CN107122666A - The methods of risk assessment and device of financial application - Google Patents

The methods of risk assessment and device of financial application Download PDF

Info

Publication number
CN107122666A
CN107122666A CN201611106063.0A CN201611106063A CN107122666A CN 107122666 A CN107122666 A CN 107122666A CN 201611106063 A CN201611106063 A CN 201611106063A CN 107122666 A CN107122666 A CN 107122666A
Authority
CN
China
Prior art keywords
risk
assessed
risk assessment
assessment
mobile financial
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611106063.0A
Other languages
Chinese (zh)
Inventor
夏雷
陈曦
杨继龙
常晋云
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Merchants Bank Co Ltd
Original Assignee
China Merchants Bank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Merchants Bank Co Ltd filed Critical China Merchants Bank Co Ltd
Priority to CN201611106063.0A priority Critical patent/CN107122666A/en
Publication of CN107122666A publication Critical patent/CN107122666A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention discloses a kind of methods of risk assessment of financial application, this method includes:Obtain mobile financial applications file to be assessed;According to default risk assessment, risk assessment is carried out to the mobile financial applications file to be assessed, the risk assessment includes one or more of reverse risk assessment, code risk assessment and business risk assessment;The risk evaluation result of comprehensive each risk assessment, obtains the risk evaluation result of the mobile financial applications file to be assessed.The invention also discloses a kind of risk assessment device of financial application.The present invention can be realized to integrate mobile financial application and comprehensively assessed, so as to provide effective reference for mobile financial application reply leaking data risk.

