CN103562923A - 应用程序安全测试 - Google Patents
应用程序安全测试 Download PDFInfo
- Publication number
- CN103562923A CN103562923A CN201180071281.4A CN201180071281A CN103562923A CN 103562923 A CN103562923 A CN 103562923A CN 201180071281 A CN201180071281 A CN 201180071281A CN 103562923 A CN103562923 A CN 103562923A
- Authority
- CN
- China
- Prior art keywords
- aut
- observer
- application
- request
- response
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3688—Test management for test execution, e.g. scheduling of test suites
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/0706—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment
- G06F11/0727—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment in a storage system, e.g. in a DASD or network based storage system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/0793—Remedial or corrective actions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
- G06F15/16—Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Quality & Reliability (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Debugging And Monitoring (AREA)
- Computer And Data Communications (AREA)
- Stored Programmes (AREA)
Abstract
Description
Claims (15)
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/US2011/038609 WO2012166120A1 (en) | 2011-05-31 | 2011-05-31 | Application security testing |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103562923A true CN103562923A (zh) | 2014-02-05 |
CN103562923B CN103562923B (zh) | 2016-09-07 |
Family
ID=47259662
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201180071281.4A Active CN103562923B (zh) | 2011-05-31 | 2011-05-31 | 应用程序安全测试 |
Country Status (7)
Country | Link |
---|---|
US (1) | US9215247B2 (zh) |
EP (1) | EP2715599B1 (zh) |
JP (1) | JP5801953B2 (zh) |
KR (1) | KR101745758B1 (zh) |
CN (1) | CN103562923B (zh) |
BR (1) | BR112013030660A2 (zh) |
WO (1) | WO2012166120A1 (zh) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106446289A (zh) * | 2016-11-11 | 2017-02-22 | 无锡雅座在线科技发展有限公司 | 基于Pinpoint的信息查询方法和装置 |
CN106656924A (zh) * | 2015-10-30 | 2017-05-10 | 北京神州泰岳软件股份有限公司 | 一种设备安全漏洞的处理方法和装置 |
CN107194258A (zh) * | 2017-04-06 | 2017-09-22 | 珠海格力电器股份有限公司 | 监测代码漏洞的方法、装置及电子设备、存储介质 |
CN112154420A (zh) * | 2018-05-30 | 2020-12-29 | 微软技术许可有限责任公司 | 自动智能云服务测试工具 |
Families Citing this family (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9747187B2 (en) | 2010-10-27 | 2017-08-29 | International Business Machines Corporation | Simulating black box test results using information from white box testing |
US10701097B2 (en) * | 2011-12-20 | 2020-06-30 | Micro Focus Llc | Application security testing |
CN104272270B (zh) * | 2012-07-26 | 2017-06-09 | 慧与发展有限责任合伙企业 | 应用程序安全测试 |
WO2014171950A1 (en) * | 2013-04-19 | 2014-10-23 | Hewlett-Packard Development Company, L.P. | Unused parameters of application under test |
EP3039897B1 (en) * | 2013-08-29 | 2021-09-22 | Nokia Technologies Oy | Adaptive security indicator for wireless devices |
US9195570B2 (en) | 2013-09-27 | 2015-11-24 | International Business Machines Corporation | Progressive black-box testing of computer software applications |
US9363284B2 (en) * | 2013-12-11 | 2016-06-07 | International Business Machines Corporation | Testing web applications for security vulnerabilities with metarequests |
US10242199B2 (en) * | 2014-01-31 | 2019-03-26 | EntIT Software, LLC | Application test using attack suggestions |
WO2015195125A1 (en) * | 2014-06-19 | 2015-12-23 | Hewlett-Packard Development Company, L.P. | Install runtime agent for security test |
