CN107122666A - The methods of risk assessment and device of financial application - Google Patents
The methods of risk assessment and device of financial application Download PDFInfo
- Publication number
- CN107122666A CN107122666A CN201611106063.0A CN201611106063A CN107122666A CN 107122666 A CN107122666 A CN 107122666A CN 201611106063 A CN201611106063 A CN 201611106063A CN 107122666 A CN107122666 A CN 107122666A
- Authority
- CN
- China
- Prior art keywords
- risk
- assessed
- risk assessment
- assessment
- mobile financial
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses a kind of methods of risk assessment of financial application, this method includes:Obtain mobile financial applications file to be assessed;According to default risk assessment, risk assessment is carried out to the mobile financial applications file to be assessed, the risk assessment includes one or more of reverse risk assessment, code risk assessment and business risk assessment;The risk evaluation result of comprehensive each risk assessment, obtains the risk evaluation result of the mobile financial applications file to be assessed.The invention also discloses a kind of risk assessment device of financial application.The present invention can be realized to integrate mobile financial application and comprehensively assessed, so as to provide effective reference for mobile financial application reply leaking data risk.
Description
Technical field
The present invention relates to the methods of risk assessment and device in mobile financial technology field, more particularly to financial application.
Background technology
With the fast development of mobile Internet and smart mobile phone, Ge Jia business banks are proposed including Mobile banking one after another
The abundant all kinds of mobile financial applications of form inside, towards different crowd, different scenes, there is provided flexibly easily mobile financial
Service.While mobile finance is fast-developing, the safety problem for being related to system and information also seems more and more important.
In the prior art, Mobile solution methods of risk assessment lays particular emphasis on safety defect or leakage present in detection Mobile solution
Hole, these technologies are estimated or tested to mobile applications usually using either statically or dynamically analysis method.In general, pin
It is to the main process of the Static Analysis Method of Mobile solution:1) decompiling mobile applications, obtain decompiling code;2) divide
Analyse application configuration file, the safety problem such as securing component, authority;3) decompiling code is analyzed, the safety defect in code is obtained
Or leak;4) safety problem is collected, staticaanalysis results are provided;And for the dynamic analysing method main process of Mobile solution
For:1) the Dynamic Execution Mobile solution in prototype or analog machine;2) related tool or technical limit spacing dynamic data are used, analysis should
The safety defect present in or leak;3) safety problem is collected, dynamic analysis result is provided.
Above method is the universal method of mobile application security risk assessment, but for the assessment of mobile financial application
For, it can more pay attention to the risk in terms of sensitive data, therefore assess the sensitive data leakage wind of a mobile financial application
When dangerous, there is problems with prior art:
1) for reverse attack, do not consider to move financial application by the leaking data risk under decompiling situation;
2) for code security, hard coded, the database risk of financial correlation are not considered;
3) for service security, do not consider to move the key scenes evaluation requirements such as financial application login, payment.
The content of the invention
It is a primary object of the present invention to propose the methods of risk assessment and device of a kind of financial application, it is intended to realize to moving
Dynamic financial application, which is integrated, comprehensively to be assessed, so as to provide effective ginseng for mobile financial application reply leaking data risk
Examine.
To achieve the above object, the present invention provides a kind of methods of risk assessment of financial application, applied to mobile terminal, institute
The method of stating comprises the following steps:
Obtain mobile financial applications file to be assessed;
According to default risk assessment, risk assessment is carried out to the mobile financial applications file to be assessed,
The risk assessment includes one or more of reverse risk assessment, code risk assessment and business risk assessment;
The risk evaluation result of comprehensive each risk assessment, obtains the mobile financial applications file to be assessed
Risk evaluation result.
Alternatively, it is described according to default risk assessment, to the mobile financial applications text to be assessed
The step of part carries out risk assessment includes:
Carry out anti-decompiling capability evaluation respectively to the mobile financial applications file to be assessed, prevent beating again bag energy
Force estimation, using obscure assess and/or application reinforce assess, obtain reverse risk evaluation result;
Daily record risk assessment, hard coded risk are carried out respectively to the mobile financial applications file to be assessed to comment
Estimate, it is weak encryption risk assessment, database risk assessment, external storage risk assessment and/or apply catalogue risk assessment, obtain generation
Code risk evaluation result;
Link is logged in, is inquired about, transferred accounts and paid respectively to the mobile financial applications file to be assessed
Assess, obtain business risk assessment result.
Alternatively, it is described that daily record risk assessment, hard coded are carried out respectively to mobile financial applications file to be assessed
Risk assessment, weak encryption risk assessment, database risk assessment, external storage risk assessment and/or application catalogue risk assessment,
The step of obtaining code risk evaluation result includes:
Decompiling is carried out to the mobile financial applications file to be assessed, decompiling code is obtained;
Scan respectively daily record risk in the decompiling code, hard coded risk, weak encryption risk, database risk,
External storage risk and/or application catalogue risk;
Code risk evaluation result is obtained according to scanning result.
Alternatively, it is described the mobile financial applications file to be assessed is logged in respectively, inquired about, is transferred accounts and
The assessment of link is paid, the step of obtaining business risk assessment result includes:
The mobile financial applications file to be assessed is run in simulator;
Monitor the mobile financial applications file to be assessed and log in, inquire about, transfer accounts and paying the operation of link
State;
Business risk assessment result is obtained according to the running status.
Alternatively, the risk evaluation result of each risk assessment of the synthesis, obtains the mobile finance to be assessed
After the step of risk evaluation result of application file, in addition to:
Corresponding indicating risk is exported according to the risk evaluation result of the mobile financial applications file to be assessed
Information and reparation advisory information.
In addition, to achieve the above object, the present invention also provides a kind of risk assessment device of mobile financial application, is applied to
Mobile terminal, described device includes:
Acquisition module, the mobile financial applications file to be assessed for obtaining;
Evaluation module, for according to default risk assessment, to the mobile financial applications file to be assessed
Risk assessment is carried out, the risk assessment includes one during reverse risk assessment, code risk assessment and business risk are assessed
It is individual or multiple;
Integration module, the risk evaluation result for integrating each risk assessment, obtains the mobile gold to be assessed
Melt the risk evaluation result of application file.