Description

The methods of risk assessment and device of financial application
Technical field
The present invention relates to the methods of risk assessment and device in mobile financial technology field, more particularly to financial application.
Background technology
With the fast development of mobile Internet and smart mobile phone, Ge Jia business banks are proposed including Mobile banking one after another The abundant all kinds of mobile financial applications of form inside, towards different crowd, different scenes, there is provided flexibly easily mobile financial Service.While mobile finance is fast-developing, the safety problem for being related to system and information also seems more and more important.
In the prior art, Mobile solution methods of risk assessment lays particular emphasis on safety defect or leakage present in detection Mobile solution Hole, these technologies are estimated or tested to mobile applications usually using either statically or dynamically analysis method.In general, pin It is to the main process of the Static Analysis Method of Mobile solution:1) decompiling mobile applications, obtain decompiling code;2) divide Analyse application configuration file, the safety problem such as securing component, authority;3) decompiling code is analyzed, the safety defect in code is obtained Or leak;4) safety problem is collected, staticaanalysis results are provided;And for the dynamic analysing method main process of Mobile solution For:1) the Dynamic Execution Mobile solution in prototype or analog machine;2) related tool or technical limit spacing dynamic data are used, analysis should The safety defect present in or leak;3) safety problem is collected, dynamic analysis result is provided.
Above method is the universal method of mobile application security risk assessment, but for the assessment of mobile financial application For, it can more pay attention to the risk in terms of sensitive data, therefore assess the sensitive data leakage wind of a mobile financial application When dangerous, there is problems with prior art:
1) for reverse attack, do not consider to move financial application by the leaking data risk under decompiling situation;
2) for code security, hard coded, the database risk of financial correlation are not considered;
3) for service security, do not consider to move the key scenes evaluation requirements such as financial application login, payment.
The content of the invention
It is a primary object of the present invention to propose the methods of risk assessment and device of a kind of financial application, it is intended to realize to moving Dynamic financial application, which is integrated, comprehensively to be assessed, so as to provide effective ginseng for mobile financial application reply leaking data risk Examine.
To achieve the above object, the present invention provides a kind of methods of risk assessment of financial application, applied to mobile terminal, institute The method of stating comprises the following steps:
Obtain mobile financial applications file to be assessed;
According to default risk assessment, risk assessment is carried out to the mobile financial applications file to be assessed, The risk assessment includes one or more of reverse risk assessment, code risk assessment and business risk assessment;
The risk evaluation result of comprehensive each risk assessment, obtains the mobile financial applications file to be assessed Risk evaluation result.
Alternatively, it is described according to default risk assessment, to the mobile financial applications text to be assessed The step of part carries out risk assessment includes:
Carry out anti-decompiling capability evaluation respectively to the mobile financial applications file to be assessed, prevent beating again bag energy Force estimation, using obscure assess and/or application reinforce assess, obtain reverse risk evaluation result;
Daily record risk assessment, hard coded risk are carried out respectively to the mobile financial applications file to be assessed to comment Estimate, it is weak encryption risk assessment, database risk assessment, external storage risk assessment and/or apply catalogue risk assessment, obtain generation Code risk evaluation result;
Link is logged in, is inquired about, transferred accounts and paid respectively to the mobile financial applications file to be assessed Assess, obtain business risk assessment result.
Alternatively, it is described that daily record risk assessment, hard coded are carried out respectively to mobile financial applications file to be assessed Risk assessment, weak encryption risk assessment, database risk assessment, external storage risk assessment and/or application catalogue risk assessment, The step of obtaining code risk evaluation result includes:
Decompiling is carried out to the mobile financial applications file to be assessed, decompiling code is obtained;
Scan respectively daily record risk in the decompiling code, hard coded risk, weak encryption risk, database risk, External storage risk and/or application catalogue risk;
Code risk evaluation result is obtained according to scanning result.
Alternatively, it is described the mobile financial applications file to be assessed is logged in respectively, inquired about, is transferred accounts and The assessment of link is paid, the step of obtaining business risk assessment result includes:
The mobile financial applications file to be assessed is run in simulator;
Monitor the mobile financial applications file to be assessed and log in, inquire about, transfer accounts and paying the operation of link State;
Business risk assessment result is obtained according to the running status.
Alternatively, the risk evaluation result of each risk assessment of the synthesis, obtains the mobile finance to be assessed After the step of risk evaluation result of application file, in addition to:
Corresponding indicating risk is exported according to the risk evaluation result of the mobile financial applications file to be assessed Information and reparation advisory information.
In addition, to achieve the above object, the present invention also provides a kind of risk assessment device of mobile financial application, is applied to Mobile terminal, described device includes:
Acquisition module, the mobile financial applications file to be assessed for obtaining;
Evaluation module, for according to default risk assessment, to the mobile financial applications file to be assessed Risk assessment is carried out, the risk assessment includes one during reverse risk assessment, code risk assessment and business risk are assessed It is individual or multiple;
Integration module, the risk evaluation result for integrating each risk assessment, obtains the mobile gold to be assessed Melt the risk evaluation result of application file.
Alternatively, the evaluation module includes:
First assessment unit, for carrying out anti-decompiling energy respectively to the mobile financial applications file to be assessed Force estimation, it is anti-beat again bag capability evaluation, assess and/or application is reinforced and assessed using obscuring, obtain reverse risk evaluation result;
Second assessment unit, is commented for carrying out daily record risk respectively to the mobile financial applications file to be assessed Estimate, hard coded risk assessment, weak encryption risk assessment, database risk assessment, external storage risk assessment and/or apply catalogue Risk assessment, obtains code risk evaluation result;
3rd assessment unit, for being logged in, being inquired about respectively to the mobile financial applications file to be assessed, The assessment of link is transferred accounts and paid, business risk assessment result is obtained.
Alternatively, second assessment unit is additionally operable to:
Decompiling is carried out to the mobile financial applications file to be assessed, decompiling code is obtained;
Scan respectively daily record risk in the decompiling code, hard coded risk, weak encryption risk, database risk, External storage risk and/or application catalogue risk;
Code risk evaluation result is obtained according to scanning result.
Alternatively, the 3rd assessment unit is additionally operable to:
The mobile financial applications file to be assessed is run in simulator;
Monitor the mobile financial applications file to be assessed and log in, inquire about, transfer accounts and paying the operation of link State;
Business risk assessment result is obtained according to the running status.
Alternatively, described device also includes:
Output module, for exporting phase according to the risk evaluation result of the mobile financial applications file to be assessed The indicating risk information and reparation advisory information answered.
