471 A CN201010226471 A CN 201010226471A CN 101902470 A CN101902470 A CN 101902470A
Authority
CN
China
Prior art keywords
test
test case
list
value
web
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2010102264716A
Other languages
Chinese (zh)
Other versions
CN101902470B (en
Inventor
张立久
顾庆
彭树森
陈翔
陈道蓄
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing University
Original Assignee
Nanjing University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University filed Critical Nanjing University
Priority to CN201010226471.6A priority Critical patent/CN101902470B/en
Publication of CN101902470A publication Critical patent/CN101902470A/en
Application granted granted Critical
Publication of CN101902470B publication Critical patent/CN101902470B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Computer And Data Communications (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention discloses a form feature-based Web security vulnerability dynamic testing method. The method comprises the following steps of: 1) extracting automation features of a page to be tested of Web application, a form and a form domain thereof; and acquiring and storing data; 2) endowing each form domain with a group of test candidate values by taking the form as a testing unit; primarily generating an all-combination test case set; computing a weight value for each test case; and generating a test case set by using a maximal weight selection method; 3) executing the test case set; and 4) performing potential security vulnerability analysis aiming at an execution result of each test case, and summarizing and generating a test report. The method endows the form domain with a security vulnerability testing value in a targeted way by using field knowledge by performing feature analysis on the Web form, interacts with a Web server to acquire a server response, and automatically tests a potential security vulnerability in the Web application according to a response result.