WO2016036368A1 (en) * | 2014-09-04 | 2016-03-10 | Hewlett Packard Enterprise Development Lp | Determine protective measure for data that meets criteria |
US10515220B2 (en) * | 2014-09-25 | 2019-12-24 | Micro Focus Llc | Determine whether an appropriate defensive response was made by an application under test |
EP3202090A4 (en) * | 2014-09-29 | 2018-06-13 | Hewlett-Packard Enterprise Development LP | Detection of email-related vulnerabilities |
WO2016084076A1 (en) * | 2014-11-25 | 2016-06-02 | enSilo Ltd. | Systems and methods for malicious code detection accuracy assurance |
CN104506522B (zh) * | 2014-12-19 | 2017-12-26 | 北京神州绿盟信息安全科技股份有限公司 | 漏洞扫描方法及装置 |
US9350750B1 (en) * | 2015-04-03 | 2016-05-24 | Area 1 Security, Inc. | Distribution of security rules among sensor computers |
US9817676B2 (en) * | 2015-06-23 | 2017-11-14 | Mcafee, Inc. | Cognitive protection of critical industrial solutions using IoT sensor fusion |
US11449638B2 (en) | 2016-03-18 | 2022-09-20 | Micro Focus Llc | Assisting a scanning session |
US10616263B1 (en) * | 2017-09-13 | 2020-04-07 | Wells Fargo Bank, N.A. | Systems and methods of web application security control governance |
US10387659B1 (en) | 2018-10-31 | 2019-08-20 | Capital One Services, Llc | Methods and systems for de-duplication of findings |
KR102231722B1 (ko) * | 2019-03-28 | 2021-03-25 | 네이버클라우드 주식회사 | 취약점 중복판단방법 및 이를 이용하는 진단장치 |
US11087333B2 (en) * | 2019-07-30 | 2021-08-10 | Salesforce.Com, Inc. | Facilitating session-based read/write of context variables to share information across multiple microservices |
US12015630B1 (en) * | 2020-04-08 | 2024-06-18 | Wells Fargo Bank, N.A. | Security model utilizing multi-channel data with vulnerability remediation circuitry |
AU2021331486A1 (en) | 2020-08-27 | 2023-04-13 | Virsec Systems, Inc. | Automated application vulnerability and risk assessment |
KR102558388B1 (ko) | 2021-03-18 | 2023-07-24 | 주식회사 대양 | 건물 지붕에 태양광 패널을 고정하는 구조물 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020010855A1 (en) * | 2000-03-03 | 2002-01-24 | Eran Reshef | System for determining web application vulnerabilities |
US20050044420A1 (en) * | 1998-09-09 | 2005-02-24 | Gil Raanan | Method and system for extracting application protocol characteristics |
CN1610887A (zh) * | 2001-12-31 | 2005-04-27 | 大本营安全软件公司 | 计算机脆弱性自动解决方案系统 |
US6996845B1 (en) * | 2000-11-28 | 2006-02-07 | S.P.I. Dynamics Incorporated | Internet security analysis system and process |
US20070156644A1 (en) * | 2006-01-05 | 2007-07-05 | Microsoft Corporation | SQL injection detector |
Family Cites Families (27)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6826716B2 (en) | 2001-09-26 | 2004-11-30 | International Business Machines Corporation | Test programs for enterprise web applications |
US8566945B2 (en) * | 2004-02-11 | 2013-10-22 | Hewlett-Packard Development Company, L.P. | System and method for testing web applications with recursive discovery and analysis |
US7765597B2 (en) | 2004-02-11 | 2010-07-27 | Hewlett-Packard Development Company, L.P. | Integrated crawling and auditing of web applications and web content |
US7207065B2 (en) * | 2004-06-04 | 2007-04-17 | Fortify Software, Inc. | Apparatus and method for developing secure software |
US20050273859A1 (en) * | 2004-06-04 | 2005-12-08 | Brian Chess | Apparatus and method for testing secure software |
US7975306B2 (en) * | 2004-06-04 | 2011-07-05 | Hewlett-Packard Development Company, L.P. | Apparatus and method for monitoring secure software |