The present invention obtains mobile financial applications file to be assessed;According to default risk assessment, treated to described The mobile financial applications file assessed carries out risk assessment, and the risk assessment includes reverse risk assessment, code wind One or more of danger is assessed and business risk is assessed;The risk evaluation result of comprehensive each risk assessment, obtains described The risk evaluation result of mobile financial applications file to be assessed.By the above-mentioned means, the present invention considers mobile finance , being capable of comprehensive assessment movement financial application by the way that various risks are included into risk assessment using various risks that may be present The leaking data risk faced, is comprehensively assessed so as to realize to integrate mobile financial application, for mobile finance Effective reference is provided using reply leaking data risk.
Brief description of the drawings
Fig. 1 is the schematic flow sheet of the methods of risk assessment first embodiment of financial application of the present invention;
Fig. 2 carries out reverse risk assessment, code risk to mobile financial applications file to be assessed for the present invention and commented Estimate the overall workflow schematic diagram assessed with business risk;
Fig. 3 is the schematic flow sheet of the methods of risk assessment second embodiment of financial application of the present invention;
Fig. 4 is the schematic flow sheet of the reverse embodiment of risk assessment one of the present invention;
Fig. 5 is the schematic flow sheet of the embodiment of code risk assessment one of the present invention;
Fig. 6 is the schematic flow sheet that business risk of the present invention assesses an embodiment;
Fig. 7 is the schematic flow sheet of the methods of risk assessment 3rd embodiment of financial application of the present invention;
Fig. 8 is the high-level schematic functional block diagram of the risk assessment device first embodiment of financial application of the present invention;
Fig. 9 is the refinement high-level schematic functional block diagram of evaluation module 200 in Fig. 8;
Figure 10 is the high-level schematic functional block diagram of the risk assessment device second embodiment of financial application of the present invention.
The realization, functional characteristics and advantage of the object of the invention will be described further referring to the drawings in conjunction with the embodiments.
Embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
The present invention provides a kind of methods of risk assessment of financial application.
Reference picture 1, Fig. 1 is the schematic flow sheet of the methods of risk assessment first embodiment of financial application of the present invention.It is described Method comprises the following steps:
Step S100, obtains mobile financial applications file to be assessed.
Mobile financial application in the present embodiment refers to be arranged on mobile terminal that (such as smart mobile phone, tablet personal computer can be with Access internet equipment) on all kinds of financial applications, such as Mobile banking APP, pay APP, financing APP.Relative to other The security risk assessment of application, mobile financial application can more pay attention to the risk in terms of sensitive data, such as user bank card number, Identification card number and password etc..Sensitive data disclosure risk for the mobile financial application of reduction to mobile financial application, it is necessary to enter Row synthesis is comprehensively assessed.
In the present embodiment, mobile financial application to be assessed can be carried out by dependent evaluation software or appraisal procedure Assess.Specifically, user, which opens, assesses software, and chooses the mobile finance for needing to be estimated in system by the assessment software Application file, as mobile financial applications file to be assessed.
Step S200, according to default risk assessment, is carried out to the mobile financial applications file to be assessed Risk assessment, the risk assessment include one during reverse risk assessment, code risk assessment and business risk are assessed or It is multiple.
After mobile financial applications file to be assessed is got, software is assessed according still further to default risk assessment , risk assessment is carried out to mobile financial applications file to be assessed, the present embodiment is inverse with default risk assessment Assess and illustrate to risk assessment, code risk assessment and business risk.
Wherein, reverse risk assessment can from anti-decompiling, anti-reversing, obscure with reinforcement ability four directions face application carry out Assess.Anti- decompiling and anti-inclusion of beating again now apply reverse and crack tool the ability of reply automation, possess these abilities The sensitive data leakage caused using that can prevent from applying by malicious modification.Obscure and reinforce and then embody peace of the application to code Full protection ability, the application through obscuring and reinforcing being capable of covered code logic, class and method implication, character string implication, function reality Now wait sensitive data.
Code risk assessment is then analyzed for decompiling code, can from daily record, hard coded, weak encryption, database, Risk assessment is carried out in terms of external storage and application catalogue, except considering the sensitive data in universal method in evaluation process Outside, also sensitive data that account is related to transaction as assessment a part, to be adapted to mobile financial application.
Business risk assesses the actual assessment demand according to mobile financial application, can will log in, inquire about, transfers accounts, paying Business risk etc. key link includes assessment, analyzes each key link leaking data risk that may be present.
Step S300, the risk evaluation result of comprehensive each risk assessment, obtaining the mobile finance to be assessed should With the risk evaluation result of program file.
Reference picture 2, Fig. 2 carries out reverse risk assessment, generation for the present invention to mobile financial applications file to be assessed The overall workflow schematic diagram that code risk assessment and business risk are assessed.Software is assessed to mobile financial application journey to be assessed Preface part is carried out after reverse risk assessment, code risk assessment and business risk assessment respectively, by the assessment of these three assessments As a result integrated and collected, that is, obtain the assessment result of mobile financial applications file to be assessed.
It should be noted that the methods of risk assessment of financial application of the present invention is mainly for mobile financial application, but not It is limited to move financial application, such as the methods of risk assessment of financial application of the present invention can equally be well applied to be arranged on desktop computer Financial application.In addition, in addition to reverse risk assessment, code risk assessment and business risk assess equivalent risk estimation items, this hair Bright default risk assessment can also include other kinds of risk assessment, such as network attack risk, fishing deception wind Danger etc., those skilled in the art flexibly can select and set according to actual needs risk assessment.
In the present embodiment, assess software and obtain mobile financial applications file to be assessed;According to default risk Estimation items, risk assessment is carried out to the mobile financial applications file to be assessed, and the risk assessment includes reverse One or more of risk assessment, code risk assessment and business risk assessment;The risk of comprehensive each risk assessment is commented Estimate result, obtain the risk evaluation result of the mobile financial applications file to be assessed.By the above-mentioned means, this implementation Example considers mobile financial application various risks that may be present, by the way that various risks are included into risk assessment, can integrate The leaking data risk that mobile financial application is faced is assessed, mobile financial application is integrated comprehensively so as to realize Assess, effective reference is provided for mobile financial application reply leaking data risk.
Further, reference picture 3, Fig. 3 shows for the flow of the methods of risk assessment second embodiment of financial application of the present invention It is intended to.Based on the embodiment shown in above-mentioned Fig. 1, the step S20 can include:
Step S210, the mobile financial applications file to be assessed is carried out respectively anti-decompiling capability evaluation, It is anti-to beat again bag capability evaluation, assess and/or assessed using reinforcing using obscuring, obtain reverse risk evaluation result;
Reference picture 4, Fig. 4 is the schematic flow sheet of the reverse embodiment of risk assessment one of the present invention.The assessment of reverse risk Journey can be:
1) mobile financial applications file is inputted, file is the installation kit of application.
2) decompiling is carried out to application using decompiling instrument, if it is possible to which the whole decompiling codes of generation, then application is anti- Decompiling ability is weak, if it is possible to generating portion decompiling code, then medium using anti-decompiling ability, if not generating anti-volume Translate code, then it is strong using anti-decompiling ability.Anti- decompiling ability is stronger, and decompiling risk is lower, on the contrary then decompiling risk It is higher.