Description

A kind of Web security vulnerability dynamic testing method based on form feature
Technical field
The present invention relates to Web and use that the security breaches based on the list input domain detect in the automatization testing technique, being particularly related to the Web list becomes under the situation of one of main path that the Web application safety attacks, effectively analyze and the feature of utilization list, give security breaches test value targetedly for each input domain of list and detect the security breaches of Web in using.
Background technology
Web application safety leak dynamic testing method has been applied in the safety test work of Web application at present.Safety test is a requisite link in the Web application development process, and its final goal is fail safe and the reliability that guarantees that Web uses.Along with the increasingly sophisticated of Web application system scale and deep day by day to social life influence, the demand of Web application safety test is also more and more outstanding.Traditional Hole Detection method needs Web application testing personnel to utilize professional standing and experience, and with user identity operation Web application system, Web application safety leak is sought in the imitation assault.This makes security breaches testing result tested person personnel ability, state and the influence of Web being used familiarity to a great extent.And the automation safety test requires to produce a large amount of test cases at Web application safety leak, compares and can improve the test effect simultaneously at saving test resource and cost with the manual testing.The code structure of Web application and the information of functional specification aspect need be effectively used in the automation safety test.
Present existing security flaw detection method can roughly be divided into technique of dynamic measurement and static analysis technology.The Web session information is auxiliary to generate test case to technique of dynamic measurement by collecting, but such technology still is difficult to fully detect the various leaks that exist in the Web application at present.The static analysis technology adopts control flow graph and data flow diagram that the source code that Web uses is analyzed, and this class Technology Need obtains tested Web application source code and directly related with concrete Web application programming language.
Summary of the invention
Main purpose of the present invention is, poor expandability limited at traditional Web application safety Hole Detection method application scenarios and the not high problem of performance, a kind of Web application safety leak dynamic testing method based on form feature is proposed, the utilization domain knowledge generates test value for the list input domain targetedly, with the list is test cell, and the mode by dynamic test detects Web and uses potential security breaches.
For achieving the above object, the present invention adopts following step:
1) the Web form feature is collected: the automation feature of the page to be measured, its list and the form fields that Web is used is extracted, collect and preserve following data: Web page feature, the HTML imformosome that comprises Status-Line, contains the header of Cookie and contain list; Form feature comprises action (action), method (method) and data form (enctype); The form fields feature comprises type (type), title (name) and initial value (initial_value);
2) test use cases generates: with the list is measuring unit, for each form fields of each list is given one group of specific security breaches test candidate value, and passes through the full compound mode of form fields candidate value, tentatively generates the full combined test set of uses case of this list; According to the harmfulness of security breaches, calculate weights of representing its Hole Detection ability for each test case then, weights are big more, represent that its Hole Detection ability is strong more; At last, utilize maximum weights back-and-forth method, select one by one to generate the test use cases of given size;
3) test use cases is carried out: based on test use cases a series of HTTP requests for each list generates, and the corresponding test case of each HTTP request, the value of each form fields is provided by the test case of correspondence in the list; The HTTP request is submitted to Web server one by one and is collected http response, as the execution result of this list under this test use cases;
4) potential security hole detects: with the list is unit, execution result at each test case, execution result to test case carries out the potential security hole analysis, at first obtains the testing result of single list, and then gathers the security breaches test report that generates the Web application.
Above-mentioned steps 2) giving one group of specific security breaches test candidate value process for each form fields of each list in is: at first make up a Web application safety leak assignment rule storehouse R s, and by rule base R sFinish the automatic assignment of each form fields; Rule base R sMiddle rule schemata is as follows:
Rule ≡<constraint, test_target, value 〉, wherein constraint is a constraints, represents with regular expression, determines whether a form fields can use this rule; Test_target be at security breaches or attack type; Value is the test value that satisfies the test_target type leak of constraint constraint.
On behalf of the process of the weights of its Hole Detection ability, calculate one for each test case above-mentioned steps 2) be: to rule base R sEach leak type (test_target) of middle rule according to its size to Web application security threaten degree, is endowed a weight w (0<w≤1); Rule base R SThe leak type of middle test_target correspondence includes: XSS, SQLI and NORMAL type, and the security breaches threaten degree sorts as follows from big to small: SQLI>XSS>NORMAL, the leak that threaten degree is big is given bigger weights; According to the weight w of each security breaches type (test_target), give each concentrated test case t of candidate's test case again sCalculate a weights W (t s), described t s=<v 1, v 2..., v n, v iExpression test case t sI form fields f iValue; The formula that calculates the test case weights is as follows:
W ( t m ) = Σ i = 1 n d ( v i )
D (v wherein i) expression form fields f iValue v iThe time be test case t sThe weights of contribution, and calculate by following formula:
Figure BSA00000189570300032
Above-mentioned steps 2) process that adopts maximum weights back-and-forth method to generate test use cases in is: a given list F=<f that n form fields arranged 1, f 2..., f n, form fields f iBe endowed and comprise k iThe assignment set of>0 candidate's test value
