CN108875368A - A kind of safety detection method, apparatus and system - Google Patents

A kind of safety detection method, apparatus and system Download PDF

Info

Publication number
CN108875368A
CN108875368A CN201710324721.1A CN201710324721A CN108875368A CN 108875368 A CN108875368 A CN 108875368A CN 201710324721 A CN201710324721 A CN 201710324721A CN 108875368 A CN108875368 A CN 108875368A
Authority
CN
China
Prior art keywords
application
detected
data
server
flows
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710324721.1A
Other languages
Chinese (zh)
Inventor
李泷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Kingsoft Cloud Network Technology Co Ltd
Beijing Kingsoft Cloud Technology Co Ltd
Original Assignee
Beijing Kingsoft Cloud Network Technology Co Ltd
Beijing Kingsoft Cloud Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Kingsoft Cloud Network Technology Co Ltd, Beijing Kingsoft Cloud Technology Co Ltd filed Critical Beijing Kingsoft Cloud Network Technology Co Ltd
Priority to CN201710324721.1A priority Critical patent/CN108875368A/en
Publication of CN108875368A publication Critical patent/CN108875368A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Test And Diagnosis Of Digital Computers (AREA)

Abstract

The embodiment of the invention provides a kind of safety detection method, apparatus and system, this method obtains the installation file of application to be detected;Installation file is installed to target simulation equipment;Dry run instruction is sent to target simulation equipment, applies and is communicated with server-side so that the operation of target simulation equipment simulating is to be detected;Record target simulation equipment simulating runs application to be detected and communicates the data on flows generated with server-side;Judge whether to reach preset dry run termination condition;If so, carrying out vulnerability scanning to the data on flows recorded, the safety detection result for being directed to application to be detected is obtained.Safety detection is carried out to application to be detected using scheme provided in an embodiment of the present invention, it can be according to different test case dry run applications to be detected, it does not need artificially to be detected, efficiently reduces the probability of test leakage, improve the accuracy for carrying out safety detection to application.

Description

A kind of safety detection method, apparatus and system
Technical field
The present invention relates to software testing technology fields, more particularly to a kind of safety detection method, apparatus and system.
Background technique
With the popularization of intelligent electronic products with the diversification of user demand, the quantity of application is also in explosive growth, mesh Online application is just more than 1,700,000 under preceding only Android operation system environment, and is also increasing day by day.It is entire in order to guarantee The stability of network environment, it is desirable that apply and need to carry out safety detection before online, exactly detection is using corresponding server-side No there are loopholes, and the application that only safety detection reaches requirement online could be supplied to user.
Currently, the corresponding server-side of detection application whether there is loophole, also in more traditional stage, generally by Testing staff subjectively detects and evaluates, and then obtains safety detection result;But server-side is at runtime, running environment Change greatly, there may be a large amount of loopholes for server-side, and manually carry out detection there are very strong randomnesss, it is likely that cause to leak The phenomenon that survey, therefore, the accuracy of safety detection, are low.
Summary of the invention
The embodiment of the present invention is designed to provide a kind of safety detection method, apparatus and system, with improve to application into The accuracy of row safety detection.
In order to achieve the above objectives, the embodiment of the invention discloses a kind of safety detection methods, are applied to electronic equipment, the party Method includes:
Obtain the installation file of application to be detected;
The installation file is installed to target simulation equipment;
Dry run instruction is sent to the target simulation equipment, so that described in target simulation equipment simulating operation Application to be detected is simultaneously communicated with server-side;
The target simulation equipment simulating is recorded to run the application to be detected and communicate the flow number generated with server-side According to;
Judge whether to reach preset dry run termination condition;
If so, carrying out vulnerability scanning to the data on flows recorded, the safety inspection for the application to be detected is obtained Survey result.
Optionally, target simulation equipment application to be detected described in dry run and logical with server-side in the following manner Letter:
Start test software, generates test case;
It is to be detected described in dry run to apply and communicated with server-side according to the test case.