It should be noted that decompiling is computer software reverse engineering, it is that high-level language source program becomes by compiling The inverse process of executable file, decompiling is a complicated process, and it is typically realized by decompiling software, such as C++ phases Decompiler exeScope, C# of pass:Related decompiler Reflector etc..
3) operation using bag of being unpacked, beaten again, if can finally generate application, is deposited using weight strapping tool Beating again bag risk;
4) assess whether application enters line code and resource is obscured, assessment mode can be:Analyze decompiling code and configuration File, whether detection class name, method name are random character, financial related urls (Uniform Resoure Locator, unified money Source finger URL), whether server address port, store path, bag name, crucial class name, key method name, the character string such as mailbox enter Go and hidden, whether the detection resource file related with the link such as logging in, inquiring about, transfer accounts, pay is random string etc.;
5) assess whether application reinforces, assessment mode can be:Component and the group actually contained in code in comparative arrangement Whether part is consistent, when having component to exist in configuration file and to be not present in code, is then judged as reinforcement application, meanwhile, It can also analyze after mobile financial application reinforcing, whether crucial logical transaction is protected etc..
Thus, reverse risk evaluation result is obtained.
It should be noted that above-mentioned steps only represent a kind of embodiment for assessing reverse risk, it is actual can be with when implementing Need not in strict accordance with above-mentioned steps execution sequence, only need to assess software and realize all or part of evaluation function of above-mentioned steps i.e. Can.
Step S220, daily record risk assessment, hard volume are carried out to the mobile financial applications file to be assessed respectively Code risk assessment, weak encryption risk assessment, database risk assessment, external storage risk assessment and/or application catalogue risk are commented Estimate, obtain code risk evaluation result;
Specifically, the step S220 can include:
Step S221, carries out decompiling to the mobile financial applications file to be assessed, obtains decompiling code;
Step S222, scans daily record risk in the decompiling code, hard coded risk, weak encryption risk, number respectively According to storehouse risk, external storage risk and/or using catalogue risk;
Step S223, code risk evaluation result is obtained according to scanning result.
Reference picture 5, Fig. 5 is the schematic flow sheet of the embodiment of code risk assessment one of the present invention.The assessment of code risk Journey can be:
1) mobile financial application decompiling code is inputted, code is generated by decompiling instrument;
2) daily record static risk, the sensitive data in the daily record output of code analysis, the sensitive data of financial application are scanned Including user name, password, accounts information, amount information, customer information, payment information, privacy of user data, facility information and heap Stack information etc.;
3) scan hard coded risk, sensitive character string present in code analysis, including encryption key, user name, password, Mailbox, and financial related urls, server address port, store path, bag name, crucial class name, key method name etc.;
4) AES used in weak encryption risk, code analysis, the weak encryption forbidden using financial application are scanned Algorithm will be identified that weak encryption risk;
5) data base call in scan database risk, code analysis, while detecting the data of storage whether containing sensitivity Data;
6) use of external storage in external storage risk, code analysis is scanned, while detecting whether the data of storage contain There is sensitive data;
7) use that catalogue is applied in catalogue risk, code analysis is applied in scanning, while detecting the data stored in catalogue Whether sensitive data is contained;
Thus, code risk evaluation result is obtained.
Explanation is needed also exist for, above-mentioned steps only represent a kind of embodiment for assessing code risk, during actual implementation May not necessarily in strict accordance with above-mentioned steps execution sequence, need to only assess software and realize that all or part of of above-mentioned steps assesses work( Energy.
Step S230, is logged in, is inquired about, transferred accounts and is propped up to the mobile financial applications file to be assessed respectively The assessment of link is paid, business risk assessment result is obtained.
Specifically, the step S230 can include:
Step S231, runs the mobile financial applications file to be assessed in simulator;
Step S232, monitors the mobile financial applications file to be assessed and is logging in, inquires about, transfers accounts and paying ring The running status of section;
Step S233, business risk assessment result is obtained according to the running status.
Reference picture 6, Fig. 6 is the schematic flow sheet that business risk of the present invention assesses an embodiment.The assessment of business risk Journey can be:
1) mobile financial application is installed, it is ensured that simulator can network under simulator environment, operation application;
2) daily record risk is assessed, logging in, the key business link usage log gripping tool such as to inquire about, transfer accounts, paying dynamic State obtains log information, and whether analysis wherein contains consistent in sensitive data, sensitive data scope and code risk assessment;
3) data transfer risk is assessed, logging in, the key business link crawl Http data such as inquires about, transfer accounts, paying, dividing Whether analysis wherein contains sensitive data, and simulator imports certificate and sets agency;Https data are captured simultaneously, in dynamic detection Whether certificate trusted situations, analysis wherein contains sensitive data;
4) screenshotss risk is assessed, logging in, the key business interface such as inquires about, transfer accounts, paying and carry out screenshotss test, if section Shield successfully, then there is screenshotss risk, wherein the key page face for moving financial application includes login, accounts information, transfers accounts and pay Etc. the page of process;
5) miscellaneous function risk is assessed, the pass log in, inquire about, transferring accounts, the key page such as pay is obtained using miscellaneous function Keying part is inputted, the correlation function that wherein miscellaneous function provides for system for physical disabilities, can obtain common defeated by the function Enter, key input includes the information such as user name, customer information, account and the amount of money.
Thus, business risk assessment result is obtained.
Explanation is needed also exist for, above-mentioned steps only represent a kind of embodiment for assessing business risk, during actual implementation May not necessarily in strict accordance with above-mentioned steps execution sequence, need to only assess software and realize that all or part of of above-mentioned steps assesses work( Energy.
In addition, carrying out reverse risk assessment, code wind to mobile financial applications file to be assessed in the present embodiment Danger is assessed, business risk is assessed, and the assessment of three types can concurrently be carried out, can also carried out according to default sequencing, Can flexibly it be set in specific implementation.
In the present embodiment, software is assessed by preventing respectively the mobile financial applications file to be assessed Decompiling capability evaluation, it is anti-beat again bag capability evaluation, assess and application is reinforced and assessed using obscuring, obtain reverse risk assessment knot Really;The mobile financial applications file to be assessed is carried out respectively daily record risk assessment, hard coded risk assessment, it is weak plus Close risk assessment, database risk assessment, external storage risk assessment and application catalogue risk assessment, obtain code risk assessment As a result;Commenting for link is logged in, is inquired about, transferred accounts and paid respectively to the mobile financial applications file to be assessed Estimate, obtain business risk assessment result.By the above-mentioned means, the assessment knot of each estimation items can comprehensively be obtained by assessing software Really, it is that developer carries so as to comprehensively assess mobile financial application leaking data risk that may be present from all angles For effective reference.