Figure BSA00000189570300033
Figure BSA00000189570300034
Adopt full combined method will produce a scale to be
Figure BSA00000189570300035
Candidate's test use cases; Further adopt greedy method, choose test case successively with maximum weights, till test use cases reaches given size or does not have optional test case, thus the test use cases that is configured for carrying out.
Above-mentioned steps 3) process that test use cases is carried out is: at the Web page at tested list and list place, to each test case, create and a HTTP request of initialization Req, and, specifically comprise: request row (Request-Line), header (containing Cookie), new line (CRLF) and message body with the tested Web page and tested form information initialization request Req wherein; Fill the Req content according to test case, make test case t s=<v 1, v 2..., v n, extract each form fields f iName and v iValue form " name-value pair " (name-value), (GET or POST) does following processing by the request mode:
1) HTTP request mode is GET, then with t sAll name-value append among the URI of request row;
2) HTTP request mode is POST, then with t sAll name-value assignment submit Req request and waiting for server response with client identity to Web server then for the POST parameter of message body.
Above-mentioned steps 4) detailed process is: according to the web server response sign indicating number, extract response results Result, it is carried out the analysis of tested list potential security hole, and then gather and generate Web application safety leak test report, wherein the processing of obtaining response results Result according to web server response information has following several situation:
1) answer code is " 1xx ", and expression HTTP request is received, needs to continue the further response of waiting for server;
2) answer code is " 2xx ", and expression HTTP ask successfully, and the HTML content that this moment collection responds is saved in as a result among the Result;
3) answer code is " 3xx ", and the expression resource request is redirected, and needs waiting for server further to handle.If be redirected successfully, collect the HTML content of response, be saved in as a result among the Result;
4) answer code is " 4xx ", and the expression client is sent the serviced device end refusal of false request, can ignore;
5) answer code is " 5xx ", and the expression server error attempt to be collected error message and is saved in as a result among the Result.
If collect unsuccessful expression unknown error, the security breaches of having found unknown (UNKNOWN) be described.
Above-mentioned steps 4) according to Hole Detection rule base R dDetect potential security hole, be specially: at first make up security breaches and detect rule base R d, regular Kuku R dMiddle rule format is as follows: rule ≡<vulnerability_type, regular_expression 〉, wherein vulnerability_type is the security breaches type, regular_expression is the used regular expression of match responding result;
In the potential security hole analytic process, to each value v of performed test case i, this v iCorresponding form fields f i, at rule base R dThe same v of middle retrieval i.test_target Dui Ying security breaches detect regular r, i.e. r.vulnerability_type==v i.test_target; Regular expression regular_expression with the regular r that retrieves mates the server response results Result that collects, the match is successful then represents to find the potential Web application safety leak that type is r.vulnerability_type, when checking, the test_target of test case all values represents that the test result inspection of this test case finishes when finishing.
The inventive method proposes a cover Web application safety leak automation dynamic testing method at the feature of list and input domain thereof.Method from the Web form feature collect, test case generates, test case is carried out, detect until potential security hole, whole flow process can full automation, saves testing time and human cost greatly, and is particularly suitable for loaded down with trivial details Web application testing.On the other hand, the present invention is based on form feature and attack type, making up and use Web application safety leak domain knowledge base to carry out the form fields assignment (needs security breaches assignment rule storehouse R s) and security breaches detect and (to need security breaches to detect rule base R d), have good expandability: detect for new security breaches, only need to generate corresponding assignment rule respectively and detect rule, and add assignment rule storehouse R to according to the test value and the detection method of this leak sWith detection rule base R dIn, carry out the inventive method then and get final product.We adopt the inventive method to finish case study, and the result shows that this method can effectively detect potential security breaches in the Web application.Experiment detects more than 20 potential security hole (comprising cross-site scripting attack and SQL injection attacks) from more than 50 lists, through manually checking, more than the rate of accuracy reached to 95%.
Be elaborated below in conjunction with accompanying drawing.
Description of drawings
Fig. 1 is based on the overall construction drawing of the Web application safety leak dynamic testing method of form feature,
Fig. 2 is the workflow diagram of Web application safety leak dynamic testing method,
Fig. 3 is the process chart that the Web form feature extracts,
Fig. 4 is the process chart of each form fields assignment of Web list,
Fig. 5 is meant the process chart of set pattern mould test use cases generating algorithm,
Fig. 6 is the process chart at the list implementation of test cases,
Fig. 7 is the process chart of list potential security hole detection algorithm.
Embodiment
As shown in Figure 1, analyze the architecture tissue of four modules based on the Web application safety leak dynamic testing method of form feature by the collection of Web form feature, test use cases generation, test use cases execution and potential security hole according to stream.Wherein Web form feature collection module is compiled Web page info and the form feature that is comprised, each edit field that comprises list is (as the input form fields of text, password type, and textarea form fields) and non-edit field (as the input form fields of radio, checkbox, submit, reset, hidden type, the select form fields), general designation list input domain (abbreviation form fields).The test use cases generation module is a unit with the list, utilizes Web application safety leak domain knowledge, for each input domain of list is given one group of particular vulnerability candidate test value; For list generates test use cases, wherein each test case is specified a test value for each form fields then.The test use cases Executive Module generates a series of HTTP requests at given list, and each HTTP request is at a test case, and wherein each list valuation of a field of list is determined by test case; Submit to Web server more one by one and collect http response, as the execution result of this list under this group test case.The potential security hole detection module is unit with the list, at the execution result of each test case of list, utilizes Web application safety leak domain knowledge, analyzes potential security breaches in the list; And then gather and generate the potential security hole examining report that whole Web uses.