Alternatively, the evaluation module includes:
First assessment unit, for carrying out anti-decompiling energy respectively to the mobile financial applications file to be assessed
Force estimation, it is anti-beat again bag capability evaluation, assess and/or application is reinforced and assessed using obscuring, obtain reverse risk evaluation result;
Second assessment unit, is commented for carrying out daily record risk respectively to the mobile financial applications file to be assessed
Estimate, hard coded risk assessment, weak encryption risk assessment, database risk assessment, external storage risk assessment and/or apply catalogue
Risk assessment, obtains code risk evaluation result;
3rd assessment unit, for being logged in, being inquired about respectively to the mobile financial applications file to be assessed,
The assessment of link is transferred accounts and paid, business risk assessment result is obtained.
Alternatively, second assessment unit is additionally operable to:
Decompiling is carried out to the mobile financial applications file to be assessed, decompiling code is obtained;
Scan respectively daily record risk in the decompiling code, hard coded risk, weak encryption risk, database risk,
External storage risk and/or application catalogue risk;
Code risk evaluation result is obtained according to scanning result.
Alternatively, the 3rd assessment unit is additionally operable to:
The mobile financial applications file to be assessed is run in simulator;
Monitor the mobile financial applications file to be assessed and log in, inquire about, transfer accounts and paying the operation of link
State;
Business risk assessment result is obtained according to the running status.
Alternatively, described device also includes:
Output module, for exporting phase according to the risk evaluation result of the mobile financial applications file to be assessed
The indicating risk information and reparation advisory information answered.
The present invention obtains mobile financial applications file to be assessed;According to default risk assessment, treated to described
The mobile financial applications file assessed carries out risk assessment, and the risk assessment includes reverse risk assessment, code wind
One or more of danger is assessed and business risk is assessed;The risk evaluation result of comprehensive each risk assessment, obtains described
The risk evaluation result of mobile financial applications file to be assessed.By the above-mentioned means, the present invention considers mobile finance
, being capable of comprehensive assessment movement financial application by the way that various risks are included into risk assessment using various risks that may be present
The leaking data risk faced, is comprehensively assessed so as to realize to integrate mobile financial application, for mobile finance
Effective reference is provided using reply leaking data risk.
Brief description of the drawings
Fig. 1 is the schematic flow sheet of the methods of risk assessment first embodiment of financial application of the present invention;
Fig. 2 carries out reverse risk assessment, code risk to mobile financial applications file to be assessed for the present invention and commented
Estimate the overall workflow schematic diagram assessed with business risk;
Fig. 3 is the schematic flow sheet of the methods of risk assessment second embodiment of financial application of the present invention;
Fig. 4 is the schematic flow sheet of the reverse embodiment of risk assessment one of the present invention;
Fig. 5 is the schematic flow sheet of the embodiment of code risk assessment one of the present invention;
Fig. 6 is the schematic flow sheet that business risk of the present invention assesses an embodiment;
Fig. 7 is the schematic flow sheet of the methods of risk assessment 3rd embodiment of financial application of the present invention;
Fig. 8 is the high-level schematic functional block diagram of the risk assessment device first embodiment of financial application of the present invention;
Fig. 9 is the refinement high-level schematic functional block diagram of evaluation module 200 in Fig. 8;
Figure 10 is the high-level schematic functional block diagram of the risk assessment device second embodiment of financial application of the present invention.
The realization, functional characteristics and advantage of the object of the invention will be described further referring to the drawings in conjunction with the embodiments.
Embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
The present invention provides a kind of methods of risk assessment of financial application.
Reference picture 1, Fig. 1 is the schematic flow sheet of the methods of risk assessment first embodiment of financial application of the present invention.It is described
Method comprises the following steps:
Step S100, obtains mobile financial applications file to be assessed.
Mobile financial application in the present embodiment refers to be arranged on mobile terminal that (such as smart mobile phone, tablet personal computer can be with
Access internet equipment) on all kinds of financial applications, such as Mobile banking APP, pay APP, financing APP.Relative to other
The security risk assessment of application, mobile financial application can more pay attention to the risk in terms of sensitive data, such as user bank card number,
Identification card number and password etc..Sensitive data disclosure risk for the mobile financial application of reduction to mobile financial application, it is necessary to enter
Row synthesis is comprehensively assessed.
In the present embodiment, mobile financial application to be assessed can be carried out by dependent evaluation software or appraisal procedure
Assess.Specifically, user, which opens, assesses software, and chooses the mobile finance for needing to be estimated in system by the assessment software
Application file, as mobile financial applications file to be assessed.
Step S200, according to default risk assessment, is carried out to the mobile financial applications file to be assessed
Risk assessment, the risk assessment include one during reverse risk assessment, code risk assessment and business risk are assessed or
It is multiple.
After mobile financial applications file to be assessed is got, software is assessed according still further to default risk assessment
, risk assessment is carried out to mobile financial applications file to be assessed, the present embodiment is inverse with default risk assessment
Assess and illustrate to risk assessment, code risk assessment and business risk.
Wherein, reverse risk assessment can from anti-decompiling, anti-reversing, obscure with reinforcement ability four directions face application carry out
Assess.Anti- decompiling and anti-inclusion of beating again now apply reverse and crack tool the ability of reply automation, possess these abilities
The sensitive data leakage caused using that can prevent from applying by malicious modification.Obscure and reinforce and then embody peace of the application to code
Full protection ability, the application through obscuring and reinforcing being capable of covered code logic, class and method implication, character string implication, function reality
Now wait sensitive data.
Code risk assessment is then analyzed for decompiling code, can from daily record, hard coded, weak encryption, database,
Risk assessment is carried out in terms of external storage and application catalogue, except considering the sensitive data in universal method in evaluation process
Outside, also sensitive data that account is related to transaction as assessment a part, to be adapted to mobile financial application.
Business risk assesses the actual assessment demand according to mobile financial application, can will log in, inquire about, transfers accounts, paying
Business risk etc. key link includes assessment, analyzes each key link leaking data risk that may be present.