Optionally, described according to the test case, application to be detected described in dry run and the step communicated with server-side Suddenly, including:
It triggers the application to be detected and generates the network request for being directed to each test case;
According to network request generated, establishes and communicate to connect between the application to be detected and server-side, so that institute Application to be detected is stated to be communicated by established communication connection with server-side.
Optionally, described to record the target simulation equipment simulating operation application to be detected and communicate production with server-side The step of raw data on flows, including:
Establish agency service;
Using the agency service, recording needle to each network request it is described it is to be detected application and generated between server-side Data on flows.
Optionally, the method also includes:
The data on flows recorded is stored into data on flows library;
It is described that vulnerability scanning is carried out to the data on flows recorded, obtain the safety detection knot for being directed to the application to be detected Fruit, including:
Vulnerability scanning is carried out to the data on flows that stores in the data on flows library, obtains and to be detected is answered for described Safety detection result.
Optionally, operation includes at least the multiple in application, described in the data on flows library of target application at the same time The step of data on flows of storage carries out vulnerability scanning, obtains the safety detection result for being directed to the application to be detected, packet It includes:
The first flow data to match with the network request are pulled from the data on flows library;
Vulnerability scanning is carried out to the first flow data, obtains the safety detection result for being directed to the application to be detected.
Optionally, described to judge whether the step of reaching preset dry run termination condition, including:
Judge whether the duration for running the application to be detected is more than or equal to preset standard operation duration;
And/or judge whether the quantity of the data on flows of record is more than or equal to preset standard quantity.
Optionally, the method also includes:
After obtaining the safety detection result, unload that install in the target simulation equipment described is to be detected to answer With.
In order to achieve the above objectives, the embodiment of the invention also discloses a kind of safety detection devices, are applied to electronic equipment, institute Stating device includes:
First obtains module, for obtaining the installation file of application to be detected;
First installation module, for installing the installation file to target simulation equipment;
Sending module, for sending dry run instruction to the target simulation equipment, so that the target simulation is set It is to be detected described in standby dry run to apply and communicated with server-side;
Logging modle, for recording the target simulation equipment simulating operation application to be detected and being communicated with server-side The data on flows of generation;
Judgment module reaches preset dry run termination condition for judging whether;
Second obtain module, for the judgment module judging result be in the case where, to the flow number recorded According to vulnerability scanning is carried out, the safety detection result for being directed to the application to be detected is obtained.
Optionally, the target simulation equipment, including:
First generates submodule, for starting test software, generates test case;
First operation submodule, for according to the test case, application to be detected and and server-side described in dry run Communication.
Optionally, the first operation submodule, is specifically used for:
It triggers the application to be detected and generates the network request for being directed to each test case;
According to network request generated, establishes and communicate to connect between the application to be detected and server-side, so that institute Application to be detected is stated to be communicated by established communication connection with server-side.
Optionally, the logging modle, is specifically used for:
Establish agency service;
Using the agency service, recording needle to each network request it is described it is to be detected application and generated between server-side Data on flows.
Optionally, described device further includes:
Memory module, for storing the data on flows recorded into data on flows library;
Described second obtains module, is specifically used for:
Vulnerability scanning is carried out to the data on flows that stores in the data on flows library, obtains and to be detected is answered for described Safety detection result.
Optionally, described second module is obtained, be specifically used for:
Operation includes at least the multiple in application, pulling from the data on flows library and the net of target application at the same time Network requests the first flow data to match;
Vulnerability scanning is carried out to the first flow data, obtains the safety detection result for being directed to the application to be detected.
Optionally, the judgment module, is specifically used for:
Judge whether the duration for running the application to be detected is more than or equal to preset standard operation duration;
And/or judge whether the quantity of the data on flows of record is more than or equal to preset standard quantity.
Optionally, described device further includes:
Unload module is installed in the target simulation equipment for unloading after obtaining the safety detection result The application to be detected.