Workflow of the present invention as shown in Figure 2.
The Web form feature collection module of step 1 be responsible for collecting the Web page, comprise list, and the information of each form fields of list.At first, generate a HTTP request that is used for obtaining this Web page form information, submit to Web server and waiting for server response (the 1.1st step) according to the URL of the tested Web page.Receive and preserve the response data of Web server then, comprising: responsive state capable (Status-Line), header (contain Cookie data are set), new line symbol (CRLF), and imformosome (HTML that contains list) (the 1.2nd step).The form feature that carries out the Web page at last extracts (the 1.3rd step).
The detailed process flow process of Web page list feature extraction as shown in Figure 3.Each list F in the Web page, carry out following two steps successively:
1) extracts the feature of list F, comprise action (action), method (method), the data form (enctype) of list
Three attributes (1.3.1 step);
2) each form fields f of extraction list F iFeature, comprise type (type), title (name), three attributes of initial value (initial_value) (1.3.2 step);
The form feature that the test use cases generation module of step 2 extracts according to step 1 generates the test use cases at this list.This part is created by the present invention.At first the candidate value of finishing each form fields in the list in the 2.1st step calculates; Generating the whole of all form fields according to full combined method then in the 2.2nd step may value make up, and constitutes full combined test set of uses case; In the 2.3rd step, carry out the weights estimation at last, sort from big to small based on weights and extract the test case of specified quantity, the test use cases that is configured for carrying out according to security breaches and Hole Detection ability that each test case covered.
Wherein the detailed process handled of the Web form fields assignment in the 2.1st step as shown in Figure 4, the core of this algorithm is indicated by 2.1.1 among the figure.Algorithm need be used an assignment rule storehouse R s, each regular form is as follows in the storehouse: rule ≡<constraint, test_target, value 〉, wherein constraint is a constraints, represents with the canonical formula, determines whether a form fields can use this rule; As " fieldtype: " text " ", represent the input territory of this application of rules " text " type; Test_target be at security breaches or attack type, as " XSS " (cross-site scripting attack), " SQLI " (SQL injection attacks) and " NORMAL " (non-leak-be normal type); Value is the test value that satisfies the test_target type leak of constraint constraint, as "<div style=" background:url (javascript:alert ()) "〉".
At given list, for each form fields f of list i, use f iAttribute remove matching rule base R sIn the constraints constraint of each bar rule r.
1), then be f if the match is successful for regular r iAdd a candidate value v i, v iValue provide by r.value, at be that the security breaches of r.test_target type are (by v j.test_target mark).For example: given following regular r 0:
r 0≡<constraint:{fieldname:“/username?|usrname?|us|(usr\w*)/i”,fieldtype:“text”,
maxlength:l00},testtarget:”XSS”value:’<div?style=
“background:url(javascript:alert())”>’>,
If form fields f iTitle meet the described Naming conventions of fieldname field in the constraints, type is no more than 100 for " text " and maximum length, will be f so iAdding a type (test_target) is " XSS " (cross-site scripting attack), and value (value) is the candidate value v of "<div style=" background:url (javascript:alert ()) "〉" i
2) if in rule base, do not find the rule of coupling, then be form fields f iCompose default value: leak type test_target field assignment " NORMAL " (not at any leak), test value value field can assignment be f iInitial value (initial_value).
By above-mentioned processing, finish form fields f iAfter the assignment, f iOne group of test value V will be arranged i, K wherein i>0 is form fields f iThe candidate's test value quantity that is had.
The leak type of test_target correspondence mainly contains among the rule base Rs at present: XSS, SQLI and NORMAL type.The leak type can be augmented, and the constructing technology of rule base does not belong to the category of the inventive method.Each leak type is endowed a weight w (0<w≤1) according to its size to Web application security threaten degree.The present invention sorts as follows to these security breaches threaten degrees from big to small: SQLI>XSS>NORMAL, the leak that threaten degree is big will be given bigger weights.
The full combined test set of uses case generative process in the 2.2nd step might be combined into capable enumerating to the institute of the candidate value of this each form fields of list, thereby produces candidate's test use cases in large scale.For example: a given list F=<f that n form fields arranged 1, f 2..., f n, form fields f iThere is one to comprise k iThe assignment set of>0 candidate's test value
Figure BSA00000189570300072
Figure BSA00000189570300073
This step will produce a scale and be so
Figure BSA00000189570300074
Test use cases, each test case shape as:
Figure BSA00000189570300075
0<s i≤ k i
The algorithm process flow process that generates test use cases by given size in the 2.3rd step as shown in Figure 5, this algorithm generates the test case of specified quantity at given list, mainly is divided into following steps:
1) all test cases in the full combined test set of uses case of this list is carried out weights and calculate (2.3.1 step);
2) repeated using greedy method, each test case from the concentrated right to choose value maximum of candidate's test case is till reaching given size or not having optional test case (2.3.2 step).
In step,, make test case t at 2.3.1 for the list of n form fields s=<v 1, v 2..., v n, v wherein iExpression test case t sIn i form fields f iValue.Use-case t sWeights can calculate and get by formula (1):
W ( t s ) = &Sigma; i = 1 n d ( v i ) - - - ( 1 )
D (v wherein i) expression form fields f iValue v iThe time to test case t sThe weights of contribution, calculated by formula (2):