Step S300, the risk evaluation result of comprehensive each risk assessment, obtaining the mobile finance to be assessed should
With the risk evaluation result of program file.
Reference picture 2, Fig. 2 carries out reverse risk assessment, generation for the present invention to mobile financial applications file to be assessed
The overall workflow schematic diagram that code risk assessment and business risk are assessed.Software is assessed to mobile financial application journey to be assessed
Preface part is carried out after reverse risk assessment, code risk assessment and business risk assessment respectively, by the assessment of these three assessments
As a result integrated and collected, that is, obtain the assessment result of mobile financial applications file to be assessed.
It should be noted that the methods of risk assessment of financial application of the present invention is mainly for mobile financial application, but not
It is limited to move financial application, such as the methods of risk assessment of financial application of the present invention can equally be well applied to be arranged on desktop computer
Financial application.In addition, in addition to reverse risk assessment, code risk assessment and business risk assess equivalent risk estimation items, this hair
Bright default risk assessment can also include other kinds of risk assessment, such as network attack risk, fishing deception wind
Danger etc., those skilled in the art flexibly can select and set according to actual needs risk assessment.
In the present embodiment, assess software and obtain mobile financial applications file to be assessed;According to default risk
Estimation items, risk assessment is carried out to the mobile financial applications file to be assessed, and the risk assessment includes reverse
One or more of risk assessment, code risk assessment and business risk assessment;The risk of comprehensive each risk assessment is commented
Estimate result, obtain the risk evaluation result of the mobile financial applications file to be assessed.By the above-mentioned means, this implementation
Example considers mobile financial application various risks that may be present, by the way that various risks are included into risk assessment, can integrate
The leaking data risk that mobile financial application is faced is assessed, mobile financial application is integrated comprehensively so as to realize
Assess, effective reference is provided for mobile financial application reply leaking data risk.
Further, reference picture 3, Fig. 3 shows for the flow of the methods of risk assessment second embodiment of financial application of the present invention
It is intended to.Based on the embodiment shown in above-mentioned Fig. 1, the step S20 can include:
Step S210, the mobile financial applications file to be assessed is carried out respectively anti-decompiling capability evaluation,
It is anti-to beat again bag capability evaluation, assess and/or assessed using reinforcing using obscuring, obtain reverse risk evaluation result;
Reference picture 4, Fig. 4 is the schematic flow sheet of the reverse embodiment of risk assessment one of the present invention.The assessment of reverse risk
Journey can be:
1) mobile financial applications file is inputted, file is the installation kit of application.
2) decompiling is carried out to application using decompiling instrument, if it is possible to which the whole decompiling codes of generation, then application is anti-
Decompiling ability is weak, if it is possible to generating portion decompiling code, then medium using anti-decompiling ability, if not generating anti-volume
Translate code, then it is strong using anti-decompiling ability.Anti- decompiling ability is stronger, and decompiling risk is lower, on the contrary then decompiling risk
It is higher.
It should be noted that decompiling is computer software reverse engineering, it is that high-level language source program becomes by compiling
The inverse process of executable file, decompiling is a complicated process, and it is typically realized by decompiling software, such as C++ phases
Decompiler exeScope, C# of pass:Related decompiler Reflector etc..
3) operation using bag of being unpacked, beaten again, if can finally generate application, is deposited using weight strapping tool
Beating again bag risk;
4) assess whether application enters line code and resource is obscured, assessment mode can be:Analyze decompiling code and configuration
File, whether detection class name, method name are random character, financial related urls (Uniform Resoure Locator, unified money
Source finger URL), whether server address port, store path, bag name, crucial class name, key method name, the character string such as mailbox enter
Go and hidden, whether the detection resource file related with the link such as logging in, inquiring about, transfer accounts, pay is random string etc.;
5) assess whether application reinforces, assessment mode can be:Component and the group actually contained in code in comparative arrangement
Whether part is consistent, when having component to exist in configuration file and to be not present in code, is then judged as reinforcement application, meanwhile,
It can also analyze after mobile financial application reinforcing, whether crucial logical transaction is protected etc..
Thus, reverse risk evaluation result is obtained.
It should be noted that above-mentioned steps only represent a kind of embodiment for assessing reverse risk, it is actual can be with when implementing
Need not in strict accordance with above-mentioned steps execution sequence, only need to assess software and realize all or part of evaluation function of above-mentioned steps i.e.
Can.
Step S220, daily record risk assessment, hard volume are carried out to the mobile financial applications file to be assessed respectively
Code risk assessment, weak encryption risk assessment, database risk assessment, external storage risk assessment and/or application catalogue risk are commented
Estimate, obtain code risk evaluation result;
Specifically, the step S220 can include:
Step S221, carries out decompiling to the mobile financial applications file to be assessed, obtains decompiling code;
Step S222, scans daily record risk in the decompiling code, hard coded risk, weak encryption risk, number respectively
According to storehouse risk, external storage risk and/or using catalogue risk;
Step S223, code risk evaluation result is obtained according to scanning result.
Reference picture 5, Fig. 5 is the schematic flow sheet of the embodiment of code risk assessment one of the present invention.The assessment of code risk
Journey can be:
1) mobile financial application decompiling code is inputted, code is generated by decompiling instrument;
2) daily record static risk, the sensitive data in the daily record output of code analysis, the sensitive data of financial application are scanned
Including user name, password, accounts information, amount information, customer information, payment information, privacy of user data, facility information and heap
Stack information etc.;
3) scan hard coded risk, sensitive character string present in code analysis, including encryption key, user name, password,
Mailbox, and financial related urls, server address port, store path, bag name, crucial class name, key method name etc.;
4) AES used in weak encryption risk, code analysis, the weak encryption forbidden using financial application are scanned
Algorithm will be identified that weak encryption risk;
5) data base call in scan database risk, code analysis, while detecting the data of storage whether containing sensitivity
Data;
6) use of external storage in external storage risk, code analysis is scanned, while detecting whether the data of storage contain
There is sensitive data;
7) use that catalogue is applied in catalogue risk, code analysis is applied in scanning, while detecting the data stored in catalogue
Whether sensitive data is contained;
Thus, code risk evaluation result is obtained.
