CN102945203A - Code security test method applied to mobile Internet application - Google Patents
Code security test method applied to mobile Internet application Download PDFInfo
- Publication number
- CN102945203A CN102945203A CN201210421258XA CN201210421258A CN102945203A CN 102945203 A CN102945203 A CN 102945203A CN 201210421258X A CN201210421258X A CN 201210421258XA CN 201210421258 A CN201210421258 A CN 201210421258A CN 102945203 A CN102945203 A CN 102945203A
- Authority
- CN
- China
- Prior art keywords
- code
- analysis
- module
- safety
- mobile internet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a code security test method applied to a mobile Internet application. Mainly aiming to the requirements of the code security of the mobile Internet application, the method provides a test system composed of function modules such as a code analysis module, a data flow analysis module, a control flow analysis module, a structure analysis module, a security analysis module and the like, and the test system can support operating systems such as Android, Windows Mobile Phone, Symbian, HP-UX (Hewlett Packard UniX) 11v1, IBM AIX (Advanced Interactive Executive) 5.2, Linux Red Hat ES4/5, Linux Fedora Core 7, Linux Novelle SUSE 10, Sun Solaris8/9/10 and the like. By adopting the method provided by the invention, more than 300 loopholes can be scanned out and a low false negative rate test for a code is achieved.
Description
Technical field
The present invention relates to a kind of mobile Internet application technology, relate in particular to a kind of code security method of testing for the mobile Internet application.
Background technology
Popularization and application along with mobile Internet terminal, mobile Internet business has obtained unprecedented fast development, relevant mobile service application software also by increasing individual or enterprise for the treatment of various private informations, sensitive information and high value information, such as individual privacy, commercial negotiation information etc., this is so that the mobile service application software becomes the target of attack that the assailant of these information is obtained in attempt day by day.The security breaches of software code writing phase introducing are modal security breaches, how to design a kind of effective code security method of testing, and the potential threat that is present in the source code with detection is necessary, and urgent.
The leak of software code mainly detects by static method and dynamic approach.Although dynamic approach is to the not restriction of scale of code, can detect large program, seriously rely on input method but weak point is the effect that detects, only have when specific input makes code carry out dangerous point, leak just can be found, so this method rate of failing to report is higher.
The code security leak detection method of Constraint-based analysis and model testing (application number: 200910086938.9) verify buffer-overflow vulnerability by the method for the model detection of a kind of approximately beam analysis of proposition, carry out model solution by the predicate axiomatics, judge and analysis security breaches and initiation path, can reduce to a certain extent rate of failing to report, but this is to sacrifice a large amount of computational resources as cost, in addition, the method does not consider that mobile applied business is more flexible, the characteristics such as access way variation are difficult to be applied directly in the mobile application software.
Summary of the invention
The technical problem to be solved in the present invention is to provide a kind of can scan more than 300 kind of leak, has realized the method for testing of the low rate of failing to report of code.
For solving the problems of the technologies described above, the present invention realizes by following scheme: a kind of code security method of testing for the mobile Internet application, described method is mainly for the code security demand of mobile application software, provided the test macro that the functional modules such as code analysis module, data-flow analysis module, control flow analysis module, Structural Analysis Module and safety analysis module consist of, described test macro comprises that code parser, code analysis engine, Report Builder and safety rule module, Subscriber Interface Module SIM form, and each module major function is as follows:
Described code parser is connected with the code analysis engine, is to be responsible for source program is carried out the morphology grammatical analysis, and converts intermediate representation to, and according to the needs of subsequent analysis module, generate specific syntax tree structure;
Described code analysis engine comprises data stream analyzer, control flow analysis device, structure analyzer, safety analyzer;
Described Report Builder is that the result to code analysis analyzes and submit to the user, and generates corresponding audit report;
Described safety rule module is responsible for the code analysis engine code analysis rules support is provided;
Described Subscriber Interface Module SIM is responsible for carrying out alternately with the user, and one side can be accepted the request of scanning input source code, then the result of scanning analysis is exported to the user on the other hand.
Described data stream analyzer is on the basis of code analysis, the traffic flow information of extraction procedure.
Described control flow analysis device mainly is on the basis of code analysis, the control stream information of extraction procedure, control flow analysis device are according to rule, by traversal AST (abstract syntax tree), generate corresponding programmed control dependency graph, and provide interface with reading information to the safety analysis scheduler module.
