CN103562923B - 应用程序安全测试 - Google Patents
应用程序安全测试 Download PDFInfo
- Publication number
- CN103562923B CN103562923B CN201180071281.4A CN201180071281A CN103562923B CN 103562923 B CN103562923 B CN 103562923B CN 201180071281 A CN201180071281 A CN 201180071281A CN 103562923 B CN103562923 B CN 103562923B
- Authority
- CN
- China
- Prior art keywords
- aut
- observer
- application
- response
- leak
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3688—Test management for test execution, e.g. scheduling of test suites
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/0706—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment
- G06F11/0727—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment in a storage system, e.g. in a DASD or network based storage system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/0793—Remedial or corrective actions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
- G06F15/16—Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Abstract
Description
Claims (12)
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/US2011/038609 WO2012166120A1 (en) | 2011-05-31 | 2011-05-31 | Application security testing |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103562923A CN103562923A (zh) | 2014-02-05 |
CN103562923B true CN103562923B (zh) | 2016-09-07 |
Family
ID=47259662
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201180071281.4A Active CN103562923B (zh) | 2011-05-31 | 2011-05-31 | 应用程序安全测试 |
Country Status (7)
Country | Link |
---|---|
US (1) | US9215247B2 (zh) |
EP (1) | EP2715599B1 (zh) |
JP (1) | JP5801953B2 (zh) |
KR (1) | KR101745758B1 (zh) |
CN (1) | CN103562923B (zh) |
BR (1) | BR112013030660A2 (zh) |
WO (1) | WO2012166120A1 (zh) |
Families Citing this family (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9747187B2 (en) | 2010-10-27 | 2017-08-29 | International Business Machines Corporation | Simulating black box test results using information from white box testing |
US10701097B2 (en) * | 2011-12-20 | 2020-06-30 | Micro Focus Llc | Application security testing |
US10210335B2 (en) * | 2012-07-26 | 2019-02-19 | Entit Software Llc | Application security testing |
CN105210075A (zh) * | 2013-04-19 | 2015-12-30 | 惠普发展公司,有限责任合伙企业 | 被测应用程序的未使用参数 |
CN105409265B (zh) * | 2013-08-29 | 2019-09-06 | 诺基亚技术有限公司 | 用于自适应安全性的方法和装置 |
US9195570B2 (en) | 2013-09-27 | 2015-11-24 | International Business Machines Corporation | Progressive black-box testing of computer software applications |
US9363284B2 (en) * | 2013-12-11 | 2016-06-07 | International Business Machines Corporation | Testing web applications for security vulnerabilities with metarequests |
WO2015116138A1 (en) * | 2014-01-31 | 2015-08-06 | Hewlett-Packard Development Company | Application test using attack suggestions |
US10423793B2 (en) | 2014-06-19 | 2019-09-24 | Entit Software Llc | Install runtime agent for security test |
WO2016036368A1 (en) * | 2014-09-04 | 2016-03-10 | Hewlett Packard Enterprise Development Lp | Determine protective measure for data that meets criteria |
WO2016048322A1 (en) * | 2014-09-25 | 2016-03-31 | Hewlett Packard Enterprise Development Lp | Determine secure activity of application under test |
EP3202090A4 (en) * | 2014-09-29 | 2018-06-13 | Hewlett-Packard Enterprise Development LP | Detection of email-related vulnerabilities |
CA2968201C (en) * | 2014-11-25 | 2021-01-05 | enSilo Ltd. | Systems and methods for malicious code detection |
CN104506522B (zh) * | 2014-12-19 | 2017-12-26 | 北京神州绿盟信息安全科技股份有限公司 | 漏洞扫描方法及装置 |
US9350750B1 (en) * | 2015-04-03 | 2016-05-24 | Area 1 Security, Inc. | Distribution of security rules among sensor computers |
US9817676B2 (en) * | 2015-06-23 | 2017-11-14 | Mcafee, Inc. | Cognitive protection of critical industrial solutions using IoT sensor fusion |
CN106656924A (zh) * | 2015-10-30 | 2017-05-10 | 北京神州泰岳软件股份有限公司 | 一种设备安全漏洞的处理方法和装置 |
WO2017160309A1 (en) * | 2016-03-18 | 2017-09-21 | Entit Software Llc | Assisting a scanning session |
CN106446289B (zh) * | 2016-11-11 | 2019-10-01 | 无锡雅座在线科技股份有限公司 | 基于Pinpoint的信息查询方法和装置 |
CN107194258B (zh) * | 2017-04-06 | 2019-10-01 | 珠海格力电器股份有限公司 | 监测代码漏洞的方法、装置及电子设备、存储介质 |
US10616263B1 (en) * | 2017-09-13 | 2020-04-07 | Wells Fargo Bank, N.A. | Systems and methods of web application security control governance |