Explanation is needed also exist for, above-mentioned steps only represent a kind of embodiment for assessing code risk, during actual implementation
May not necessarily in strict accordance with above-mentioned steps execution sequence, need to only assess software and realize that all or part of of above-mentioned steps assesses work(
Energy.
Step S230, is logged in, is inquired about, transferred accounts and is propped up to the mobile financial applications file to be assessed respectively
The assessment of link is paid, business risk assessment result is obtained.
Specifically, the step S230 can include:
Step S231, runs the mobile financial applications file to be assessed in simulator;
Step S232, monitors the mobile financial applications file to be assessed and is logging in, inquires about, transfers accounts and paying ring
The running status of section;
Step S233, business risk assessment result is obtained according to the running status.
Reference picture 6, Fig. 6 is the schematic flow sheet that business risk of the present invention assesses an embodiment.The assessment of business risk
Journey can be:
1) mobile financial application is installed, it is ensured that simulator can network under simulator environment, operation application;
2) daily record risk is assessed, logging in, the key business link usage log gripping tool such as to inquire about, transfer accounts, paying dynamic
State obtains log information, and whether analysis wherein contains consistent in sensitive data, sensitive data scope and code risk assessment;
3) data transfer risk is assessed, logging in, the key business link crawl Http data such as inquires about, transfer accounts, paying, dividing
Whether analysis wherein contains sensitive data, and simulator imports certificate and sets agency;Https data are captured simultaneously, in dynamic detection
Whether certificate trusted situations, analysis wherein contains sensitive data;
4) screenshotss risk is assessed, logging in, the key business interface such as inquires about, transfer accounts, paying and carry out screenshotss test, if section
Shield successfully, then there is screenshotss risk, wherein the key page face for moving financial application includes login, accounts information, transfers accounts and pay
Etc. the page of process;
5) miscellaneous function risk is assessed, the pass log in, inquire about, transferring accounts, the key page such as pay is obtained using miscellaneous function
Keying part is inputted, the correlation function that wherein miscellaneous function provides for system for physical disabilities, can obtain common defeated by the function
Enter, key input includes the information such as user name, customer information, account and the amount of money.
Thus, business risk assessment result is obtained.
Explanation is needed also exist for, above-mentioned steps only represent a kind of embodiment for assessing business risk, during actual implementation
May not necessarily in strict accordance with above-mentioned steps execution sequence, need to only assess software and realize that all or part of of above-mentioned steps assesses work(
Energy.
In addition, carrying out reverse risk assessment, code wind to mobile financial applications file to be assessed in the present embodiment
Danger is assessed, business risk is assessed, and the assessment of three types can concurrently be carried out, can also carried out according to default sequencing,
Can flexibly it be set in specific implementation.
In the present embodiment, software is assessed by preventing respectively the mobile financial applications file to be assessed
Decompiling capability evaluation, it is anti-beat again bag capability evaluation, assess and application is reinforced and assessed using obscuring, obtain reverse risk assessment knot
Really;The mobile financial applications file to be assessed is carried out respectively daily record risk assessment, hard coded risk assessment, it is weak plus
Close risk assessment, database risk assessment, external storage risk assessment and application catalogue risk assessment, obtain code risk assessment
As a result;Commenting for link is logged in, is inquired about, transferred accounts and paid respectively to the mobile financial applications file to be assessed
Estimate, obtain business risk assessment result.By the above-mentioned means, the assessment knot of each estimation items can comprehensively be obtained by assessing software
Really, it is that developer carries so as to comprehensively assess mobile financial application leaking data risk that may be present from all angles
For effective reference.
Further, reference picture 7, Fig. 7 shows for the flow of the methods of risk assessment 3rd embodiment of financial application of the present invention
It is intended to.Based on the above embodiments, after the step S300, it can include:
Step S400, exports corresponding according to the risk evaluation result of the mobile financial applications file to be assessed
Indicating risk information and reparation advisory information.
After the risk evaluation result of mobile financial applications file to be assessed is obtained, assessing software can export
Corresponding indicating risk information and repair advisory information, such as the issuable consequence of risk category, risk class, risk and
Optional solution of these risks etc. is tackled, so as to provide effective reference for developer.
The present invention also provides a kind of risk assessment device of financial application.
Reference picture 8, Fig. 8 is the high-level schematic functional block diagram of the risk assessment device first embodiment of financial application of the present invention.
Described device includes:
Acquisition module 100, the mobile financial applications file to be assessed for obtaining.
Mobile financial application in the present embodiment refers to be arranged on mobile terminal that (such as smart mobile phone, tablet personal computer can be with
Access internet equipment) on all kinds of financial applications, such as Mobile banking APP, pay APP, financing APP.Relative to other
The security risk assessment of application, mobile financial application can more pay attention to the risk in terms of sensitive data, such as user bank card number,
Identification card number and password etc..Sensitive data disclosure risk for the mobile financial application of reduction to mobile financial application, it is necessary to enter
Row synthesis is comprehensively assessed.
In the present embodiment, mobile financial application to be assessed can be carried out by dependent evaluation software or appraisal procedure
Assess.Specifically, user, which opens, assesses software, and chooses the mobile finance for needing to be estimated in system by the assessment software
Application file, as mobile financial applications file to be assessed, acquisition module 100 gets to be assessed
Mobile financial applications file.
Evaluation module 200, for according to default risk assessment, to the mobile financial applications text to be assessed
Part carries out risk assessment, and the risk assessment is included in reverse risk assessment, code risk assessment and business risk assessment
It is one or more.
Got in acquisition module 100 after mobile financial applications file to be assessed, evaluation module 200 is according still further to pre-
If risk assessment, risk assessment is carried out to mobile financial applications file to be assessed, the present embodiment is with default wind
Dangerous estimation items are that reverse risk assessment, code risk assessment and business risk assessment are illustrated.
Wherein, reverse risk assessment can from anti-decompiling, anti-reversing, obscure with reinforcement ability four directions face application carry out
Assess.Anti- decompiling and anti-inclusion of beating again now apply reverse and crack tool the ability of reply automation, possess these abilities
The sensitive data leakage caused using that can prevent from applying by malicious modification.Obscure and reinforce and then embody peace of the application to code
Full protection ability, the application through obscuring and reinforcing being capable of covered code logic, class and method implication, character string implication, function reality
Now wait sensitive data.