Further, reference picture 7, Fig. 7 shows for the flow of the methods of risk assessment 3rd embodiment of financial application of the present invention It is intended to.Based on the above embodiments, after the step S300, it can include:
Step S400, exports corresponding according to the risk evaluation result of the mobile financial applications file to be assessed Indicating risk information and reparation advisory information.
After the risk evaluation result of mobile financial applications file to be assessed is obtained, assessing software can export Corresponding indicating risk information and repair advisory information, such as the issuable consequence of risk category, risk class, risk and Optional solution of these risks etc. is tackled, so as to provide effective reference for developer.
The present invention also provides a kind of risk assessment device of financial application.
Reference picture 8, Fig. 8 is the high-level schematic functional block diagram of the risk assessment device first embodiment of financial application of the present invention. Described device includes:
Acquisition module 100, the mobile financial applications file to be assessed for obtaining.
Mobile financial application in the present embodiment refers to be arranged on mobile terminal that (such as smart mobile phone, tablet personal computer can be with Access internet equipment) on all kinds of financial applications, such as Mobile banking APP, pay APP, financing APP.Relative to other The security risk assessment of application, mobile financial application can more pay attention to the risk in terms of sensitive data, such as user bank card number, Identification card number and password etc..Sensitive data disclosure risk for the mobile financial application of reduction to mobile financial application, it is necessary to enter Row synthesis is comprehensively assessed.
In the present embodiment, mobile financial application to be assessed can be carried out by dependent evaluation software or appraisal procedure Assess.Specifically, user, which opens, assesses software, and chooses the mobile finance for needing to be estimated in system by the assessment software Application file, as mobile financial applications file to be assessed, acquisition module 100 gets to be assessed Mobile financial applications file.
Evaluation module 200, for according to default risk assessment, to the mobile financial applications text to be assessed Part carries out risk assessment, and the risk assessment is included in reverse risk assessment, code risk assessment and business risk assessment It is one or more.
Got in acquisition module 100 after mobile financial applications file to be assessed, evaluation module 200 is according still further to pre- If risk assessment, risk assessment is carried out to mobile financial applications file to be assessed, the present embodiment is with default wind Dangerous estimation items are that reverse risk assessment, code risk assessment and business risk assessment are illustrated.
Wherein, reverse risk assessment can from anti-decompiling, anti-reversing, obscure with reinforcement ability four directions face application carry out Assess.Anti- decompiling and anti-inclusion of beating again now apply reverse and crack tool the ability of reply automation, possess these abilities The sensitive data leakage caused using that can prevent from applying by malicious modification.Obscure and reinforce and then embody peace of the application to code Full protection ability, the application through obscuring and reinforcing being capable of covered code logic, class and method implication, character string implication, function reality Now wait sensitive data.
Code risk assessment is then analyzed for decompiling code, can from daily record, hard coded, weak encryption, database, Risk assessment is carried out in terms of external storage and application catalogue, except considering the sensitive data in universal method in evaluation process Outside, also sensitive data that account is related to transaction as assessment a part, to be adapted to mobile financial application.
Business risk assesses the actual assessment demand according to mobile financial application, can will log in, inquire about, transfers accounts, paying Business risk etc. key link includes assessment, analyzes each key link leaking data risk that may be present.
Integration module 300, the risk evaluation result for integrating each risk assessment, obtains the movement to be assessed The risk evaluation result of financial applications file.
Reference picture 2, Fig. 2 carries out reverse risk assessment, generation for the present invention to mobile financial applications file to be assessed The overall workflow schematic diagram that code risk assessment and business risk are assessed.Evaluation module 200 should to mobile finance to be assessed Carried out respectively with program file after reverse risk assessment, code risk assessment and business risk assess, integration module 300 by this The assessment result of three kinds of assessments is integrated and collected, that is, obtains the assessment knot of mobile financial applications file to be assessed Really.
It should be noted that the methods of risk assessment of financial application of the present invention is mainly for mobile financial application, but not It is limited to move financial application, such as the methods of risk assessment of financial application of the present invention can equally be well applied to be arranged on desktop computer Financial application.In addition, in addition to reverse risk assessment, code risk assessment and business risk assess equivalent risk estimation items, this hair Bright default risk assessment can also include other kinds of risk assessment, such as network attack risk, fishing deception wind Danger etc., those skilled in the art flexibly can select and set according to actual needs risk assessment.
In the present embodiment, acquisition module 100 obtains mobile financial applications file to be assessed;Evaluation module 200 According to default risk assessment, risk assessment, the risk are carried out to the mobile financial applications file to be assessed Estimation items include one or more of reverse risk assessment, code risk assessment and business risk assessment;Integration module 300 is comprehensive The risk evaluation result of each risk assessment is closed, the risk assessment of the mobile financial applications file to be assessed is obtained As a result.By the above-mentioned means, the present embodiment considers mobile financial application various risks that may be present, by by various risks Include risk assessment, can the leaking data risk that is faced of comprehensive assessment movement financial application, so as to realize to moving Dynamic financial application, which is integrated, comprehensively to be assessed, and effective reference is provided for mobile financial application reply leaking data risk.
Further, reference picture 9, Fig. 9 is the refinement high-level schematic functional block diagram of evaluation module 200 in Fig. 8.Based on above-mentioned figure Embodiment shown in 9, the evaluation module 200 can include:
First assessment unit 210, for carrying out counnter attack volume respectively to the mobile financial applications file to be assessed Capability evaluation is translated, prevents beating again bag capability evaluation, assess and/or assessed using reinforcing using obscuring, reverse risk assessment knot is obtained Really;
Reference picture 4, Fig. 4 is the schematic flow sheet of the reverse embodiment of risk assessment one of the present invention.The assessment of reverse risk Journey can be:
1) mobile financial applications file is inputted, file is the installation kit of application.
2) decompiling is carried out to application using decompiling instrument, if it is possible to which the whole decompiling codes of generation, then application is anti- Decompiling ability is weak, if it is possible to generating portion decompiling code, then medium using anti-decompiling ability, if not generating anti-volume Translate code, then it is strong using anti-decompiling ability.Anti- decompiling ability is stronger, and decompiling risk is lower, on the contrary then decompiling risk It is higher.
It should be noted that decompiling is computer software reverse engineering, it is that high-level language source program becomes by compiling The inverse process of executable file, decompiling is a complicated process, and it is typically realized by decompiling software, such as C++ phases Decompiler exeScope, C# of pass:Related decompiler Reflector etc..
3) operation using bag of being unpacked, beaten again, if can finally generate application, is deposited using weight strapping tool Beating again bag risk;
4) assess whether application enters line code and resource is obscured, assessment mode can be:Analyze decompiling code and configuration File, whether detection class name, method name are random character, financial related urls (Uniform Resoure Locator, unified money Source finger URL), whether server address port, store path, bag name, crucial class name, key method name, the character string such as mailbox enter Go and hidden, whether the detection resource file related with the link such as logging in, inquiring about, transfer accounts, pay is random string etc.;