US10387659B1 (en) | 2018-10-31 | 2019-08-20 | Capital One Services, Llc | Methods and systems for de-duplication of findings |
KR102231722B1 (ko) * | 2019-03-28 | 2021-03-25 | 네이버클라우드 주식회사 | 취약점 중복판단방법 및 이를 이용하는 진단장치 |
US11087333B2 (en) * | 2019-07-30 | 2021-08-10 | Salesforce.Com, Inc. | Facilitating session-based read/write of context variables to share information across multiple microservices |
US11907378B2 (en) | 2020-08-27 | 2024-02-20 | Virsec Systems, Inc. | Automated application vulnerability and risk assessment |
KR102558388B1 (ko) | 2021-03-18 | 2023-07-24 | 주식회사 대양 | 건물 지붕에 태양광 패널을 고정하는 구조물 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1610887A (zh) * | 2001-12-31 | 2005-04-27 | 大本营安全软件公司 | 计算机脆弱性自动解决方案系统 |
US6996845B1 (en) * | 2000-11-28 | 2006-02-07 | S.P.I. Dynamics Incorporated | Internet security analysis system and process |
Family Cites Families (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6311278B1 (en) * | 1998-09-09 | 2001-10-30 | Sanctum Ltd. | Method and system for extracting application protocol characteristics |
WO2001065330A2 (en) * | 2000-03-03 | 2001-09-07 | Sanctum Ltd. | System for determining web application vulnerabilities |
US6826716B2 (en) | 2001-09-26 | 2004-11-30 | International Business Machines Corporation | Test programs for enterprise web applications |
US8566945B2 (en) * | 2004-02-11 | 2013-10-22 | Hewlett-Packard Development Company, L.P. | System and method for testing web applications with recursive discovery and analysis |
US7765597B2 (en) | 2004-02-11 | 2010-07-27 | Hewlett-Packard Development Company, L.P. | Integrated crawling and auditing of web applications and web content |
US7207065B2 (en) * | 2004-06-04 | 2007-04-17 | Fortify Software, Inc. | Apparatus and method for developing secure software |
US7975306B2 (en) * | 2004-06-04 | 2011-07-05 | Hewlett-Packard Development Company, L.P. | Apparatus and method for monitoring secure software |
US20050273860A1 (en) * | 2004-06-04 | 2005-12-08 | Brian Chess | Apparatus and method for developing, testing and monitoring secure software |
US20050273859A1 (en) * | 2004-06-04 | 2005-12-08 | Brian Chess | Apparatus and method for testing secure software |
US8281401B2 (en) * | 2005-01-25 | 2012-10-02 | Whitehat Security, Inc. | System for detecting vulnerabilities in web applications using client-side application interfaces |
US20070061885A1 (en) | 2005-09-09 | 2007-03-15 | Hammes Peter C | System and method for managing security testing |
US20070101196A1 (en) * | 2005-11-01 | 2007-05-03 | Rogers William A | Functional testing and verification of software application |
US20070156644A1 (en) * | 2006-01-05 | 2007-07-05 | Microsoft Corporation | SQL injection detector |
US7818788B2 (en) | 2006-02-14 | 2010-10-19 | Microsoft Corporation | Web application security frame |
JP2007241906A (ja) * | 2006-03-11 | 2007-09-20 | Hitachi Software Eng Co Ltd | Webアプリケーション脆弱性動的検査方法およびシステム |
US8789187B1 (en) * | 2006-09-28 | 2014-07-22 | Whitehat Security, Inc. | Pattern tracking and capturing human insight in a web application security scanner |
US8087088B1 (en) | 2006-09-28 | 2011-12-27 | Whitehat Security, Inc. | Using fuzzy classification models to perform matching operations in a web application security scanner |
US8656495B2 (en) * | 2006-11-17 | 2014-02-18 | Hewlett-Packard Development Company, L.P. | Web application assessment based on intelligent generation of attack strings |
US9069967B2 (en) | 2007-02-16 | 2015-06-30 | Veracode, Inc. | Assessment and analysis of software security flaws |
US8484738B2 (en) | 2007-03-06 | 2013-07-09 | Core Sdi Incorporated | System and method for providing application penetration testing |
JP4193196B1 (ja) * | 2007-05-30 | 2008-12-10 | 株式会社ファイブドライブ | Webサービス提供システム検査装置及びWebサービス提供システム検査プログラム |
US8631116B2 (en) | 2007-11-28 | 2014-01-14 | Ccip Corp. | System and method for active business configured website monitoring |
US8601586B1 (en) * | 2008-03-24 | 2013-12-03 | Google Inc. | Method and system for detecting web application vulnerabilities |
US20090282480A1 (en) * | 2008-05-08 | 2009-11-12 | Edward Lee | Apparatus and Method for Monitoring Program Invariants to Identify Security Anomalies |
JP2010033543A (ja) | 2008-06-24 | 2010-02-12 | Smg Kk | ソフトウエア動作監視システム、そのクライアントコンピュータおよびサーバコンピュータ、並びに、そのプログラム |