In order to achieve the above objectives, the embodiment of the invention also discloses a kind of safety detection methods, are applied to analog machine, institute The method of stating includes:
The installation file of application to be detected is obtained from the electronic equipment communicated to connect with the analog machine;
The installation file is installed;
It is to be detected described in dry run to apply and communicated with server-side;
The data on flows that generation is communicated by application to be detected described in dry run and with server-side is transmitted to the electronics and sets It is standby, so that the electronic equipment is determining that carrying out loophole to the data on flows when reaching predetermined analog end of run condition sweeps Retouch the safety detection result for obtaining and being directed to the application to be detected.
Optionally, to be detected described in the dry run to apply and communicated with server-side, including:
Start test software, generates test case;
It is to be detected described in dry run to apply and communicated with server-side according to the test case.
Optionally, described according to the test case, application to be detected described in dry run and the step communicated with server-side Suddenly, including:
It triggers the application to be detected and generates the network request for being directed to each test case;
According to network request generated, establishes and communicate to connect between the application to be detected and server-side, so that institute Application to be detected is stated to be communicated by established communication connection with server-side.
Optionally, the method also includes:
Receive that the electronic equipment is sent after obtaining the safety detection result, instruction unloading is described to be detected to answer Unloading command;
Unload the application to be detected.
In order to achieve the above objectives, the embodiment of the invention also discloses a kind of safety detection devices, are applied to client, described Device includes:
Third obtains module, for obtaining the peace of application to be detected from the electronic equipment communicated to connect with the analog machine Fill file;
Second installation module, for installing the installation file;
Dry run module is communicated for application to be detected described in dry run and with server-side;
Forwarding module, the data on flows for communicating generation by application to be detected described in dry run and with server-side forward To the electronic equipment, so that the electronic equipment is when determination reaches predetermined analog end of run condition to the flow number The safety detection result for being directed to the application to be detected according to vulnerability scanning acquisition is carried out.
Optionally, the dry run module, including:
Second generates submodule, for starting test software, generates test case;
Second operation submodule, for according to the test case, application to be detected and and server-side described in dry run Communication.
Optionally, the second operation submodule, is specifically used for:
It triggers the application to be detected and generates the network request for being directed to each test case;
According to network request generated, establishes and communicate to connect between the application to be detected and server-side, so that institute Application to be detected is stated to be communicated by established communication connection with server-side.
Optionally, described device further includes:
Receiving module is unloaded for receiving the electronic equipment is sent after obtaining the safety detection result, instruction Carry the unloading command of the application to be detected;
Second Unload module, for unloading the application to be detected.
In order to achieve the above objectives, the embodiment of the invention also discloses a kind of safety detecting system, the system comprises controls Node and analog machine, wherein the analog machine is configured with agent side;
The control node is installed for obtaining the installation file of application to be detected, and by the installation file to described Analog machine;Dry run instruction is sent to the agent side of the analog machine, so that the analog machine dry run institute It states application to be detected and is communicated with server-side;And record the target simulation equipment simulating operation application to be detected and with clothes The data on flows that the communication of business end generates;Judge whether to reach preset dry run termination condition;If so, to the stream recorded It measures data and carries out vulnerability scanning, obtain the safety detection result for being directed to the application to be detected;
The agent side, for after receiving the dry run instruction that the control node is sent, described in dry run to Detection application is simultaneously communicated with server-side;
The analog machine, for installing the application to be detected.
Optionally, the agent side, is specifically used for:
After receiving the dry run instruction that the control node is sent, starts test software, generate test case;
It is to be detected described in dry run to apply and communicated with server-side according to the test case.
Optionally, described according to the test case, application to be detected described in dry run is simultaneously communicated with server-side, specifically For:
It triggers the application to be detected and generates the network request for being directed to each test case;
According to network request generated, establishes and communicate to connect between the application to be detected and server-side, so that institute Application to be detected is stated to be communicated by established communication connection with server-side.
Optionally, safety detecting system further includes:Data on flows library;
The data on flows library, the data on flows recorded for storing the control node;
The control node carries out vulnerability scanning to the data on flows recorded, obtains the peace for being directed to the application to be detected Full inspection is surveyed as a result, being specially:
Vulnerability scanning is carried out to the data on flows that stores in the data on flows library, obtains and to be detected is answered for described Safety detection result.