5) assess whether application reinforces, assessment mode can be:Component and the group actually contained in code in comparative arrangement Whether part is consistent, when having component to exist in configuration file and to be not present in code, is then judged as reinforcement application, meanwhile, It can also analyze after mobile financial application reinforcing, whether crucial logical transaction is protected etc..
Thus, reverse risk evaluation result is obtained.
It should be noted that above-mentioned steps only represent a kind of embodiment for assessing reverse risk, it is actual can be with when implementing Need not in strict accordance with above-mentioned steps execution sequence, only need to assess software and realize all or part of evaluation function of above-mentioned steps i.e. Can.
Second assessment unit 220, for carrying out daily record wind respectively to the mobile financial applications file to be assessed Danger assessment, hard coded risk assessment, weak encryption risk assessment, database risk assessment, external storage risk assessment and/or application Catalogue risk assessment, obtains code risk evaluation result;
Further, second assessment unit 220 is additionally operable to:To the mobile financial applications file to be assessed Decompiling is carried out, decompiling code is obtained;Scan respectively daily record risk in the decompiling code, hard coded risk, it is weak plus Close risk, database risk, external storage risk and/or application catalogue risk;Code risk assessment is obtained according to scanning result As a result.
Reference picture 5, Fig. 5 is the schematic flow sheet of the embodiment of code risk assessment one of the present invention.The assessment of code risk Journey can be:
1) mobile financial application decompiling code is inputted, code is generated by decompiling instrument;
2) daily record static risk, the sensitive data in the daily record output of code analysis, the sensitive data of financial application are scanned Including user name, password, accounts information, amount information, customer information, payment information, privacy of user data, facility information and heap Stack information etc.;
3) scan hard coded risk, sensitive character string present in code analysis, including encryption key, user name, password, Mailbox, and financial related urls, server address port, store path, bag name, crucial class name, key method name etc.;
4) AES used in weak encryption risk, code analysis, the weak encryption forbidden using financial application are scanned Algorithm will be identified that weak encryption risk;
5) data base call in scan database risk, code analysis, while detecting the data of storage whether containing sensitivity Data;
6) use of external storage in external storage risk, code analysis is scanned, while detecting whether the data of storage contain There is sensitive data;
7) use that catalogue is applied in catalogue risk, code analysis is applied in scanning, while detecting the data stored in catalogue Whether sensitive data is contained;
Thus, code risk evaluation result is obtained.
Explanation is needed also exist for, above-mentioned steps only represent a kind of embodiment for assessing code risk, during actual implementation May not necessarily in strict accordance with above-mentioned steps execution sequence, need to only assess software and realize that all or part of of above-mentioned steps assesses work( Energy.
3rd assessment unit 230, for being logged in, being looked into respectively to the mobile financial applications file to be assessed The assessment of link is ask, transferred accounts and paid, business risk assessment result is obtained.
Further, the 3rd assessment unit 230 is additionally operable to:The mobile finance to be assessed is run in simulator Application file;Monitor the mobile financial applications file to be assessed and log in, inquire about, transfer accounts and paying link Running status;Business risk assessment result is obtained according to the running status.
Reference picture 6, Fig. 6 is the schematic flow sheet that business risk of the present invention assesses an embodiment.The assessment of business risk Journey can be:
1) mobile financial application is installed, it is ensured that simulator can network under simulator environment, operation application;
2) daily record risk is assessed, logging in, the key business link usage log gripping tool such as to inquire about, transfer accounts, paying dynamic State obtains log information, and whether analysis wherein contains consistent in sensitive data, sensitive data scope and code risk assessment;
3) data transfer risk is assessed, logging in, the key business link crawl Http data such as inquires about, transfer accounts, paying, dividing Whether analysis wherein contains sensitive data, and simulator imports certificate and sets agency;Https data are captured simultaneously, in dynamic detection Whether certificate trusted situations, analysis wherein contains sensitive data;
4) screenshotss risk is assessed, logging in, the key business interface such as inquires about, transfer accounts, paying and carry out screenshotss test, if section Shield successfully, then there is screenshotss risk, wherein the key page face for moving financial application includes login, accounts information, transfers accounts and pay Etc. the page of process;
5) miscellaneous function risk is assessed, the pass log in, inquire about, transferring accounts, the key page such as pay is obtained using miscellaneous function Keying part is inputted, the correlation function that wherein miscellaneous function provides for system for physical disabilities, can obtain common defeated by the function Enter, key input includes the information such as user name, customer information, account and the amount of money.
Thus, business risk assessment result is obtained.
Explanation is needed also exist for, above-mentioned steps only represent a kind of embodiment for assessing business risk, during actual implementation May not necessarily in strict accordance with above-mentioned steps execution sequence, need to only assess software and realize that all or part of of above-mentioned steps assesses work( Energy.
In addition, carrying out reverse risk assessment, code wind to mobile financial applications file to be assessed in the present embodiment Danger is assessed, business risk is assessed, and the assessment of three types can concurrently be carried out, can also carried out according to default sequencing, Can flexibly it be set in specific implementation.
In the present embodiment, the first assessment unit 210 passes through to the mobile financial applications file to be assessed point Anti- decompiling capability evaluation is not carried out, prevents beating again bag capability evaluation, assess and assessed using reinforcing using obscuring, and obtains counter blow Dangerous assessment result;Second 220 pairs of the assessment unit mobile financial applications file to be assessed carries out daily record risk respectively Assessment, hard coded risk assessment, weak encryption risk assessment, database risk assessment, external storage risk assessment and apply catalogue Risk assessment, obtains code risk evaluation result;3rd 230 pairs of the assessment unit mobile financial applications text to be assessed Part is logged in, is inquired about, transferred accounts and paid the assessment of link respectively, obtains business risk assessment result.By the above-mentioned means, commenting The assessment result of each estimation items can comprehensively be obtained by estimating software, so as to comprehensively assess mobile finance from all angles Using leaking data risk that may be present, effective reference is provided for developer.
Further, reference picture 10, Figure 10 is the function of the risk assessment device second embodiment of financial application of the present invention Module diagram.Based on the above embodiments, described device can also include:
Output module 400, it is defeated for the risk evaluation result according to the mobile financial applications file to be assessed Go out corresponding indicating risk information and repair advisory information.
After the risk evaluation result that mobile financial applications file to be assessed is obtained in integration module 300, output Module 400 can export corresponding indicating risk information and repair advisory information, such as risk category, risk class, risk can Consequence and tackle optional solution of these risks etc. that energy is produced, so as to provide effective reference for developer.
The preferred embodiments of the present invention are these are only, are not intended to limit the scope of the invention, it is every to utilize this hair Equivalent structure or equivalent flow conversion that bright specification and accompanying drawing content are made, or directly or indirectly it is used in other related skills Art field, is included within the scope of the present invention.