Figure BSA00000189570300077
D (v i) the same v of value i.test_target at test case t sIn the position relevant, and if only if v i.test_target at t sEach form fields assignment in test case t appears for the first time sV iTest value just can be this test case contribution certain weight w, and its size is by v i.test_target the harmfulness decision of corresponding security breaches.
In 2.3.2 step, utilize greedy method, from the full combined test set of uses case of candidate, select the test case of weights maximum at every turn, put into as a result test case and concentrate, till reaching given size or not having optional test case.
The test case Executive Module of step 3 is mainly finished two tasks: execution of test case (the 3.1st step) and test execution result's collection (the 3.2nd step).Wherein the detailed process of implementation of test cases as shown in Figure 6.At first in 3.1.1 goes on foot, the Web page at given list and list place, to each test case, create and a HTTP request of initialization Req, and, specifically comprise: request row (Request-Line), header (containing Cookie), new line (CRLF) and message body with the tested Web page and tested form information initialization request Req wherein.The HTTP request has two kinds of request mode: GET and POST according to the commit method (method) that list is provided with.Under " GET " request mode, form data is carried by the URI of request row; Under " POST " request mode, form data is carried by message body POST parameter.Thereby in 3.1.2 goes on foot, for each concentrated test case t of test case s=<v 1, v 2..., v n, extract each form fields f iName and v iValue form " name-value pair " (name-value), do following processing by the request mode:
1) HTTP request mode is GET, then with t sAll name-value append among the URI of request row;
2) HTTP request mode is POST, then with t sAll name-value assignment in the step, submit Req request and waiting for server response (3.1.3 step) to Web server at 3.1.3 at last for the POST parameter of message body with client identity.
The execution result in the 3.2nd step is collected the http response data of being responsible for accepting and storing Web server, uses for follow-up potential security hole analysis module.
The potential leak analysis module of step 4 is finished the potential leak analysis (the 4.1st step) of a corresponding list in the Web application mainly based on the pairing server response message of implementation of test cases, and gathers generation security breaches examining report (the 4.2nd step).
Wherein at the detailed process of single list potential security hole parser as shown in Figure 7, this algorithm mainly is divided into two parts: the server response results is extracted (4.1.1 step) and potential security hole analysis (4.1.2 step).In server response results leaching process, algorithm detects the http response sign indicating number of Web server and further handles:
1) answer code is " 1xx ", and expression HTTP request is received, needs to continue the further response of waiting for server;
2) answer code is " 2xx ", and expression HTTP ask successfully, and the HTML content that this moment collection responds is saved in as a result among the Result;
3) answer code is " 3xx ", and the expression resource request is redirected, and needs waiting for server further to handle.If be redirected successfully, collect the HTML content of response, be saved in as a result among the Result;
4) answer code is " 4xx ", and the expression client is sent the serviced device end refusal of false request, can ignore;
5) answer code is " 5xx ", and the expression server error attempt to be collected error message and is saved in as a result among the Result.
If collect unsuccessful expression unknown error, the security breaches of having found unknown (UNKNOWN) be described.
According to the server response results Result that extracts, further analyze potential Web application safety leak in the 4.1.2 step.Need this moment to use security breaches to detect rule base R d, rule format is as follows in the storehouse: rule ≡<vulnerability_type, regular_expression 〉.
Wherein vulnerability_type is the security breaches type, and regular_expression is the used regular expression of match responding result.In the security breaches analytic process, to each value v of performed test case i(corresponding form fields f i), at storehouse R dThe same v of middle retrieval i.test_target Dui Ying security breaches detect regular r, i.e. r.vulnerability_type==v i.test_target; With the server response results Result that the regular expression regular_expression coupling of the regular r that retrieves is collected, the match is successful then represents to find the potential Web application safety leak that type is r.vulnerability_type.When checking, the test_target of test case all values represents that this test case test result inspection finishes when finishing.
The test result that gathers all test cases in the 4.2nd step at the tested list and the place Web page, generates its potential security hole report.And then gather and generate the test report of using at whole Web.
Characteristics based on the Web application safety leak dynamic testing method of form feature are that with the Web list be basic test unit, make up test assignment rule storehouse at the known attack means; Be each form fields assignment in the list then; Generate and be used for the test use cases of security breaches detection according to weights size sequencing selection based on full combination; Then be HTTP request and execution with each test case conversion; Make up the Hole Detection rule base according to known attack, at last according to test result analysis with gather Web and use potential security hole.We realize this patented method, picked at random 55 lists in some websites carry out the security breaches detection of dynamic in the education network, symbiosis becomes 96786 full combined test use-cases, utilizes greedy method to select 3387 use-cases wherein to constitute 55 actual test use cases of carrying out.Last experimental result is as shown in the table:
Find the test case number of XSS leak 364
Find the list number of XSS leak 15
Find the test case number of SQLI leak 108
Find the list number of SQLI leak 8
There is the list number of XSS leak in artificial checking 15
There is the list number of SQLI leak in artificial checking 7
Experimental result shows, the inventive method can be accurately and effectively detected the potential security hole that Web uses; Wherein have the test case more than 10% to find security breaches, and in whole 22 lists that have security breaches of being found, only have 1 to be proved to be wrong report, accuracy rate is more than 95%.