Optionally, operation includes at least the multiple in application, the control node is to the flow of target application at the same time The data on flows stored in database carries out vulnerability scanning, obtains the safety detection result for being directed to the application to be detected, Specially:
The first flow data to match with the network request are pulled from the data on flows library;
Vulnerability scanning is carried out to the first flow data, obtains the safety detection result for being directed to the application to be detected.
Optionally, the control node judges whether to reach preset dry run termination condition in the following way:
Judge whether the duration for running the application to be detected is more than or equal to preset standard operation duration;
And/or judge whether the quantity of the data on flows of record is more than or equal to preset standard quantity.
Optionally, the control node is also used to after obtaining the safety detection result, is sent to the agent side Unloading command;
The agent side is used for after receiving the unloading command, triggers that analog machine unloading is described to be detected to answer With.
Safety detection method provided in an embodiment of the present invention, apparatus and system, obtain the installation file of application to be detected;It will Installation file is installed to target simulation equipment;Dry run instruction is sent to target simulation equipment, so that target simulation equipment Dry run application to be detected is simultaneously communicated with server-side;Record target simulation equipment simulating operation application to be detected and and server-side Communicate the data on flows generated;Judge whether to reach preset dry run termination condition;If so, to the flow number recorded According to vulnerability scanning is carried out, the safety detection result for being directed to application to be detected is obtained.Using scheme pair provided in an embodiment of the present invention Application to be detected carries out safety detection, can not be needed artificially according to different test case dry run applications to be detected It is detected, efficiently reduces the probability of test leakage, improve the accuracy for carrying out safety detection to application.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.
Fig. 1 is the flow diagram for the safety detection method that one embodiment of the invention provides;
Fig. 2 be another embodiment of the present invention provides safety detection method flow diagram;
Fig. 3 is the flow diagram for the safety detection method that yet another embodiment of the invention provides;
Fig. 4 is the structural schematic diagram for the safety detection device that one embodiment of the invention provides;
Fig. 5 be another embodiment of the present invention provides safety detection device structural schematic diagram;
Fig. 6 is the structural schematic diagram for the safety detection device that yet another embodiment of the invention provides;
Fig. 7 is the flow diagram for the safety detection method that a further embodiment of the present invention provides;
Fig. 8 is the structural schematic diagram for the safety detection device that a further embodiment of the present invention provides;
Fig. 9 is a kind of specific schematic diagram of safety detecting system provided in an embodiment of the present invention;
Figure 10 is the specific schematic diagram of another kind of safety detecting system provided in an embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
Below by specific embodiment, the present invention will be described in detail.
It should be noted that safety detection method provided by the embodiment of the present invention can be applied in electronic equipment, it should Electronic equipment can be specially to apply testing service device, test development board, smart phone, tablet computer, terminal console, virtual machine Deng.Also, the software for realizing the function of safety detection method provided by the embodiment of the present invention can be to exclusively carry out safe inspection The client or plug-in unit of survey, this is all reasonable.
Fig. 1 is the flow diagram for the safety detection method that one embodiment of the invention provides, and is applied to electronic equipment, the party Method includes step:
S101:Obtain the installation file of application to be detected;
It will be appreciated to those of skill in the art that usually software developer completing to the design of a certain application or It is that, in order to detect the safety of new application, will often carry out safety to it after completing the optimization and upgrading to a certain application Test, the application for needing to carry out safety detection is referred to as application to be detected, and so-called application is application program (Application, letter Claim APP) or application software, APP may be mounted on analog machine, but APP is in a pre-installation, usually (again with installation file Claim, installation kit) form exist, after only the installation file of APP is mounted on analog machine, the APP could be run, into And realize function or the optimization system of certain personalizations etc.;The analog machine referred at this is to refer to install and simulate APP fortune The equipment that the software of APP running environment can be installed and be simulated to the equipment of row environment or carrying, such as:Smart phone, plate electricity Brain, simulator etc..