Claims (10)

1. a kind of methods of risk assessment of financial application, it is characterised in that applied to mobile terminal, methods described includes following step Suddenly:
Obtain mobile financial applications file to be assessed;
According to default risk assessment, risk assessment is carried out to the mobile financial applications file to be assessed, it is described Risk assessment includes one or more of reverse risk assessment, code risk assessment and business risk assessment;
The risk evaluation result of comprehensive each risk assessment, obtains the wind of the mobile financial applications file to be assessed Dangerous assessment result.
2. the method as described in claim 1, it is characterised in that described according to default risk assessment, to described to be assessed Mobile financial applications file carry out risk assessment the step of include:
Carry out anti-decompiling capability evaluation respectively to the mobile financial applications file to be assessed, prevent that beating again bag ability comments Estimate, assess and/or assessed using reinforcing using obscuring, obtain reverse risk evaluation result;
Carry out daily record risk assessment respectively to the mobile financial applications file to be assessed, it is hard coded risk assessment, weak Encrypt risk assessment, database risk assessment, external storage risk assessment and/or apply catalogue risk assessment, obtain code wind Dangerous assessment result;
The mobile financial applications file to be assessed is logged in, is inquired about, transferred accounts and paid respectively the assessment of link, Obtain business risk assessment result.
3. method as claimed in claim 2, it is characterised in that described to distinguish mobile financial applications file to be assessed Progress daily record risk assessment, hard coded risk assessment, weak encryption risk assessment, database risk assessment, external storage risk are commented Estimate and/or using catalogue risk assessment, the step of obtaining code risk evaluation result includes:
Decompiling is carried out to the mobile financial applications file to be assessed, decompiling code is obtained;
Daily record risk in the decompiling code, hard coded risk, weak encryption risk, database risk, outside are scanned respectively Store risk and/or apply catalogue risk;
Code risk evaluation result is obtained according to scanning result.
4. method as claimed in claim 2, it is characterised in that described to the mobile financial applications file to be assessed The assessment of link is logged in, is inquired about, transferred accounts and paid respectively, and the step of obtaining business risk assessment result includes:
The mobile financial applications file to be assessed is run in simulator;
Monitor the mobile financial applications file to be assessed and log in, inquire about, transfer accounts and paying the running status of link;
Business risk assessment result is obtained according to the running status.
5. the method as described in any one of Claims 1-4, it is characterised in that the risk of the synthesis each risk assessment After assessment result, the step of obtaining the risk evaluation result of the mobile financial applications file to be assessed, in addition to:
Corresponding indicating risk information is exported according to the risk evaluation result of the mobile financial applications file to be assessed With reparation advisory information.
6. the risk assessment device of a kind of financial application, it is characterised in that applied to mobile terminal, described device includes:
Acquisition module, the mobile financial applications file to be assessed for obtaining;
Evaluation module, for according to default risk assessment, being carried out to the mobile financial applications file to be assessed Risk assessment, the risk assessment include one during reverse risk assessment, code risk assessment and business risk are assessed or It is multiple;
Integration module, the risk evaluation result for integrating each risk assessment, obtaining the mobile finance to be assessed should With the risk evaluation result of program file.
7. device as claimed in claim 6, it is characterised in that the evaluation module includes:
First assessment unit, is commented for carrying out anti-decompiling ability respectively to the mobile financial applications file to be assessed Estimate, prevent beating again bag capability evaluation, assess and/or assessed using reinforcing using obscuring, obtain reverse risk evaluation result;
Second assessment unit, for the mobile financial applications file to be assessed is carried out respectively daily record risk assessment, Hard coded risk assessment, weak encryption risk assessment, database risk assessment, external storage risk assessment and/or application catalogue wind Danger is assessed, and obtains code risk evaluation result;
3rd assessment unit, for being logged in, being inquired about respectively to the mobile financial applications file to be assessed, transferred accounts Assessment with link is paid, obtains business risk assessment result.
8. device as claimed in claim 7, it is characterised in that second assessment unit is additionally operable to:
Decompiling is carried out to the mobile financial applications file to be assessed, decompiling code is obtained;
Daily record risk in the decompiling code, hard coded risk, weak encryption risk, database risk, outside are scanned respectively Store risk and/or apply catalogue risk;
Code risk evaluation result is obtained according to scanning result.
9. device as claimed in claim 7, it is characterised in that the 3rd assessment unit is additionally operable to:
The mobile financial applications file to be assessed is run in simulator;
Monitor the mobile financial applications file to be assessed and log in, inquire about, transfer accounts and paying the running status of link;
Business risk assessment result is obtained according to the running status.
10. the device as described in any one of claim 6 to 9, it is characterised in that described device also includes:
Output module, for exporting corresponding according to the risk evaluation result of the mobile financial applications file to be assessed Indicating risk information and reparation advisory information.
CN201611106063.0A 2016-12-05 2016-12-05 The methods of risk assessment and device of financial application Pending CN107122666A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611106063.0A CN107122666A (en) 2016-12-05 2016-12-05 The methods of risk assessment and device of financial application