Code risk assessment is then analyzed for decompiling code, can from daily record, hard coded, weak encryption, database,
Risk assessment is carried out in terms of external storage and application catalogue, except considering the sensitive data in universal method in evaluation process
Outside, also sensitive data that account is related to transaction as assessment a part, to be adapted to mobile financial application.
Business risk assesses the actual assessment demand according to mobile financial application, can will log in, inquire about, transfers accounts, paying
Business risk etc. key link includes assessment, analyzes each key link leaking data risk that may be present.
Integration module 300, the risk evaluation result for integrating each risk assessment, obtains the movement to be assessed
The risk evaluation result of financial applications file.
Reference picture 2, Fig. 2 carries out reverse risk assessment, generation for the present invention to mobile financial applications file to be assessed
The overall workflow schematic diagram that code risk assessment and business risk are assessed.Evaluation module 200 should to mobile finance to be assessed
Carried out respectively with program file after reverse risk assessment, code risk assessment and business risk assess, integration module 300 by this
The assessment result of three kinds of assessments is integrated and collected, that is, obtains the assessment knot of mobile financial applications file to be assessed
Really.
It should be noted that the methods of risk assessment of financial application of the present invention is mainly for mobile financial application, but not
It is limited to move financial application, such as the methods of risk assessment of financial application of the present invention can equally be well applied to be arranged on desktop computer
Financial application.In addition, in addition to reverse risk assessment, code risk assessment and business risk assess equivalent risk estimation items, this hair
Bright default risk assessment can also include other kinds of risk assessment, such as network attack risk, fishing deception wind
Danger etc., those skilled in the art flexibly can select and set according to actual needs risk assessment.
In the present embodiment, acquisition module 100 obtains mobile financial applications file to be assessed;Evaluation module 200
According to default risk assessment, risk assessment, the risk are carried out to the mobile financial applications file to be assessed
Estimation items include one or more of reverse risk assessment, code risk assessment and business risk assessment;Integration module 300 is comprehensive
The risk evaluation result of each risk assessment is closed, the risk assessment of the mobile financial applications file to be assessed is obtained
As a result.By the above-mentioned means, the present embodiment considers mobile financial application various risks that may be present, by by various risks
Include risk assessment, can the leaking data risk that is faced of comprehensive assessment movement financial application, so as to realize to moving
Dynamic financial application, which is integrated, comprehensively to be assessed, and effective reference is provided for mobile financial application reply leaking data risk.
Further, reference picture 9, Fig. 9 is the refinement high-level schematic functional block diagram of evaluation module 200 in Fig. 8.Based on above-mentioned figure
Embodiment shown in 9, the evaluation module 200 can include:
First assessment unit 210, for carrying out counnter attack volume respectively to the mobile financial applications file to be assessed
Capability evaluation is translated, prevents beating again bag capability evaluation, assess and/or assessed using reinforcing using obscuring, reverse risk assessment knot is obtained
Really;
Reference picture 4, Fig. 4 is the schematic flow sheet of the reverse embodiment of risk assessment one of the present invention.The assessment of reverse risk
Journey can be:
1) mobile financial applications file is inputted, file is the installation kit of application.
2) decompiling is carried out to application using decompiling instrument, if it is possible to which the whole decompiling codes of generation, then application is anti-
Decompiling ability is weak, if it is possible to generating portion decompiling code, then medium using anti-decompiling ability, if not generating anti-volume
Translate code, then it is strong using anti-decompiling ability.Anti- decompiling ability is stronger, and decompiling risk is lower, on the contrary then decompiling risk
It is higher.
It should be noted that decompiling is computer software reverse engineering, it is that high-level language source program becomes by compiling
The inverse process of executable file, decompiling is a complicated process, and it is typically realized by decompiling software, such as C++ phases
Decompiler exeScope, C# of pass:Related decompiler Reflector etc..
3) operation using bag of being unpacked, beaten again, if can finally generate application, is deposited using weight strapping tool
Beating again bag risk;
4) assess whether application enters line code and resource is obscured, assessment mode can be:Analyze decompiling code and configuration
File, whether detection class name, method name are random character, financial related urls (Uniform Resoure Locator, unified money
Source finger URL), whether server address port, store path, bag name, crucial class name, key method name, the character string such as mailbox enter
Go and hidden, whether the detection resource file related with the link such as logging in, inquiring about, transfer accounts, pay is random string etc.;
5) assess whether application reinforces, assessment mode can be:Component and the group actually contained in code in comparative arrangement
Whether part is consistent, when having component to exist in configuration file and to be not present in code, is then judged as reinforcement application, meanwhile,
It can also analyze after mobile financial application reinforcing, whether crucial logical transaction is protected etc..
Thus, reverse risk evaluation result is obtained.
It should be noted that above-mentioned steps only represent a kind of embodiment for assessing reverse risk, it is actual can be with when implementing
Need not in strict accordance with above-mentioned steps execution sequence, only need to assess software and realize all or part of evaluation function of above-mentioned steps i.e.
Can.
Second assessment unit 220, for carrying out daily record wind respectively to the mobile financial applications file to be assessed
Danger assessment, hard coded risk assessment, weak encryption risk assessment, database risk assessment, external storage risk assessment and/or application
Catalogue risk assessment, obtains code risk evaluation result;
Further, second assessment unit 220 is additionally operable to:To the mobile financial applications file to be assessed
Decompiling is carried out, decompiling code is obtained;Scan respectively daily record risk in the decompiling code, hard coded risk, it is weak plus
Close risk, database risk, external storage risk and/or application catalogue risk;Code risk assessment is obtained according to scanning result
As a result.