It is to be detected application be before the mounting in the form of installation file existing for, such as:" Kingsoft enterprise cloud disk .apk ", Wherein " apk " is the abbreviation of Android Package, is the installation kit applied in Android operation system.Certainly, only with peace at this It is illustrated for tall and erect operating system, it is equally applicable for operating systems such as Microsoft, Saipan, apple iOS, for example, for plug Class's operating system, the installation packet form of application to be detected can be:" Kingsoft enterprise cloud disk .sis ", since application installation package can be with It will not enumerate there are many form, at this, therefore, the application does not do the concrete form of application to be detected and clearly limits.
The installation kit of application to be detected can store in disk, also can store in application library, or can store In external storage medium, in scheme provided in an embodiment of the present invention, application to be detected can be software developer or Testing staff determines, can also be determined according to task list, or determined by electronic third-party equipment, regardless of which kind of side passed through Formula determines application to be detected, can obtain the corresponding installation file of application to be detected.
S102:The installation file is installed to target simulation equipment;
After the installation file for obtaining application to be detected, the installation file of acquisition is installed to analog machine (such as intelligence Mobile phone, tablet computer, simulator etc.) on, the analog machine for installing above-mentioned installation file is referred to as target simulation equipment, example Such as, target simulation equipment can be smart phone, and the installation file of application to be detected is:" Kingsoft enterprise cloud disk .apk ", then " Kingsoft enterprise cloud disk .apk " can be mounted on smart phone, then, it can the dry run on smart phone after installation It is to be detected to apply.
S103:Dry run instruction is sent to the target simulation equipment, so that the target simulation equipment simulating is transported The row application to be detected is simultaneously communicated with server-side;
From the foregoing, it will be observed that target simulation equipment is after the installation file for installing application to be detected, for application to be detected For, have been provided with the environment of operation;At this point it is possible to send a dry run instruction, the instruction to target simulation equipment For triggering target simulation equipment simulating operation application to be detected and being communicated with server-side.
It is understandable to be, after above-mentioned dry run instruction is received in target simulation equipment, just start simulation fortune Row application to be detected, once start the application to be detected, target simulation equipment will server-side corresponding with application to be detected build Vertical communication;The dry run that the embodiment of the present invention refers to refers to:It does not need software developer or testing staff participates in, pass through mesh The preassembled software with test function in analog machine is marked, the sequence of operations to application to be detected reaches simulation and uses The function of family operation.
In a kind of specific implementation provided in an embodiment of the present invention, above-mentioned target simulation equipment can be by following It is to be detected described in mode dry run to apply and communicated with server-side:
Start test software, generates test case;
It is to be detected described in dry run to apply and communicated with server-side according to the test case.
In order to accurately test application to be detected, can install in advance in smart phone has test function Software, the software are referred to as test software, it should be noted that the test software being installed on smart phone in advance can be directed to Application to be detected generates a series of test cases, for example, the test case generated for " Kingsoft enterprise cloud disk " is:It opens, is left Screen sliding, right screen sliding, click, diminution, amplification etc. can also show position different in interface corresponding for be detected apply The phenomenon that setting, generate enough test cases, capable of reducing test leakage in this way, improves the accuracy of safety detection.
Smart phone starts above-mentioned test software, can be given birth to by test software after receiving dry run instruction At a series of test cases for application to be detected, carrys out corresponding operation application to be detected according to the test case of generation, make Application to be detected operation is as the corresponding state of test case, and in this process, be installed on smart phone to be detected answers Communication connection is established between corresponding server-side used in connecing, it is to be detected to be applied to its corresponding clothes after establishing communication connection Business generates corresponding data traffic between end.
Further, above-mentioned according to the test case, application to be detected described in dry run is simultaneously communicated with server-side The step of, including:
It triggers the application to be detected and generates the network request for being directed to each test case;
According to network request generated, establishes and communicate to connect between the application to be detected and server-side, so that institute Application to be detected is stated to be communicated by established communication connection with server-side.
For the test case that each is generated, application to be detected can be triggered accordingly, for application to be detected Each test case is equivalent to the instruction with specific function of input.