US20090327943A1 (en) | 2008-06-26 | 2009-12-31 | Microsoft Corporation | Identifying application program threats through structural analysis |
US8141158B2 (en) | 2008-12-31 | 2012-03-20 | International Business Machines Corporation | Measuring coverage of application inputs for advanced web application security testing |
US8347393B2 (en) | 2009-01-09 | 2013-01-01 | Hewlett-Packard Development Company, L.P. | Method and system for detecting a state of a web application using a signature |
JP2010267266A (ja) | 2009-05-18 | 2010-11-25 | Nst:Kk | 試験支援装置および試験支援方法 |
WO2011109420A1 (en) * | 2010-03-01 | 2011-09-09 | Silver Tail Systems | System and method for network security including detection of attacks through partner websites |
-
2011
- 2011-05-31 EP EP11866677.5A patent/EP2715599B1/en active Active
- 2011-05-31 WO PCT/US2011/038609 patent/WO2012166120A1/en active Application Filing
- 2011-05-31 US US14/116,000 patent/US9215247B2/en active Active
- 2011-05-31 KR KR1020137031661A patent/KR101745758B1/ko active IP Right Grant
- 2011-05-31 CN CN201180071281.4A patent/CN103562923B/zh active Active
- 2011-05-31 BR BR112013030660A patent/BR112013030660A2/pt not_active Application Discontinuation
- 2011-05-31 JP JP2014511332A patent/JP5801953B2/ja active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6996845B1 (en) * | 2000-11-28 | 2006-02-07 | S.P.I. Dynamics Incorporated | Internet security analysis system and process |
CN1610887A (zh) * | 2001-12-31 | 2005-04-27 | 大本营安全软件公司 | 计算机脆弱性自动解决方案系统 |
Also Published As
Publication number | Publication date |
---|---|
EP2715599A1 (en) | 2014-04-09 |
KR101745758B1 (ko) | 2017-06-09 |
EP2715599A4 (en) | 2015-03-04 |
KR20140043081A (ko) | 2014-04-08 |
BR112013030660A2 (pt) | 2016-12-06 |
US20140082739A1 (en) | 2014-03-20 |
US9215247B2 (en) | 2015-12-15 |
JP5801953B2 (ja) | 2015-10-28 |
EP2715599B1 (en) | 2019-07-03 |
CN103562923A (zh) | 2014-02-05 |
WO2012166120A1 (en) | 2012-12-06 |
JP2014517968A (ja) | 2014-07-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103562923B (zh) | 应用程序安全测试 | |
TWI575397B (zh) | 利用運行期代理器及動態安全分析之應用程式逐點保護技術 | |
CA2777434C (en) | Verifying application security vulnerabilities | |
US9501650B2 (en) | Application security testing | |
CN108989355B (zh) | 一种漏洞检测方法和装置 | |
US9311214B2 (en) | System and methods for tracing individual transactions across a mainframe computing environment | |
CN104303189B (zh) | 用于确定应用程序漏洞的系统及方法 | |
TWI574173B (zh) | 決定受測應用程式安全活動之技術 | |
US10705949B2 (en) | Evaluation of library test suites using mutation testing | |
US9317398B1 (en) | Vendor and version independent browser driver | |
CN114003794A (zh) | 资产收集方法、装置、电子设备和介质 | |
CN110427757A (zh) | 一种Android漏洞检测方法、系统及相关装置 | |
US10242199B2 (en) | Application test using attack suggestions | |
CN111125066B (zh) | 检测数据库审计设备功能的方法及装置 | |
US10650148B2 (en) | Determine protective measure for data that meets criteria | |
US10097565B1 (en) | Managing browser security in a testing context | |
Memon | Advances in Computers | |
CN116450533B (zh) | 用于应用程序的安全检测方法、装置、电子设备和介质 | |
Laranjeiro et al. | Testing data-centric services using poor quality data: from relational to NoSQL document databases | |
US11720426B2 (en) | Client-side automated application programming interface (API) mapping | |
CN115562945A (zh) | 链路信息的确定方法及装置、存储介质、电子设备 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C41 | Transfer of patent application or patent right or utility model | ||
TR01 | Transfer of patent right |
Effective date of registration: 20170103 Address after: American Texas Patentee after: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP Address before: American Texas Patentee before: Hewlett-Packard Development Company, L.P. |
|
TR01 | Transfer of patent right |
Effective date of registration: 20180611 Address after: American California Patentee after: Antite Software Co., Ltd. Address before: American Texas Patentee before: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP |
|
TR01 | Transfer of patent right | ||
CP03 | Change of name, title or address |
Address after: Utah, USA Patentee after: Weifosi Co., Ltd Address before: California, USA Patentee before: Antiy Software Co.,Ltd. |
|
CP03 | Change of name, title or address |