The target of described structure analyzer is on the basis of the syntax tree that the code analysis engine extracts, according to the code analysis rules that the safety rule module provides, and the primary structure of extraction procedure.
The information that described safety analyzer provides according to the safety rule module, the scheduling structure analyzer carries out safety analysis, and generates account, provides interface to call for Report Builder.
Advantage of the present invention is: the present invention has provided a kind of code security method of testing for the mobile Internet application, code security demand mainly for mobile application software, provided code analysis, data-flow analysis, control flow analysis, the functional module such as structure analysis and safety analysis, support Android, Windows MobilePhone, Symbian, HP-UX 11v1, IBM AIX 5.2, Linux Red Hat ES4/5, Linux FedoraCore 7, Linux Novelle SUSE 10, the operating systems such as Sun Solaris8/9/10, can scan more than 300 kind of leak, realize the low rate of failing to report test of code.
Description of drawings
Below in conjunction with accompanying drawing the present invention is elaborated.
Fig. 1 is system architecture design diagram of the present invention;
Fig. 2 is code parser function realization flow figure of the present invention;
Fig. 3 is data stream analyzer function realization flow figure of the present invention;
Fig. 4 is structure analyzer function realization flow figure of the present invention;
Fig. 5 is safety analyzer function realization flow figure of the present invention;
Fig. 6 is system of the present invention processing flow chart.
Fig. 7 is the control flow schematic diagram of Main method of the present invention;
Fig. 8 is label syntactic structure schematic diagram of the present invention;
Fig. 9 is break of the present invention, continue, return, goto, exit () and abort () syntactic structure schematic diagram;
Figure 10 is if syntactic structure schematic diagram of the present invention;
Figure 11 is switch-case syntactic structure schematic diagram of the present invention;
Figure 12 is while loop grammar structural representation of the present invention;
Figure 13 is for syntactic structure schematic diagram of the present invention;
Figure 14 is do-while loop grammar structural representation of the present invention;
Figure 15 is the empty branched structure schematic diagram of the present invention.
Embodiment
As shown in Figure 1, a kind of code security method of testing for the mobile Internet application, described method is mainly for the code security demand of mobile application software, provided the test macro that the functional modules such as code analysis module, data-flow analysis module, control flow analysis module, Structural Analysis Module and safety analysis module consist of, described test macro comprises that code parser 1, code analysis engine 2, Report Builder 3 and safety rule module 4, Subscriber Interface Module SIM 5 form, and each module major function is as follows:
1), code parser 1 is to be responsible for source program is carried out the morphology grammatical analysis, and convert intermediate representation to, and according to the needs of subsequent analysis module, generate specific syntax tree structure, for follow-up analysis facilitates, data stream analyzer 21 is on the basis of code parser 1, the traffic flow information of extraction procedure.Its realization flow as shown in Figure 2, the pre-service such as by analysis scheduling of source code, lexical analysis, grammatical analysis connect some processing threads, lexical analysis is with the AST Buffer Pool.
2), described code analysis engine 2 comprises data stream analyzer 21, control flow analysis device 22, structure analyzer 23, safety analyzer 24,
The definite value of supposing variable x is a statement, and its assignment or possibility assignment are to x.
Prevailing definite value is to the assignment of x or the value of reading statement to x.These statements are really to the x definite value, be called x without the ambiguous field planting.Also have some statements, they may to the x definite value, be called the ambiguous field planting.
Claim a definite value d arrival program point P, if exist the path to arrive P from the point immediately following d, and d is not canceled on this paths.If be to read a or to the assignment of a, we nullify that definite value of variable a so along certain point-to-point transmission of this paths.
Intuitively, if the definite value d point of arrival P of certain variable a, so P quote the up-to-date definite value of a may be at the d point.Other definite value without ambiguous definite value cancellation a of only having a.Like this, a point can be by arriving without the ambiguous definite value after the ambiguous definite value without ambiguous definite value and same occurrences on the paths.
Control flow analysis device 22 mainly is on the basis of code parser 1, the control stream information of extraction procedure.Control flow analysis device 22 by traversal AST (abstract syntax tree), generates corresponding programmed control dependency graph, and provides interface to read these information to the safety analysis scheduler module according to rule.Being achieved as follows of control flow analysis device 22:
The control flow chart of program is comprised of above-mentioned node and branch, to a kind of abstract diagrammatic representation of programmed control flow process.The control flow chart of above Main method can be expressed as figure as shown in Figure 7.