It is illustrated so that application to be detected is " Kingsoft enterprise cloud disk " as an example below, it is assumed that test case is " opening " When, then, for " Kingsoft enterprise cloud disk ", " opening " is the equal of the instruction of input, then, " Kingsoft enterprise cloud disk " energy Enough " opening " based on the received instructs, and opening " Kingsoft enterprise cloud disk " can generate corresponding at opening " Kingsoft enterprise cloud disk " Network request;The network request can be obtained by API HOOK technology, wherein API (Application Programming Interface, application programming interface) be some functions predetermined, it is therefore an objective to provide application with Software developer is able to the ability of one group of routine of access based on certain software or hardware, and without accessing in source code, or understanding The details of working mechanism of portion, and API HOOK technology is a kind of technology for changing API implementing result.
After network request is acquired, smart phone can be in " Kingsoft enterprise cloud disk " and " gold according to the network request access Communication connection is established between the corresponding server-side of mountain enterprise cloud disk " (Kingsoft enterprise cloud disk server-side), and then can be according to the net Network request, accesses Kingsoft enterprise cloud disk server-side.For example, generating login/registration network at opening " Kingsoft enterprise cloud disk " Request, can be corresponding with " Kingsoft enterprise cloud disk " in " Kingsoft enterprise cloud disk " according to login/registration network request of generation Communication connection is established between server-side (Kingsoft enterprise cloud disk server-side), " Kingsoft enterprise cloud disk " can be according to login/note in this way The network request of volume accesses Kingsoft enterprise cloud disk server-side, then Kingsoft enterprise cloud disk server-side is that " Kingsoft enterprise cloud disk " mentions For service, make " Kingsoft enterprise cloud disk " operation to the state of " opening ".
S104:The target simulation equipment simulating is recorded to run the application to be detected and communicate the stream generated with server-side Measure data;
It will be appreciated to those of skill in the art that in " Kingsoft enterprise cloud disk " according to the network of each Test cases technology When requesting access to Kingsoft enterprise cloud disk server-side, Kingsoft enterprise cloud disk server-side will be directed to each network request, and return data is given " Kingsoft enterprise cloud disk ", in scheme provided in an embodiment of the present invention, the data that the above process generates are referred to as data on flows, these Data on flows can truly embody the safe condition of " Kingsoft enterprise cloud disk " in the process of running, therefore, implement in the present invention In the scheme that example provides, it can recorde " Kingsoft enterprise cloud disk " and carry out data with Kingsoft enterprise cloud disk server-side in the process of running Communicate the data on flows generated, so according to the data on flows of record to application safe condition in the process of running to be detected into Row detection, finds loophole, provides foundation for the maintenance to application in later period.
In scheme provided in an embodiment of the present invention, records the target simulation equipment simulating and run the application to be detected And the step of data on flows generated is communicated with server-side, may include:
Establish agency service;Using the agency service, recording needle to each network request it is described it is to be detected application with The data on flows generated between server-side.
It will be appreciated to those of skill in the art that agency service be it is a kind of be present among network, be capable of providing each The entity of formula various kinds function can be a plug-in unit or script etc.;It common is assisted based on HTTP for example, Fiddler is exactly one View acts on behalf of tool, it is able to record and checks the http communication process between client and internet, below only to use This acts on behalf of for tool and is illustrated to the recording process of data on flows Fiddler, and specific working principle is as follows:
Fiddler can locally open HTTP Proxy service, and for application to be detected, which is serviced just It is equivalent to server-side, and for server-side, which is then equivalent to the application to be detected for issuing request.
Therefore, after opening HTTP Proxy service, the network request that application to be detected issues can access first also to be opened The network request is forwarded to server-side by the HTTP Proxy service by HTTP Proxy service, then, it is connect in HTTP Proxy service After the flow for above-mentioned network request for receiving server-side transmission, which is transmitted to and issues the to be checked of above-mentioned network request Survey application, it is seen then that therefore the above-mentioned HTTP Proxy service internuncial role of performer using Fiddler, is able to record " mountain enterprise cloud disk " carries out the data on flows of data communication generation with Kingsoft enterprise cloud disk server-side in the process of running.