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611106063.0A CN107122666A (en) 2016-12-05 2016-12-05 The methods of risk assessment and device of financial application

Publications (1)

Publication Number Publication Date
CN107122666A true CN107122666A (en) 2017-09-01

Family

ID=59717118

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611106063.0A Pending CN107122666A (en) 2016-12-05 2016-12-05 The methods of risk assessment and device of financial application

Country Status (1)

Country Link
CN (1) CN107122666A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108595953A (en) * 2018-04-04 2018-09-28 厦门雷德蒙软件开发有限公司 Method for carrying out risk assessment on mobile phone application
CN109190876A (en) * 2018-07-16 2019-01-11 阿里巴巴集团控股有限公司 A kind of safety access method and device of service product
CN109977000A (en) * 2017-12-28 2019-07-05 中国移动通信集团内蒙古有限公司 A kind of mobile application evaluating method and system
CN110110521A (en) * 2019-03-28 2019-08-09 江苏通付盾信息安全技术有限公司 It is a kind of based on iOS application safety detection method, apparatus and system
CN110135164A (en) * 2019-03-28 2019-08-16 江苏通付盾信息安全技术有限公司 It is a kind of based on iOS application safety detection method, apparatus and system
WO2019200754A1 (en) * 2018-04-19 2019-10-24 平安科技(深圳)有限公司 Data transmission risk evaluation method and apparatus, computer device, and storage medium
CN112016057A (en) * 2020-08-13 2020-12-01 支付宝(杭州)信息技术有限公司 Privacy protection method and device, evaluation method and device of code file and electronic equipment
CN112598489A (en) * 2020-12-14 2021-04-02 深圳市快付通金融网络科技服务有限公司 Risk monitoring method and system based on financial application
CN113254837A (en) * 2021-06-17 2021-08-13 北京智胜新格科技有限公司 Application program evaluation method, device, system, equipment and medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102955914A (en) * 2011-08-19 2013-03-06 百度在线网络技术(北京)有限公司 Method and device for detecting security flaws of source files
CN103532927A (en) * 2013-07-30 2014-01-22 北京中科金财科技股份有限公司 Financial cloud safety service platform based on mobile terminal and data protection method
CN104484607A (en) * 2014-12-16 2015-04-01 上海交通大学 Universal method and universal system for performing safety testing on Android application programs
US20150242632A1 (en) * 2009-11-17 2015-08-27 William Michael Lay Computer-based risk signature generation and comparison system
CN105989291A (en) * 2015-02-06 2016-10-05 卓望数码技术(深圳)有限公司 Security risk assessment method and system for mobile application

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150242632A1 (en) * 2009-11-17 2015-08-27 William Michael Lay Computer-based risk signature generation and comparison system
CN102955914A (en) * 2011-08-19 2013-03-06 百度在线网络技术(北京)有限公司 Method and device for detecting security flaws of source files
CN103532927A (en) * 2013-07-30 2014-01-22 北京中科金财科技股份有限公司 Financial cloud safety service platform based on mobile terminal and data protection method
CN104484607A (en) * 2014-12-16 2015-04-01 上海交通大学 Universal method and universal system for performing safety testing on Android application programs
CN105989291A (en) * 2015-02-06 2016-10-05 卓望数码技术(深圳)有限公司 Security risk assessment method and system for mobile application

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
朱洪军 等: "一种Android 应用加固方案", 《计算机应用与软》 *

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109977000A (en) * 2017-12-28 2019-07-05 中国移动通信集团内蒙古有限公司 A kind of mobile application evaluating method and system
CN109977000B (en) * 2017-12-28 2022-07-29 中国移动通信集团内蒙古有限公司 Mobile application evaluation method and system
CN108595953A (en) * 2018-04-04 2018-09-28 厦门雷德蒙软件开发有限公司 Method for carrying out risk assessment on mobile phone application
WO2019200754A1 (en) * 2018-04-19 2019-10-24 平安科技(深圳)有限公司 Data transmission risk evaluation method and apparatus, computer device, and storage medium
CN109190876A (en) * 2018-07-16 2019-01-11 阿里巴巴集团控股有限公司 A kind of safety access method and device of service product
CN109190876B (en) * 2018-07-16 2022-02-01 创新先进技术有限公司 Safe access method and device for service product
WO2020192179A1 (en) * 2019-03-28 2020-10-01 江苏通付盾信息安全技术有限公司 Security detection method, device and system based on ios application
CN110135164A (en) * 2019-03-28 2019-08-16 江苏通付盾信息安全技术有限公司 It is a kind of based on iOS application safety detection method, apparatus and system
CN110110521A (en) * 2019-03-28 2019-08-09 江苏通付盾信息安全技术有限公司 It is a kind of based on iOS application safety detection method, apparatus and system
CN112016057A (en) * 2020-08-13 2020-12-01 支付宝(杭州)信息技术有限公司 Privacy protection method and device, evaluation method and device of code file and electronic equipment
CN112598489A (en) * 2020-12-14 2021-04-02 深圳市快付通金融网络科技服务有限公司 Risk monitoring method and system based on financial application
CN112598489B (en) * 2020-12-14 2023-12-26 深圳市快付通金融网络科技服务有限公司 Risk monitoring method and system based on financial application
CN113254837A (en) * 2021-06-17 2021-08-13 北京智胜新格科技有限公司 Application program evaluation method, device, system, equipment and medium

Similar Documents

Publication Publication Date Title
CN107122666A (en) The methods of risk assessment and device of financial application
Sadeghi et al. Analysis of android inter-app security vulnerabilities using covert
US20170041341A1 (en) Polymorphic Treatment of Data Entered At Clients
Chanajitt et al. Forensic analysis and security assessment of Android m-banking apps
US20110004498A1 (en) Method and System for Identification By A Cardholder of Credit Card Fraud
US11288376B2 (en) Identifying hard-coded secret vulnerability inside application source code
Alzahrani et al. Randroid: Structural similarity approach for detecting ransomware applications in android platform
Basar et al. Resource usage analysis of a mobile banking application using sensor-and-touchscreen-based continuous authentication
Okubo et al. Effective security impact analysis with patterns for software enhancement
Pfeffer et al. On the usability of authenticity checks for hardware security tokens
Supakkul et al. Visualizing non-functional requirements patterns
Alnaeli et al. Source code vulnerabilities in IoT software systems
Alghamdi Effective penetration testing report writing
Hassan et al. A penetration testing on Malaysia popular e-wallets and m-banking apps
Castell-Uroz et al. Network measurements for web tracking analysis and detection: A tutorial
Broders et al. A generic multimodels-based approach for the analysis of usability and security of authentication mechanisms
CN116450533A (en) Security detection method and device for application program, electronic equipment and medium
US20220366048A1 (en) Ai-powered advanced malware detection system
Park et al. Forensic investigation framework for cryptocurrency wallet in the end device
Shih et al. Verification of cryptocurrency mining using ethereum
Vimpari An evaluation of free fuzzing tools
US8683452B1 (en) Dynamically obfuscated javascript
Chaurasia Dynamic analysis of Android malware using DroidBox
Ghorbanzadeh et al. Detecting application logic vulnerabilities via finding incompatibility between application design and implementation
CN111488580A (en) Potential safety hazard detection method and device, electronic equipment and computer readable medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170901