Claims (7)

1. Web application safety leak dynamic testing method based on form feature is characterized in that may further comprise the steps:
1) the Web form feature is collected: the automation feature of the page to be measured, its list and the form fields that Web is used is extracted, collect and preserve following data: Web page feature, the HTML imformosome that comprises Status-Line, contains the header of Cookie and contain list; Form feature comprises action (action), method (method) and data form (enctype); The form fields feature comprises type (type), title (name) and initial value (initial_value);
2) test use cases generates: with the list is measuring unit, for each form fields of each list is given one group of specific security breaches test candidate value, and passes through the full compound mode of form fields candidate value, tentatively generates the full combined test set of uses case of this list; According to the harmfulness of security breaches, calculate weights of representing its Hole Detection ability for each test case then, weights are big more, represent that its Hole Detection ability is strong more; At last, utilize maximum weights back-and-forth method, select one by one to generate the test use cases of given size;
3) test use cases is carried out: based on test use cases a series of HTTP requests for each list generates, and the corresponding test case of each HTTP request, the value of each form fields is provided by the test case of correspondence in the list; The HTTP request is submitted to Web server one by one and is collected http response, as the execution result of this list under this test use cases;
4) potential security hole detects: with the list is unit, at the execution result of each test case, the execution result of test case is carried out the potential security hole analysis; At first obtain the testing result of single list, and then gather the security breaches test report that generates the Web application.
2. the Web application safety leak dynamic testing method based on form feature according to claim 1 is characterized in that step 2) in give one group of specific security breaches test candidate value process for each form fields of each list and be: at first make up a Web application safety leak assignment rule storehouse R s, and by rule base R sFinish the automatic assignment of each form fields; Rule base R sMiddle rule schemata is as follows:
Rule ≡<constraint, test_target, value 〉, wherein constraint is a constraints, represents with regular expression, determines whether a form fields can use this rule; Test_target be at security breaches or attack type; Value is the test value that satisfies the test_target type leak of constraint constraint.
3. the Web application safety leak dynamic testing method based on form feature according to claim 2 is characterized in that step 2) in calculate one for each test case and represent the process of the weights of its Hole Detection ability to be: to rule base R sEach leak type (test_target) of middle rule according to its size to Web application security threaten degree, is endowed a weight w (0<w≤1); Rule base R sThe leak type of middle test_target correspondence includes: XSS, SQLI and NORMAL type, and the security breaches threaten degree sorts as follows from big to small: SQLI>XSS>NORMAL, the leak that threaten degree is big is given bigger weights; According to the weights of each security breaches type (test_target), give each concentrated test case t of candidate's test case again sCalculate a weights W (t s), described t s=<v 1, v 2..., v n, v iExpression test case t sI form fields f iValue; The formula that calculates the test case weights is as follows:
W ( t m ) = &Sigma; i = 1 n d ( v i )
D (v wherein i) expression form fields f iValue v iThe time be test case t sThe weights of contribution, calculated by following formula:
Figure FSA00000189570200022
4. the Web application safety leak dynamic testing method based on form feature according to claim 3 is characterized in that step 2) in adopt maximum weights back-and-forth method to generate test use cases process be: a given list F=<f that n form fields arranged 1, f 2..., f n, form fields f iBe endowed and comprise k iThe assignment set of>0 candidate's test value
Figure FSA00000189570200023
Figure FSA00000189570200024
Adopt full combined method will produce a scale to be
Figure FSA00000189570200025
Candidate's test use cases; Further adopt greedy method, choose test case successively with maximum weights, till test use cases reaches given size or does not have optional test case, thus the test use cases that is configured for carrying out.
5. according to claim 1,2,3 or 4 described Web application safety leak dynamic testing methods based on form feature, the process that it is characterized in that the test use cases execution of step 3) is: at the Web page at tested list and list place, to each test case, create and a HTTP request of initialization Req, and, specifically comprise: request row (Request-Line), header (containing Cookie), new line (CRLF) and message body with the tested Web page and tested form information initialization request Req wherein; Fill the Req content according to test case, make test case t s=<v 1, v 2..., v n, extract each form fields .f iName and v iValue form " name-value pair " (name-value), by the request mode, i.e. GET or POST, do following processing:
1) HTTP request mode is GET, then with t sAll name-value append among the URI of request row;
2) HTTP request mode is POST, then with t sAll name-value assignment submit Req request and waiting for server response with client identity to Web server then for the POST parameter of message body.
6. the Web application safety leak dynamic testing method based on form feature according to claim 5, the detailed process that it is characterized in that step 4) is: according to the web server response sign indicating number, extract response results Result, it is carried out the analysis of tested list potential security hole, and then gather and generate Web application safety leak test report, wherein the processing of obtaining response results Result according to web server response information has following several situation:
1) answer code is " 1xx ", and expression HTTP request is received, needs to continue the further response of waiting for server;
2) answer code is " 2xx ", and expression HTTP ask successfully, and the HTML content that this moment collection responds is saved in as a result among the Result;
3) answer code is " 3xx ", and the expression resource request is redirected, and needs waiting for server further to handle.If be redirected successfully, collect the HTML content of response, be saved in as a result among the Result;
4) answer code is " 4xx ", and the expression client is sent the serviced device end refusal of false request, can ignore;
5) answer code is " 5xx ", and the expression server error attempt to be collected error message and is saved in as a result among the Result.
If collect unsuccessful expression unknown error, the security breaches of having found unknown (UNKNOWN) be described.
7. the Web application safety leak dynamic testing method based on form feature according to claim 6 is characterized in that step 4) is according to Hole Detection rule base R dDetect potential security hole, be specially: at first make up security breaches and detect rule base R d, regular Kuku R dMiddle rule format is as follows: rule ≡<vulnerability_type, regular_expression 〉, wherein vulnerability_type is the security breaches type, regular_expression is the used regular expression of match responding result;
In the potential security hole analytic process, to each value v of performed test case i, this v iCorresponding form fields f i, at rule base R dThe same v of middle retrieval i.test_target Dui Ying security breaches detect regular r, i.e. rvulnerability_type==v i.test_target; Regular expression regular_expression with the regular r that retrieves mates the server response results Result that collects, the match is successful then represents to find the potential Web application safety leak that type is r.vulnerability_type, when checking, the test_target of test case all values represents that the test result inspection of this test case finishes when finishing.
CN201010226471.6A 2010-07-14 2010-07-14 Form feature-based Web security vulnerability dynamic testing method Expired - Fee Related CN101902470B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201010226471.6A CN101902470B (en) 2010-07-14 2010-07-14 Form feature-based Web security vulnerability dynamic testing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201010226471.6A CN101902470B (en) 2010-07-14 2010-07-14 Form feature-based Web security vulnerability dynamic testing method