Minute number in the control flow chart is exactly that all divide the number sum among the figure." outflow " minute number sum of in fact, dividing number also to equal all nodes.Therefore, a kind of easy branch's number calculating method is each node " outflow " minute number sum in the calculation procedure.Following table provides the computing method that " outflows " of every kind of grammer and corresponding take-off point thereof divides number.
3), described Report Builder 3 is that result to code analysis analyzes and submit to the user, and generates corresponding audit report;
4), described safety rule module 4 is responsible for code analysis engine 2 the code analysis rules support is provided;
5), described Subscriber Interface Module SIM 5 is responsible for carrying out alternately with the user, one side can be accepted the request of scanning input source code, then the result of scanning analysis is exported to the user on the other hand.
System's processing flow chart as shown in Figure 6, behind user selection source code path, system at first source code is carried out grammer and morphology is resolved, source code is converted into the AST tree of standard, and then system carries out data stream and control flow analysis to the AST tree, obtain the function of relevant item/method information and (comprise title, number, parameter, mutual call relation between method etc.) and the control dependence between variable information (comprise variable name, function, function/method and the variable that uses variable in the value of diverse location etc.) and function/method.
On the as a result basis of data stream and control flow analysis, different resolvers calls according to the safety rule of definition in system, and resolver can be divided into the XSS resolver according to the type of rule, and SQL injects resolver, password check solution parser etc.When invoke resolver, system is according to the resolver of the content Automatically invoked respective type of rule, after the resolver analysis is complete, the result is existed as a result in the Buffer Pool, wait for all resolvers all after hours, system exports to the user with the analysis result unification, the result comprises problem types, the residing position of problem, and the concrete trace information of problem etc., this system has also provided concrete reference solution according to different problem typeses simultaneously.
For example: if we need to check the problem that SQL injects in the code, concrete scanning process is as follows: at first system resolves to standard A ST tree with source code, then does data stream and control flow analysis in the AST tree.If our rule definition is initial API is executeQuery, termination API is getParameter, and in invoke resolver, concrete process of analysis is as follows so:
1), at first search API is called the code of executeQuery in the data stream result, if find a plurality of then one by one inspection;
2), analyze the parameter of executeQuery, obtain query;
3), in the data stream result, find the invocation list of variable query, find definition statement stringquery=" SELECT*FROM Student WHERE Name=' "+studentName+ ' " ";
4), analyze this definition statement, find that query is relevant with variable studentName.
In the data stream result, find respectively the invocation list of variable studentName, find definition statement, find studentName to call API identical with termination API, think that this variable inputs from the outside, whether do not detect again simultaneously code contains single quotation marks to variable studentName and judges, so think that this SQL query statement is unsafe, with outcome record in Buffer Pool.
The above only is preferred implementation of the present invention; be not so limit claim of the present invention; every equivalent structure or equivalent flow process conversion that utilizes instructions of the present invention and accompanying drawing content to do; or directly or indirectly be used in other relevant technical field, all in like manner be included in the scope of patent protection of the present invention.
Claims (5)
1. one kind is used for the code security method of testing that mobile Internet is used, it is characterized in that: described method is mainly for the code security demand of mobile application software, provided the code analysis module, the data-flow analysis module, the control flow analysis module, the test macro that the functional modules such as Structural Analysis Module and safety analysis module consist of, described test macro comprises code parser (1), code analysis engine (2), Report Builder (3) and safety rule module (4), Subscriber Interface Module SIM (5) forms, and each module major function is as follows:
Described code parser (1) is connected with code analysis engine (2), is to be responsible for source program is carried out the morphology grammatical analysis, and converts intermediate representation to, and according to the needs of subsequent analysis module, generate specific syntax tree structure;
Described code analysis engine (2) comprises data stream analyzer (21), control flow analysis device (22), structure analyzer (23), safety analyzer (24);
Described Report Builder (3) is that the result to code analysis analyzes and submit to the user, and generates corresponding audit report;
Described safety rule module (4) is responsible for code analysis engine (2) the code analysis rules support is provided;
Described Subscriber Interface Module SIM (5) is responsible for carrying out alternately with the user, and one side can be accepted the request of scanning input source code, then the result of scanning analysis is exported to the user on the other hand.