Reference picture 5, Fig. 5 is the schematic flow sheet of the embodiment of code risk assessment one of the present invention.The assessment of code risk
Journey can be:
1) mobile financial application decompiling code is inputted, code is generated by decompiling instrument;
2) daily record static risk, the sensitive data in the daily record output of code analysis, the sensitive data of financial application are scanned
Including user name, password, accounts information, amount information, customer information, payment information, privacy of user data, facility information and heap
Stack information etc.;
3) scan hard coded risk, sensitive character string present in code analysis, including encryption key, user name, password,
Mailbox, and financial related urls, server address port, store path, bag name, crucial class name, key method name etc.;
4) AES used in weak encryption risk, code analysis, the weak encryption forbidden using financial application are scanned
Algorithm will be identified that weak encryption risk;
5) data base call in scan database risk, code analysis, while detecting the data of storage whether containing sensitivity
Data;
6) use of external storage in external storage risk, code analysis is scanned, while detecting whether the data of storage contain
There is sensitive data;
7) use that catalogue is applied in catalogue risk, code analysis is applied in scanning, while detecting the data stored in catalogue
Whether sensitive data is contained;
Thus, code risk evaluation result is obtained.
Explanation is needed also exist for, above-mentioned steps only represent a kind of embodiment for assessing code risk, during actual implementation
May not necessarily in strict accordance with above-mentioned steps execution sequence, need to only assess software and realize that all or part of of above-mentioned steps assesses work(
Energy.
3rd assessment unit 230, for being logged in, being looked into respectively to the mobile financial applications file to be assessed
The assessment of link is ask, transferred accounts and paid, business risk assessment result is obtained.
Further, the 3rd assessment unit 230 is additionally operable to:The mobile finance to be assessed is run in simulator
Application file;Monitor the mobile financial applications file to be assessed and log in, inquire about, transfer accounts and paying link
Running status;Business risk assessment result is obtained according to the running status.
Reference picture 6, Fig. 6 is the schematic flow sheet that business risk of the present invention assesses an embodiment.The assessment of business risk
Journey can be:
1) mobile financial application is installed, it is ensured that simulator can network under simulator environment, operation application;
2) daily record risk is assessed, logging in, the key business link usage log gripping tool such as to inquire about, transfer accounts, paying dynamic
State obtains log information, and whether analysis wherein contains consistent in sensitive data, sensitive data scope and code risk assessment;
3) data transfer risk is assessed, logging in, the key business link crawl Http data such as inquires about, transfer accounts, paying, dividing
Whether analysis wherein contains sensitive data, and simulator imports certificate and sets agency;Https data are captured simultaneously, in dynamic detection
Whether certificate trusted situations, analysis wherein contains sensitive data;
4) screenshotss risk is assessed, logging in, the key business interface such as inquires about, transfer accounts, paying and carry out screenshotss test, if section
Shield successfully, then there is screenshotss risk, wherein the key page face for moving financial application includes login, accounts information, transfers accounts and pay
Etc. the page of process;
5) miscellaneous function risk is assessed, the pass log in, inquire about, transferring accounts, the key page such as pay is obtained using miscellaneous function
Keying part is inputted, the correlation function that wherein miscellaneous function provides for system for physical disabilities, can obtain common defeated by the function
Enter, key input includes the information such as user name, customer information, account and the amount of money.
Thus, business risk assessment result is obtained.
Explanation is needed also exist for, above-mentioned steps only represent a kind of embodiment for assessing business risk, during actual implementation
May not necessarily in strict accordance with above-mentioned steps execution sequence, need to only assess software and realize that all or part of of above-mentioned steps assesses work(
Energy.
In addition, carrying out reverse risk assessment, code wind to mobile financial applications file to be assessed in the present embodiment
Danger is assessed, business risk is assessed, and the assessment of three types can concurrently be carried out, can also carried out according to default sequencing,
Can flexibly it be set in specific implementation.
In the present embodiment, the first assessment unit 210 passes through to the mobile financial applications file to be assessed point
Anti- decompiling capability evaluation is not carried out, prevents beating again bag capability evaluation, assess and assessed using reinforcing using obscuring, and obtains counter blow
Dangerous assessment result;Second 220 pairs of the assessment unit mobile financial applications file to be assessed carries out daily record risk respectively
Assessment, hard coded risk assessment, weak encryption risk assessment, database risk assessment, external storage risk assessment and apply catalogue
Risk assessment, obtains code risk evaluation result;3rd 230 pairs of the assessment unit mobile financial applications text to be assessed
Part is logged in, is inquired about, transferred accounts and paid the assessment of link respectively, obtains business risk assessment result.By the above-mentioned means, commenting
The assessment result of each estimation items can comprehensively be obtained by estimating software, so as to comprehensively assess mobile finance from all angles
Using leaking data risk that may be present, effective reference is provided for developer.
Further, reference picture 10, Figure 10 is the function of the risk assessment device second embodiment of financial application of the present invention
Module diagram.Based on the above embodiments, described device can also include:
Output module 400, it is defeated for the risk evaluation result according to the mobile financial applications file to be assessed
Go out corresponding indicating risk information and repair advisory information.
After the risk evaluation result that mobile financial applications file to be assessed is obtained in integration module 300, output
Module 400 can export corresponding indicating risk information and repair advisory information, such as risk category, risk class, risk can
Consequence and tackle optional solution of these risks etc. that energy is produced, so as to provide effective reference for developer.
The preferred embodiments of the present invention are these are only, are not intended to limit the scope of the invention, it is every to utilize this hair
Equivalent structure or equivalent flow conversion that bright specification and accompanying drawing content are made, or directly or indirectly it is used in other related skills
Art field, is included within the scope of the present invention.
Claims (10)
1. a kind of methods of risk assessment of financial application, it is characterised in that applied to mobile terminal, methods described includes following step
Suddenly:
Obtain mobile financial applications file to be assessed;
According to default risk assessment, risk assessment is carried out to the mobile financial applications file to be assessed, it is described
Risk assessment includes one or more of reverse risk assessment, code risk assessment and business risk assessment;
The risk evaluation result of comprehensive each risk assessment, obtains the wind of the mobile financial applications file to be assessed
Dangerous assessment result.