US20050273860A1 (en) * | 2004-06-04 | 2005-12-08 | Brian Chess | Apparatus and method for developing, testing and monitoring secure software |
US8281401B2 (en) * | 2005-01-25 | 2012-10-02 | Whitehat Security, Inc. | System for detecting vulnerabilities in web applications using client-side application interfaces |
US20070061885A1 (en) | 2005-09-09 | 2007-03-15 | Hammes Peter C | System and method for managing security testing |
US20070101196A1 (en) * | 2005-11-01 | 2007-05-03 | Rogers William A | Functional testing and verification of software application |
US7818788B2 (en) | 2006-02-14 | 2010-10-19 | Microsoft Corporation | Web application security frame |
JP2007241906A (ja) * | 2006-03-11 | 2007-09-20 | Hitachi Software Eng Co Ltd | Webアプリケーション脆弱性動的検査方法およびシステム |
US8789187B1 (en) * | 2006-09-28 | 2014-07-22 | Whitehat Security, Inc. | Pattern tracking and capturing human insight in a web application security scanner |
US8087088B1 (en) | 2006-09-28 | 2011-12-27 | Whitehat Security, Inc. | Using fuzzy classification models to perform matching operations in a web application security scanner |
US8656495B2 (en) * | 2006-11-17 | 2014-02-18 | Hewlett-Packard Development Company, L.P. | Web application assessment based on intelligent generation of attack strings |
US9069967B2 (en) | 2007-02-16 | 2015-06-30 | Veracode, Inc. | Assessment and analysis of software security flaws |
EP2132675B1 (en) | 2007-03-06 | 2019-09-11 | Help/Systems, LLC | System and method for providing application penetration testing |
JP4193196B1 (ja) | 2007-05-30 | 2008-12-10 | 株式会社ファイブドライブ | Webサービス提供システム検査装置及びWebサービス提供システム検査プログラム |
US8631116B2 (en) | 2007-11-28 | 2014-01-14 | Ccip Corp. | System and method for active business configured website monitoring |
US8601586B1 (en) * | 2008-03-24 | 2013-12-03 | Google Inc. | Method and system for detecting web application vulnerabilities |
US20090282480A1 (en) * | 2008-05-08 | 2009-11-12 | Edward Lee | Apparatus and Method for Monitoring Program Invariants to Identify Security Anomalies |
JP2010033543A (ja) | 2008-06-24 | 2010-02-12 | Smg Kk | ソフトウエア動作監視システム、そのクライアントコンピュータおよびサーバコンピュータ、並びに、そのプログラム |
US20090327943A1 (en) | 2008-06-26 | 2009-12-31 | Microsoft Corporation | Identifying application program threats through structural analysis |
US8141158B2 (en) | 2008-12-31 | 2012-03-20 | International Business Machines Corporation | Measuring coverage of application inputs for advanced web application security testing |
US8347393B2 (en) | 2009-01-09 | 2013-01-01 | Hewlett-Packard Development Company, L.P. | Method and system for detecting a state of a web application using a signature |
JP2010267266A (ja) * | 2009-05-18 | 2010-11-25 | Nst:Kk | 試験支援装置および試験支援方法 |
EP2542971B1 (en) * | 2010-03-01 | 2019-01-30 | EMC Corporation | Detection of attacks through partner websites |
-
2011
- 2011-05-31 KR KR1020137031661A patent/KR101745758B1/ko active IP Right Grant
- 2011-05-31 JP JP2014511332A patent/JP5801953B2/ja active Active
- 2011-05-31 WO PCT/US2011/038609 patent/WO2012166120A1/en active Application Filing
- 2011-05-31 CN CN201180071281.4A patent/CN103562923B/zh active Active
- 2011-05-31 US US14/116,000 patent/US9215247B2/en active Active
- 2011-05-31 BR BR112013030660A patent/BR112013030660A2/pt not_active Application Discontinuation
- 2011-05-31 EP EP11866677.5A patent/EP2715599B1/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050044420A1 (en) * | 1998-09-09 | 2005-02-24 | Gil Raanan | Method and system for extracting application protocol characteristics |