2. according to a kind of code security method of testing for the mobile Internet application claimed in claim 1, it is characterized in that: described data stream analyzer (21) is on the basis of code analysis, the traffic flow information of extraction procedure.
3. according to a kind of code security method of testing for the mobile Internet application claimed in claim 1, it is characterized in that: described control flow analysis device (22) mainly is on the basis of code analysis, the control stream information of extraction procedure, control flow analysis device (22) is according to rule, by traversal AST (abstract syntax tree), generate corresponding programmed control dependency graph, and provide interface with reading information to the safety analysis scheduler module.
4. according to a kind of code security method of testing for the mobile Internet application claimed in claim 1, it is characterized in that: the target of described structure analyzer (23) is on the basis of the syntax tree that code analysis engine (2) extracts, according to the code analysis rules that safety rule module (4) provides, the primary structure of extraction procedure.
5. according to a kind of code security method of testing for the mobile Internet application claimed in claim 1, it is characterized in that: the information that described safety analyzer (24) provides according to safety rule module (4), scheduling structure analyzer (23) carries out safety analysis, and the generation account, provide interface to call for Report Builder (3).
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210421258.XA CN102945203B (en) | 2012-10-26 | 2012-10-26 | A kind of code security method of testing for mobile Internet application |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210421258.XA CN102945203B (en) | 2012-10-26 | 2012-10-26 | A kind of code security method of testing for mobile Internet application |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102945203A true CN102945203A (en) | 2013-02-27 |
CN102945203B CN102945203B (en) | 2016-04-13 |
Family
ID=47728151
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210421258.XA Expired - Fee Related CN102945203B (en) | 2012-10-26 | 2012-10-26 | A kind of code security method of testing for mobile Internet application |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102945203B (en) |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103399820A (en) * | 2013-08-21 | 2013-11-20 | 中国科学院合肥物质科学研究院 | Fault diagnosis system and fault diagnosis method based on sequence and consequence analysis of event tree |
CN104298921A (en) * | 2013-07-15 | 2015-01-21 | 深圳市腾讯计算机系统有限公司 | Animation source file security vulnerability checking method and animation source file security vulnerability checking device |
CN104956372A (en) * | 2013-02-28 | 2015-09-30 | 惠普发展公司,有限责任合伙企业 | Determining coverage of dynamic security scans using runtime and static code analyses |
CN105022958A (en) * | 2015-07-11 | 2015-11-04 | 复旦大学 | Android application used application program vulnerability detection and analysis method based on code library security specifications |
US9426177B2 (en) | 2013-07-15 | 2016-08-23 | Tencent Technology (Shenzhen) Company Limited | Method and apparatus for detecting security vulnerability for animation source file |
CN106295346A (en) * | 2015-05-20 | 2017-01-04 | 深圳市腾讯计算机系统有限公司 | A kind of application leak detection method, device and the equipment of calculating |
CN106354632A (en) * | 2016-08-24 | 2017-01-25 | 北京奇虎测腾科技有限公司 | Source code detecting system and method based on static analysis technology |
CN106548264A (en) * | 2015-09-22 | 2017-03-29 | 阿里巴巴集团控股有限公司 | A kind of data analysing method and device |
CN107103239A (en) * | 2017-04-10 | 2017-08-29 | 中国民生银行股份有限公司 | Source code based on application system business processing logic is gone beyond one's commission detection method and device |
CN107133518A (en) * | 2017-04-10 | 2017-09-05 | 中国民生银行股份有限公司 | Source code based on parameter and information flow is gone beyond one's commission detection method and device |
TWI686170B (en) * | 2017-09-26 | 2020-03-01 | 美商蘋果公司 | Device for optical sensing and method for operating the device |
CN110955898A (en) * | 2019-12-12 | 2020-04-03 | 杭州安恒信息技术股份有限公司 | Vulnerability auditing method and system of station building system and related device |