Publications (2)

Publication Number Publication Date
CN101902470A true CN101902470A (en) 2010-12-01
CN101902470B CN101902470B (en) 2013-08-21

Family

ID=43227671

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201010226471.6A Expired - Fee Related CN101902470B (en) 2010-07-14 2010-07-14 Form feature-based Web security vulnerability dynamic testing method

Country Status (1)

Country Link
CN (1) CN101902470B (en)

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102075927A (en) * 2011-01-11 2011-05-25 中国联合网络通信集团有限公司 Security configuration method and system for wireless network equipment
CN103023710A (en) * 2011-09-21 2013-04-03 阿里巴巴集团控股有限公司 Safety test system and method
WO2013111027A1 (en) * 2012-01-24 2013-08-01 International Business Machines Corporation Dynamically scanning a web application through use of web traffic information
CN103647678A (en) * 2013-11-08 2014-03-19 北京奇虎科技有限公司 Method and device for online verification of website vulnerabilities
CN103679018A (en) * 2012-09-06 2014-03-26 百度在线网络技术(北京)有限公司 Method and device for detecting CSRF loophole
CN104184762A (en) * 2013-05-23 2014-12-03 腾讯科技(深圳)有限公司 Fault information feedback method and system of server
CN104375935A (en) * 2014-11-13 2015-02-25 华为技术有限公司 Method and device for testing SQL injection attack
WO2015067114A1 (en) * 2013-11-08 2015-05-14 腾讯科技(深圳)有限公司 Method, apparatus, terminal and media for detecting document object model-based cross-site scripting attack vulnerability
CN104679656A (en) * 2015-03-13 2015-06-03 哈尔滨工程大学 Combination testing method for adaptively adjusting defect detection rate
CN104766013A (en) * 2015-04-10 2015-07-08 北京理工大学 Skip list based cross-site scripting attack defense method
CN104794396A (en) * 2014-01-16 2015-07-22 腾讯科技(深圳)有限公司 Cross-site script vulnerability detection method and device
CN104866769A (en) * 2015-06-01 2015-08-26 广东电网有限责任公司信息中心 Vulnerability analyzing method and system based on fingerprint acquisition of business system host
US9262309B2 (en) 2013-09-30 2016-02-16 International Business Machines Corporation Optimizing test data payload selection for testing computer software applications that employ data sanitizers and data validators
CN105391729A (en) * 2015-11-30 2016-03-09 中国航天科工集团第二研究院七〇六所 Web loophole automatic mining method based on fuzzy test
CN105991554A (en) * 2015-02-04 2016-10-05 阿里巴巴集团控股有限公司 Vulnerability detection method and equipment
CN105991517A (en) * 2015-01-28 2016-10-05 中国信息安全测评中心 Vulnerability discovery method and device
CN106778280A (en) * 2016-11-02 2017-05-31 北京知道未来信息技术有限公司 A kind of long-range leak PoC write methods of filled type and leak detection method
CN106951242A (en) * 2017-03-10 2017-07-14 北京白帽汇科技有限公司 A kind of generation method, equipment and the computing device of validating vulnerability program
CN107818051A (en) * 2017-11-27 2018-03-20 北京新能源汽车股份有限公司 The branch instruction analysis method, apparatus and server of a kind of test case
CN108009427A (en) * 2017-11-29 2018-05-08 北京安华金和科技有限公司 A kind of method for quickly retrieving for database loophole rule
CN108415398A (en) * 2017-02-10 2018-08-17 上海辇联网络科技有限公司 Automobile information safety automation tests system and test method
CN108459964A (en) * 2018-03-06 2018-08-28 平安科技(深圳)有限公司 Test cases selection method, apparatus, equipment and computer readable storage medium
CN109005192A (en) * 2018-09-03 2018-12-14 杭州安恒信息技术股份有限公司 A kind of method and device detecting CRLF injection loophole
CN109729078A (en) * 2018-12-20 2019-05-07 国网北京市电力公司 Operate detection method, device, storage medium and the electronic device of loophole
CN111930607A (en) * 2020-05-29 2020-11-13 中国船舶重工集团公司第七0九研究所 Method and system for generating change test case of combined Web service
CN113377645A (en) * 2020-02-25 2021-09-10 福建天泉教育科技有限公司 Test method and system for illegal character input of WEB website page