US20020010855A1 (en) * | 2000-03-03 | 2002-01-24 | Eran Reshef | System for determining web application vulnerabilities |
US6996845B1 (en) * | 2000-11-28 | 2006-02-07 | S.P.I. Dynamics Incorporated | Internet security analysis system and process |
CN1610887A (zh) * | 2001-12-31 | 2005-04-27 | 大本营安全软件公司 | 计算机脆弱性自动解决方案系统 |
US20070156644A1 (en) * | 2006-01-05 | 2007-07-05 | Microsoft Corporation | SQL injection detector |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106656924A (zh) * | 2015-10-30 | 2017-05-10 | 北京神州泰岳软件股份有限公司 | 一种设备安全漏洞的处理方法和装置 |
CN106446289A (zh) * | 2016-11-11 | 2017-02-22 | 无锡雅座在线科技发展有限公司 | 基于Pinpoint的信息查询方法和装置 |
CN106446289B (zh) * | 2016-11-11 | 2019-10-01 | 无锡雅座在线科技股份有限公司 | 基于Pinpoint的信息查询方法和装置 |
CN107194258A (zh) * | 2017-04-06 | 2017-09-22 | 珠海格力电器股份有限公司 | 监测代码漏洞的方法、装置及电子设备、存储介质 |
CN112154420A (zh) * | 2018-05-30 | 2020-12-29 | 微软技术许可有限责任公司 | 自动智能云服务测试工具 |
CN112154420B (zh) * | 2018-05-30 | 2024-04-30 | 微软技术许可有限责任公司 | 自动智能云服务测试工具 |
Also Published As
Publication number | Publication date |
---|---|
BR112013030660A2 (pt) | 2016-12-06 |
KR101745758B1 (ko) | 2017-06-09 |
JP5801953B2 (ja) | 2015-10-28 |
US9215247B2 (en) | 2015-12-15 |
EP2715599A1 (en) | 2014-04-09 |
KR20140043081A (ko) | 2014-04-08 |
WO2012166120A1 (en) | 2012-12-06 |
US20140082739A1 (en) | 2014-03-20 |
CN103562923B (zh) | 2016-09-07 |
EP2715599B1 (en) | 2019-07-03 |
JP2014517968A (ja) | 2014-07-24 |
EP2715599A4 (en) | 2015-03-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103562923A (zh) | 应用程序安全测试 | |
US10489283B2 (en) | Software defect reporting | |
TWI575397B (zh) | 利用運行期代理器及動態安全分析之應用程式逐點保護技術 | |
CN108989355B (zh) | 一种漏洞检测方法和装置 | |
US9501650B2 (en) | Application security testing | |
CN101964025B (zh) | Xss检测方法和设备 | |
US20180351986A1 (en) | Cross-site request forgery (csrf) vulnerability detection | |
TWI574173B (zh) | 決定受測應用程式安全活動之技術 | |
US20130086554A1 (en) | Analytics Driven Development | |
CN110674506B (zh) | 快速验证应用程序漏洞状态的方法及系统 | |
CN108459850B (zh) | 生成测试脚本的方法、装置及系统 | |
US10705949B2 (en) | Evaluation of library test suites using mutation testing | |
US11874728B2 (en) | Software application diagnostic aid | |
CN111654495B (zh) | 用于确定流量产生来源的方法、装置、设备及存储介质 | |
CN113114680A (zh) | 用于文件上传漏洞的检测方法和检测装置 | |
CN113362173A (zh) | 防重机制验证方法、验证系统、电子设备及存储介质 | |
CN116450533B (zh) | 用于应用程序的安全检测方法、装置、电子设备和介质 | |
CN113535568B (zh) | 应用部署版本的验证方法、装置、设备和介质 | |
CN115344490A (zh) | 一种测试软件产品的方法、装置、存储介质及电子设备 | |
JP5978368B2 (ja) | アプリケーションのセキュリティ検査 | |
KR102415833B1 (ko) | 취약점 진단방법 및 이를 위한 진단장치 | |
Shinde et al. | FAULTS FINDING ANALYZER OF WEB APPLICATIONS | |
CN118312695A (zh) | 页面展示方法和装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C41 | Transfer of patent application or patent right or utility model | ||
TR01 | Transfer of patent right |
Effective date of registration: 20170103 Address after: American Texas Patentee after: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP Address before: American Texas Patentee before: Hewlett-Packard Development Company, L.P. |
|
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20180611 Address after: American California Patentee after: Antite Software Co., Ltd. Address before: American Texas Patentee before: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP |
|
CP03 | Change of name, title or address | ||
CP03 | Change of name, title or address |
Address after: Utah, USA Patentee after: Weifosi Co., Ltd Address before: California, USA Patentee before: Antiy Software Co.,Ltd. |