CN111142871A (en) * | 2019-12-24 | 2020-05-12 | 杭州安恒信息技术股份有限公司 | Front-end page development system, method, equipment and medium |
CN112784290A (en) * | 2021-01-28 | 2021-05-11 | 湖北宸威玺链信息技术有限公司 | Data export tool security analysis method and system and data export method |
WO2021120538A1 (en) * | 2019-12-19 | 2021-06-24 | 支付宝(杭州)信息技术有限公司 | Applet code scanning method and apparatus |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101286132A (en) * | 2008-06-02 | 2008-10-15 | 北京邮电大学 | Test method and system based on software defect mode |
CN101482847A (en) * | 2009-01-19 | 2009-07-15 | 北京邮电大学 | Detection method based on safety bug defect mode |
CN101714119A (en) * | 2009-12-09 | 2010-05-26 | 北京邮电大学 | Test data generating device and method based on binary program |
CN101814053A (en) * | 2010-03-29 | 2010-08-25 | 中国人民解放军信息工程大学 | Method for discovering binary code vulnerability based on function model |
US20100223599A1 (en) * | 2009-02-27 | 2010-09-02 | Fujitsu Limited | Efficient symbolic execution of software using static analysis |
CN102236602A (en) * | 2011-07-21 | 2011-11-09 | 南京大学 | Visual software test design platform |
-
2012
- 2012-10-26 CN CN201210421258.XA patent/CN102945203B/en not_active Expired - Fee Related
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101286132A (en) * | 2008-06-02 | 2008-10-15 | 北京邮电大学 | Test method and system based on software defect mode |
CN101482847A (en) * | 2009-01-19 | 2009-07-15 | 北京邮电大学 | Detection method based on safety bug defect mode |
US20100223599A1 (en) * | 2009-02-27 | 2010-09-02 | Fujitsu Limited | Efficient symbolic execution of software using static analysis |
CN101714119A (en) * | 2009-12-09 | 2010-05-26 | 北京邮电大学 | Test data generating device and method based on binary program |
CN101814053A (en) * | 2010-03-29 | 2010-08-25 | 中国人民解放军信息工程大学 | Method for discovering binary code vulnerability based on function model |
CN102236602A (en) * | 2011-07-21 | 2011-11-09 | 南京大学 | Visual software test design platform |
Cited By (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104956372A (en) * | 2013-02-28 | 2015-09-30 | 惠普发展公司,有限责任合伙企业 | Determining coverage of dynamic security scans using runtime and static code analyses |
US10699017B2 (en) | 2013-02-28 | 2020-06-30 | Micro Focus Llc | Determining coverage of dynamic security scans using runtime and static code analyses |
US9426177B2 (en) | 2013-07-15 | 2016-08-23 | Tencent Technology (Shenzhen) Company Limited | Method and apparatus for detecting security vulnerability for animation source file |
WO2015007166A1 (en) * | 2013-07-15 | 2015-01-22 | Tencent Technology (Shenzhen) Company Limited | Method and apparatus for detecting security vulnerability for animation source file |
CN104298921A (en) * | 2013-07-15 | 2015-01-21 | 深圳市腾讯计算机系统有限公司 | Animation source file security vulnerability checking method and animation source file security vulnerability checking device |
CN104298921B (en) * | 2013-07-15 | 2019-01-29 | 深圳市腾讯计算机系统有限公司 | Animation source file security breaches inspection method and device |
CN103399820B (en) * | 2013-08-21 | 2016-03-02 | 中国科学院合肥物质科学研究院 | The breakdown judge system and method for a kind of sequence based on event tree and consequences analysis |
CN103399820A (en) * | 2013-08-21 | 2013-11-20 | 中国科学院合肥物质科学研究院 | Fault diagnosis system and fault diagnosis method based on sequence and consequence analysis of event tree |
CN106295346A (en) * | 2015-05-20 | 2017-01-04 | 深圳市腾讯计算机系统有限公司 | A kind of application leak detection method, device and the equipment of calculating |
CN105022958A (en) * | 2015-07-11 | 2015-11-04 | 复旦大学 | Android application used application program vulnerability detection and analysis method based on code library security specifications |
CN105022958B (en) * | 2015-07-11 | 2018-01-12 | 复旦大学 | Vulnerability of application program determination method based on code library secure protocol in a kind of Android application |
CN106548264A (en) * | 2015-09-22 | 2017-03-29 | 阿里巴巴集团控股有限公司 | A kind of data analysing method and device |
WO2017050148A1 (en) * | 2015-09-22 | 2017-03-30 | 阿里巴巴集团控股有限公司 | Data analysis method and device |
CN106354632B (en) * | 2016-08-24 | 2019-03-12 | 北京奇虎测腾安全技术有限公司 | A kind of source code detection system and method based on Static Analysis Technology |