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6260065B1 (en) * 1999-01-13 2001-07-10 International Business Machines Corporation Test engine and method for verifying conformance for server applications
CN1791037A (en) * 2005-12-26 2006-06-21 北京航空航天大学 Method for realizing Web service automatic test
CN101267357A (en) * 2007-03-13 2008-09-17 北京启明星辰信息技术有限公司 A SQL injection attack detection method and system
CN101425937A (en) * 2007-11-02 2009-05-06 北京启明星辰信息技术有限公司 SQL injection attack detection system suitable for high speed LAN environment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6260065B1 (en) * 1999-01-13 2001-07-10 International Business Machines Corporation Test engine and method for verifying conformance for server applications
CN1791037A (en) * 2005-12-26 2006-06-21 北京航空航天大学 Method for realizing Web service automatic test
CN101267357A (en) * 2007-03-13 2008-09-17 北京启明星辰信息技术有限公司 A SQL injection attack detection method and system
CN101425937A (en) * 2007-11-02 2009-05-06 北京启明星辰信息技术有限公司 SQL injection attack detection system suitable for high speed LAN environment

Cited By (45)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102075927A (en) * 2011-01-11 2011-05-25 中国联合网络通信集团有限公司 Security configuration method and system for wireless network equipment
CN103023710B (en) * 2011-09-21 2016-06-08 阿里巴巴集团控股有限公司 A kind of safety test system and method
CN103023710A (en) * 2011-09-21 2013-04-03 阿里巴巴集团控股有限公司 Safety test system and method
CN104067561B (en) * 2012-01-24 2018-01-02 国际商业机器公司 Method and system for dynamic scan WEB application
CN104067561A (en) * 2012-01-24 2014-09-24 国际商业机器公司 Dynamically scanning a WEB application through use of WEB traffic information
GB2515663A (en) * 2012-01-24 2014-12-31 Ibm Dynamically scanning a web application through use of web traffic information
GB2515663B (en) * 2012-01-24 2017-08-30 Ibm Dynamically scanning a web application through use of web traffic information
DE112013000387B4 (en) * 2012-01-24 2020-08-27 International Business Machines Corp. Dynamic scanning of a web application using web traffic information
US9213832B2 (en) 2012-01-24 2015-12-15 International Business Machines Corporation Dynamically scanning a web application through use of web traffic information
WO2013111027A1 (en) * 2012-01-24 2013-08-01 International Business Machines Corporation Dynamically scanning a web application through use of web traffic information
US9208309B2 (en) 2012-01-24 2015-12-08 International Business Machines Corporation Dynamically scanning a web application through use of web traffic information
CN103679018A (en) * 2012-09-06 2014-03-26 百度在线网络技术(北京)有限公司 Method and device for detecting CSRF loophole
CN103679018B (en) * 2012-09-06 2018-06-12 百度在线网络技术(北京)有限公司 A kind of method and apparatus for detecting CSRF loopholes
CN104184762A (en) * 2013-05-23 2014-12-03 腾讯科技(深圳)有限公司 Fault information feedback method and system of server
CN104184762B (en) * 2013-05-23 2019-02-15 腾讯科技(深圳)有限公司 A kind of server failure information feedback method and system
US9262309B2 (en) 2013-09-30 2016-02-16 International Business Machines Corporation Optimizing test data payload selection for testing computer software applications that employ data sanitizers and data validators
WO2015067114A1 (en) * 2013-11-08 2015-05-14 腾讯科技(深圳)有限公司 Method, apparatus, terminal and media for detecting document object model-based cross-site scripting attack vulnerability
CN103647678A (en) * 2013-11-08 2014-03-19 北京奇虎科技有限公司 Method and device for online verification of website vulnerabilities
US9754113B2 (en) 2013-11-08 2017-09-05 Tencent Technology (Shenzhen) Company Limited Method, apparatus, terminal and media for detecting document object model-based cross-site scripting attack vulnerability
CN104794396B (en) * 2014-01-16 2018-06-19 腾讯科技(深圳)有限公司 Across standing posture script loophole detection method and device
CN104794396A (en) * 2014-01-16 2015-07-22 腾讯科技(深圳)有限公司 Cross-site script vulnerability detection method and device
CN104375935A (en) * 2014-11-13 2015-02-25 华为技术有限公司 Method and device for testing SQL injection attack
CN105991517B (en) * 2015-01-28 2019-08-20 中国信息安全测评中心 Vulnerability mining method and apparatus
CN105991517A (en) * 2015-01-28 2016-10-05 中国信息安全测评中心 Vulnerability discovery method and device
CN105991554B (en) * 2015-02-04 2019-06-11 阿里巴巴集团控股有限公司 Leak detection method and equipment
CN105991554A (en) * 2015-02-04 2016-10-05 阿里巴巴集团控股有限公司 Vulnerability detection method and equipment
CN104679656A (en) * 2015-03-13 2015-06-03 哈尔滨工程大学 Combination testing method for adaptively adjusting defect detection rate
CN104766013A (en) * 2015-04-10 2015-07-08 北京理工大学 Skip list based cross-site scripting attack defense method
CN104866769A (en) * 2015-06-01 2015-08-26 广东电网有限责任公司信息中心 Vulnerability analyzing method and system based on fingerprint acquisition of business system host
CN105391729A (en) * 2015-11-30 2016-03-09 中国航天科工集团第二研究院七〇六所 Web loophole automatic mining method based on fuzzy test
CN106778280A (en) * 2016-11-02 2017-05-31 北京知道未来信息技术有限公司 A kind of long-range leak PoC write methods of filled type and leak detection method
CN108415398A (en) * 2017-02-10 2018-08-17 上海辇联网络科技有限公司 Automobile information safety automation tests system and test method
CN106951242B (en) * 2017-03-10 2020-12-04 北京白帽汇科技有限公司 Vulnerability verification program generation method and device and computing device
CN106951242A (en) * 2017-03-10 2017-07-14 北京白帽汇科技有限公司 A kind of generation method, equipment and the computing device of validating vulnerability program
CN107818051B (en) * 2017-11-27 2020-07-03 北京新能源汽车股份有限公司 Test case jump analysis method and device and server
CN107818051A (en) * 2017-11-27 2018-03-20 北京新能源汽车股份有限公司 The branch instruction analysis method, apparatus and server of a kind of test case
CN108009427A (en) * 2017-11-29 2018-05-08 北京安华金和科技有限公司 A kind of method for quickly retrieving for database loophole rule
CN108009427B (en) * 2017-11-29 2021-01-26 北京安华金和科技有限公司 Rapid retrieval method for database vulnerability rules
CN108459964A (en) * 2018-03-06 2018-08-28 平安科技(深圳)有限公司 Test cases selection method, apparatus, equipment and computer readable storage medium
CN109005192A (en) * 2018-09-03 2018-12-14 杭州安恒信息技术股份有限公司 A kind of method and device detecting CRLF injection loophole
CN109729078A (en) * 2018-12-20 2019-05-07 国网北京市电力公司 Operate detection method, device, storage medium and the electronic device of loophole
CN113377645A (en) * 2020-02-25 2021-09-10 福建天泉教育科技有限公司 Test method and system for illegal character input of WEB website page
CN113377645B (en) * 2020-02-25 2023-07-04 福建天泉教育科技有限公司 Method and system for testing illegal character input on WEB site page
CN111930607A (en) * 2020-05-29 2020-11-13 中国船舶重工集团公司第七0九研究所 Method and system for generating change test case of combined Web service
CN111930607B (en) * 2020-05-29 2023-04-18 中国船舶重工集团公司第七0九研究所 Method and system for generating change test case of combined Web service

Also Published As

Publication number Publication date
CN101902470B (en) 2013-08-21

Similar Documents

Publication Publication Date Title
CN101902470B (en) Form feature-based Web security vulnerability dynamic testing method
Renkewitz et al. How to detect publication bias in psychological research
CN105117341B (en) A kind of distributed automated test case generation method performed based on dynamic symbol
CN104899267A (en) Integrated data mining method for similarity of accounts on social network sites
Zhang et al. A parameter optimized variational mode decomposition method for rail crack detection based on acoustic emission technique
CN101957845B (en) On-line application system and implementation method thereof
CN109391624A (en) A kind of terminal access data exception detection method and device based on machine learning
CN101620566A (en) Dynamic random testing method
CN106326112B (en) A kind of method and apparatus that procedure operation is corrected automatically
CN110046647A (en) A kind of identifying code machine Activity recognition method and device
CN107657393A (en) The Seismic Evaluation method of the lower bridge of near-fault ground motion effect
CN109298855A (en) A kind of network target range management system and its implementation, device, storage medium
CN106121622A (en) A kind of Multiple faults diagnosis approach of Dlagnosis of Sucker Rod Pumping Well based on indicator card
CN107026773A (en) Automatic correlation method for interface automatic test
CN110321285A (en) Test case processing method and relevant device
CN109921938A (en) Fault detection method under a kind of cloud computing environment
CN106603572B (en) Vulnerability detection method and device based on probe
Chen et al. Metamorphic testing: Applications and integration with other methods: Tutorial synopsis
Liu et al. User-session-based test cases optimization method based on agglutinate hierarchy clustering
Peng et al. A new approach for session-based test case generation by GA
CN110808947B (en) Automatic vulnerability quantitative evaluation method and system
CN103810091B (en) A kind of method and apparatus for realizing page test
CN104572791A (en) Method and device for evaluating search prompt system
CN101894070A (en) Method and system for quantitatively estimating code size of new requirements based on weight adjustment
CN110851344B (en) Big data testing method and device based on complexity of calculation formula and electronic equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20130821

Termination date: 20190714