2. the method as described in claim 1, it is characterised in that described according to default risk assessment, to described to be assessed
Mobile financial applications file carry out risk assessment the step of include:
Carry out anti-decompiling capability evaluation respectively to the mobile financial applications file to be assessed, prevent that beating again bag ability comments
Estimate, assess and/or assessed using reinforcing using obscuring, obtain reverse risk evaluation result;
Carry out daily record risk assessment respectively to the mobile financial applications file to be assessed, it is hard coded risk assessment, weak
Encrypt risk assessment, database risk assessment, external storage risk assessment and/or apply catalogue risk assessment, obtain code wind
Dangerous assessment result;
The mobile financial applications file to be assessed is logged in, is inquired about, transferred accounts and paid respectively the assessment of link,
Obtain business risk assessment result.
3. method as claimed in claim 2, it is characterised in that described to distinguish mobile financial applications file to be assessed
Progress daily record risk assessment, hard coded risk assessment, weak encryption risk assessment, database risk assessment, external storage risk are commented
Estimate and/or using catalogue risk assessment, the step of obtaining code risk evaluation result includes:
Decompiling is carried out to the mobile financial applications file to be assessed, decompiling code is obtained;
Daily record risk in the decompiling code, hard coded risk, weak encryption risk, database risk, outside are scanned respectively
Store risk and/or apply catalogue risk;
Code risk evaluation result is obtained according to scanning result.
4. method as claimed in claim 2, it is characterised in that described to the mobile financial applications file to be assessed
The assessment of link is logged in, is inquired about, transferred accounts and paid respectively, and the step of obtaining business risk assessment result includes:
The mobile financial applications file to be assessed is run in simulator;
Monitor the mobile financial applications file to be assessed and log in, inquire about, transfer accounts and paying the running status of link;
Business risk assessment result is obtained according to the running status.
5. the method as described in any one of Claims 1-4, it is characterised in that the risk of the synthesis each risk assessment
After assessment result, the step of obtaining the risk evaluation result of the mobile financial applications file to be assessed, in addition to:
Corresponding indicating risk information is exported according to the risk evaluation result of the mobile financial applications file to be assessed
With reparation advisory information.
6. the risk assessment device of a kind of financial application, it is characterised in that applied to mobile terminal, described device includes:
Acquisition module, the mobile financial applications file to be assessed for obtaining;
Evaluation module, for according to default risk assessment, being carried out to the mobile financial applications file to be assessed
Risk assessment, the risk assessment include one during reverse risk assessment, code risk assessment and business risk are assessed or
It is multiple;
Integration module, the risk evaluation result for integrating each risk assessment, obtaining the mobile finance to be assessed should
With the risk evaluation result of program file.
7. device as claimed in claim 6, it is characterised in that the evaluation module includes:
First assessment unit, is commented for carrying out anti-decompiling ability respectively to the mobile financial applications file to be assessed
Estimate, prevent beating again bag capability evaluation, assess and/or assessed using reinforcing using obscuring, obtain reverse risk evaluation result;
Second assessment unit, for the mobile financial applications file to be assessed is carried out respectively daily record risk assessment,
Hard coded risk assessment, weak encryption risk assessment, database risk assessment, external storage risk assessment and/or application catalogue wind
Danger is assessed, and obtains code risk evaluation result;
3rd assessment unit, for being logged in, being inquired about respectively to the mobile financial applications file to be assessed, transferred accounts
Assessment with link is paid, obtains business risk assessment result.
8. device as claimed in claim 7, it is characterised in that second assessment unit is additionally operable to:
Decompiling is carried out to the mobile financial applications file to be assessed, decompiling code is obtained;
Daily record risk in the decompiling code, hard coded risk, weak encryption risk, database risk, outside are scanned respectively
Store risk and/or apply catalogue risk;
Code risk evaluation result is obtained according to scanning result.
9. device as claimed in claim 7, it is characterised in that the 3rd assessment unit is additionally operable to:
The mobile financial applications file to be assessed is run in simulator;
Monitor the mobile financial applications file to be assessed and log in, inquire about, transfer accounts and paying the running status of link;
Business risk assessment result is obtained according to the running status.
10. the device as described in any one of claim 6 to 9, it is characterised in that described device also includes:
Output module, for exporting corresponding according to the risk evaluation result of the mobile financial applications file to be assessed
Indicating risk information and reparation advisory information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611106063.0A CN107122666A (en) | 2016-12-05 | 2016-12-05 | The methods of risk assessment and device of financial application |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611106063.0A CN107122666A (en) | 2016-12-05 | 2016-12-05 | The methods of risk assessment and device of financial application |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107122666A true CN107122666A (en) | 2017-09-01 |
Family
ID=59717118
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611106063.0A Pending CN107122666A (en) | 2016-12-05 | 2016-12-05 | The methods of risk assessment and device of financial application |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107122666A (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108595953A (en) * | 2018-04-04 | 2018-09-28 | 厦门雷德蒙软件开发有限公司 | Method for carrying out risk assessment on mobile phone application |
CN109190876A (en) * | 2018-07-16 | 2019-01-11 | 阿里巴巴集团控股有限公司 | A kind of safety access method and device of service product |
CN109977000A (en) * | 2017-12-28 | 2019-07-05 | 中国移动通信集团内蒙古有限公司 | A kind of mobile application evaluating method and system |