CN106354632A (en) * | 2016-08-24 | 2017-01-25 | 北京奇虎测腾科技有限公司 | Source code detecting system and method based on static analysis technology |
CN107133518A (en) * | 2017-04-10 | 2017-09-05 | 中国民生银行股份有限公司 | Source code based on parameter and information flow is gone beyond one's commission detection method and device |
CN107133518B (en) * | 2017-04-10 | 2019-09-24 | 中国民生银行股份有限公司 | Source code based on parameter and information flow is gone beyond one's commission detection method and device |
CN107103239B (en) * | 2017-04-10 | 2019-11-12 | 中国民生银行股份有限公司 | Source code based on application system business processing logic is gone beyond one's commission detection method and device |
CN107103239A (en) * | 2017-04-10 | 2017-08-29 | 中国民生银行股份有限公司 | Source code based on application system business processing logic is gone beyond one's commission detection method and device |
TWI686170B (en) * | 2017-09-26 | 2020-03-01 | 美商蘋果公司 | Device for optical sensing and method for operating the device |
CN110955898A (en) * | 2019-12-12 | 2020-04-03 | 杭州安恒信息技术股份有限公司 | Vulnerability auditing method and system of station building system and related device |
WO2021120538A1 (en) * | 2019-12-19 | 2021-06-24 | 支付宝(杭州)信息技术有限公司 | Applet code scanning method and apparatus |
CN111142871A (en) * | 2019-12-24 | 2020-05-12 | 杭州安恒信息技术股份有限公司 | Front-end page development system, method, equipment and medium |
CN111142871B (en) * | 2019-12-24 | 2023-06-06 | 杭州安恒信息技术股份有限公司 | Front-end page development system, method, equipment and medium |
CN112784290A (en) * | 2021-01-28 | 2021-05-11 | 湖北宸威玺链信息技术有限公司 | Data export tool security analysis method and system and data export method |
Also Published As
Publication number | Publication date |
---|---|
CN102945203B (en) | 2016-04-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102945203B (en) | A kind of code security method of testing for mobile Internet application | |
CN106203113B (en) | The privacy leakage monitoring method of Android application file | |
CN109992970B (en) | JAVA deserialization vulnerability detection system and method | |
Yu et al. | Deescvhunter: A deep learning-based framework for smart contract vulnerability detection | |
CN103164331B (en) | A kind of leak detection method of application program and device | |
Zhao et al. | “TrustDroid™”: Preventing the use of SmartPhones for information leaking in corporate networks through the used of static analysis taint tracking | |
CN102737190B (en) | Based on the detection method of leakage of information hidden danger in the Android application daily record of static analysis | |
US20140130158A1 (en) | Identification of malware detection signature candidate code | |
CN105550594A (en) | Security detection method for android application file | |
CN103927473A (en) | Method, device and system for detecting source code safety of mobile intelligent terminal | |
CN106528421A (en) | Method for processing SDKs in Android applications | |
Liao et al. | SmartDagger: a bytecode-based static analysis approach for detecting cross-contract vulnerability | |
Singh et al. | Analysis of malicious behavior of android apps | |
Armando et al. | Android permissions unleashed | |
Srinivasan | Tp-detect: trigram-pixel based vulnerability detection for ethereum smart contracts | |
CN101588363A (en) | Foundation is based on the method for the Web service safety analysis model of program slice | |
WO2021051583A1 (en) | Method and apparatus for transmitting and collecting variable, and computer-readable storage medium | |
Genfer et al. | Avoiding excessive data exposure through microservice apis | |
Ma et al. | Communication-based attacks detection in android applications | |
Beksultanova et al. | Analysis tools for smart contract security | |
CN110647749A (en) | Second-order SQL injection attack defense method | |
CN115774865A (en) | Front-end code operation method and device, electronic equipment and storage medium | |
Ma et al. | Code analysis with static application security testing for python program | |
Zhang et al. | Contextual approach for identifying malicious inter-component privacy leaks in android apps | |
He | Modeling and analyzing the Android permission framework using high level Petri Nets |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20160413 Termination date: 20161026 |