CN110110521A (en) * | 2019-03-28 | 2019-08-09 | 江苏通付盾信息安全技术有限公司 | It is a kind of based on iOS application safety detection method, apparatus and system |
CN110135164A (en) * | 2019-03-28 | 2019-08-16 | 江苏通付盾信息安全技术有限公司 | It is a kind of based on iOS application safety detection method, apparatus and system |
WO2019200754A1 (en) * | 2018-04-19 | 2019-10-24 | 平安科技(深圳)有限公司 | Data transmission risk evaluation method and apparatus, computer device, and storage medium |
CN112016057A (en) * | 2020-08-13 | 2020-12-01 | 支付宝(杭州)信息技术有限公司 | Privacy protection method and device, evaluation method and device of code file and electronic equipment |
CN112598489A (en) * | 2020-12-14 | 2021-04-02 | 深圳市快付通金融网络科技服务有限公司 | Risk monitoring method and system based on financial application |
CN113254837A (en) * | 2021-06-17 | 2021-08-13 | 北京智胜新格科技有限公司 | Application program evaluation method, device, system, equipment and medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102955914A (en) * | 2011-08-19 | 2013-03-06 | 百度在线网络技术(北京)有限公司 | Method and device for detecting security flaws of source files |
CN103532927A (en) * | 2013-07-30 | 2014-01-22 | 北京中科金财科技股份有限公司 | Financial cloud safety service platform based on mobile terminal and data protection method |
CN104484607A (en) * | 2014-12-16 | 2015-04-01 | 上海交通大学 | Universal method and universal system for performing safety testing on Android application programs |
US20150242632A1 (en) * | 2009-11-17 | 2015-08-27 | William Michael Lay | Computer-based risk signature generation and comparison system |
CN105989291A (en) * | 2015-02-06 | 2016-10-05 | 卓望数码技术(深圳)有限公司 | Security risk assessment method and system for mobile application |
-
2016
- 2016-12-05 CN CN201611106063.0A patent/CN107122666A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150242632A1 (en) * | 2009-11-17 | 2015-08-27 | William Michael Lay | Computer-based risk signature generation and comparison system |
CN102955914A (en) * | 2011-08-19 | 2013-03-06 | 百度在线网络技术(北京)有限公司 | Method and device for detecting security flaws of source files |
CN103532927A (en) * | 2013-07-30 | 2014-01-22 | 北京中科金财科技股份有限公司 | Financial cloud safety service platform based on mobile terminal and data protection method |
CN104484607A (en) * | 2014-12-16 | 2015-04-01 | 上海交通大学 | Universal method and universal system for performing safety testing on Android application programs |
CN105989291A (en) * | 2015-02-06 | 2016-10-05 | 卓望数码技术(深圳)有限公司 | Security risk assessment method and system for mobile application |
Non-Patent Citations (1)
Title |
---|
朱洪军 等: "一种Android 应用加固方案", 《计算机应用与软》 * |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109977000A (en) * | 2017-12-28 | 2019-07-05 | 中国移动通信集团内蒙古有限公司 | A kind of mobile application evaluating method and system |
CN109977000B (en) * | 2017-12-28 | 2022-07-29 | 中国移动通信集团内蒙古有限公司 | Mobile application evaluation method and system |
CN108595953A (en) * | 2018-04-04 | 2018-09-28 | 厦门雷德蒙软件开发有限公司 | Method for carrying out risk assessment on mobile phone application |
WO2019200754A1 (en) * | 2018-04-19 | 2019-10-24 | 平安科技(深圳)有限公司 | Data transmission risk evaluation method and apparatus, computer device, and storage medium |
CN109190876A (en) * | 2018-07-16 | 2019-01-11 | 阿里巴巴集团控股有限公司 | A kind of safety access method and device of service product |
CN109190876B (en) * | 2018-07-16 | 2022-02-01 | 创新先进技术有限公司 | Safe access method and device for service product |
WO2020192179A1 (en) * | 2019-03-28 | 2020-10-01 | 江苏通付盾信息安全技术有限公司 | Security detection method, device and system based on ios application |
CN110135164A (en) * | 2019-03-28 | 2019-08-16 | 江苏通付盾信息安全技术有限公司 | It is a kind of based on iOS application safety detection method, apparatus and system |
CN110110521A (en) * | 2019-03-28 | 2019-08-09 | 江苏通付盾信息安全技术有限公司 | It is a kind of based on iOS application safety detection method, apparatus and system |
CN112016057A (en) * | 2020-08-13 | 2020-12-01 | 支付宝(杭州)信息技术有限公司 | Privacy protection method and device, evaluation method and device of code file and electronic equipment |
CN112598489A (en) * | 2020-12-14 | 2021-04-02 | 深圳市快付通金融网络科技服务有限公司 | Risk monitoring method and system based on financial application |
CN112598489B (en) * | 2020-12-14 | 2023-12-26 | 深圳市快付通金融网络科技服务有限公司 | Risk monitoring method and system based on financial application |
CN113254837A (en) * | 2021-06-17 | 2021-08-13 | 北京智胜新格科技有限公司 | Application program evaluation method, device, system, equipment and medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107122666A (en) | The methods of risk assessment and device of financial application | |
Sadeghi et al. | Analysis of android inter-app security vulnerabilities using covert | |
US20170041341A1 (en) | Polymorphic Treatment of Data Entered At Clients | |
Chanajitt et al. | Forensic analysis and security assessment of Android m-banking apps | |
US20110004498A1 (en) | Method and System for Identification By A Cardholder of Credit Card Fraud | |
US11288376B2 (en) | Identifying hard-coded secret vulnerability inside application source code | |
Alzahrani et al. | Randroid: Structural similarity approach for detecting ransomware applications in android platform | |
Basar et al. | Resource usage analysis of a mobile banking application using sensor-and-touchscreen-based continuous authentication | |
Okubo et al. | Effective security impact analysis with patterns for software enhancement | |
Pfeffer et al. | On the usability of authenticity checks for hardware security tokens | |
Supakkul et al. | Visualizing non-functional requirements patterns | |
Alnaeli et al. | Source code vulnerabilities in IoT software systems | |
Alghamdi | Effective penetration testing report writing | |
Hassan et al. | A penetration testing on Malaysia popular e-wallets and m-banking apps | |
Castell-Uroz et al. | Network measurements for web tracking analysis and detection: A tutorial | |
Broders et al. | A generic multimodels-based approach for the analysis of usability and security of authentication mechanisms | |
CN116450533A (en) | Security detection method and device for application program, electronic equipment and medium | |
US20220366048A1 (en) | Ai-powered advanced malware detection system | |
Park et al. | Forensic investigation framework for cryptocurrency wallet in the end device | |
Shih et al. | Verification of cryptocurrency mining using ethereum | |
Vimpari | An evaluation of free fuzzing tools | |
US8683452B1 (en) | Dynamically obfuscated javascript | |
Chaurasia | Dynamic analysis of Android malware using DroidBox | |
Ghorbanzadeh et al. | Detecting application logic vulnerabilities via finding incompatibility between application design and implementation | |
CN111488580A (en) | Potential safety hazard detection method and device, electronic equipment and computer readable medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170901 |