Understandable to be, the process of the process of above-mentioned record data on flows and application simulation to be detected operation is same stepping Capable, because if if " Kingsoft enterprise cloud disk " is out of service, then " Kingsoft enterprise cloud disk " and Kingsoft enterprise cloud disk service The data communication established between end will also interrupt, and also no longer generate data on flows, and the process of record is no in all senses, therefore, It does not need to re-record data on flows yet.
S105:Judge whether to reach preset dry run termination condition, if so, executing S106;
In order to reasonably carry out safety detection to application to be detected, the effect that safety detection is carried out to application to be detected is improved Rate reduces waste of time, corresponding dry run termination condition can be arranged for each application to be detected in advance, either In advance for the dry run termination condition of all application to be detected setting standards.
In a kind of specific implementation provided in an embodiment of the present invention, judge whether that reaching preset dry run terminates The step of condition, including:
Judge whether the duration for running the application to be detected is more than or equal to preset standard operation duration;
And/or judge whether the quantity of the data on flows of record is more than or equal to preset standard quantity.
Example one judges whether to reach dry run termination condition, can pass through judgement and run " Kingsoft enterprise cloud disk " Whether duration is more than or equal to preset standard operation duration, which can be for " Kingsoft enterprise cloud disk ", The empirical value obtained after largely testing is also possible to the pre-set standard being arranged for all types of applications Operation duration, certain standard operation duration may be empirical value.When the duration of operation " Kingsoft enterprise cloud disk " refers to current Between stamp subtract corresponding timestamp when bringing into operation " Kingsoft enterprise cloud disk ";For example, preset standard operation duration is that 10min (divides Clock), bring into operation " Kingsoft enterprise cloud disk " be that corresponding timestamp is:2017-03-01-13:10:00, current time stamp is: 2017-03-01-13:09:00, then, it is not difficult to calculate the when a length of 9min of operation " Kingsoft enterprise cloud disk ", by comparing may be used Know, the duration (9min) of operation " Kingsoft enterprise cloud disk " is less than preset standard operation duration (10min), at this point, determining currently not Reach dry run termination condition, need to continue to run " Kingsoft enterprise cloud disk ", when operation to timestamp is:2017-03-01- 13:10:When 00, the duration of operation " Kingsoft enterprise cloud disk " is exactly 10min, equal with preset standard operation duration (10min), Therefore, determine currently to reach dry run termination condition, step S106 can be performed.
Example two judges whether to reach dry run termination condition, can pass through the quantity of the data on flows of judgement record Whether be more than or equal to preset standard quantity, understandable to be, one test case of every generation, can to it is to be detected apply into Row one-time detection runs application to be detected for each test case, can correspond to and generate a data on flows, with test Use-case quantity is continuously increased, the function and operating status of application to be detected also gradually Land cover, the data on flows of record Quantity it is also corresponding increase, when test case is enough, there may be similar or identical phenomenon between test case, If operation is gone down always, the accuracy for carrying out safety detection to application can not be significantly improved, and can also be consumed a large amount of Time and smart phone running memory.
Comprehensively consider above situation, the record quantity an of standard can be preset before recording data on flows, it should Quantity is preset standard quantity, for example, the preset standard quantity of setting is 2000, then that is, when the stream being recorded When measuring the quantity of data more than or equal to 2000, determine currently to reach dry run termination condition, " Kingsoft enterprise out of service at this time Step S106 can be performed, if needing if the quantity of the data on flows of current record does not reach 2000 after reforwarding in cloud disk " Row " Kingsoft enterprise cloud disk ", until the quantity of the data on flows recorded is more than or equal to 2000.
Example three judges whether to reach dry run termination condition, and " Kingsoft enterprise cloud disk " can be run with comprehensive descision Whether duration is more than or equal to preset standard operation duration, and judges whether the quantity of the data on flows of record is more than or equal to pre- bidding Quasi- quantity realizes, a kind of specific implementation is that first to judge whether the duration for running " Kingsoft enterprise cloud disk " is more than or equal to pre- It is marked with quasi- operation duration, if when the duration for running " Kingsoft enterprise cloud disk " is more than or equal to preset standard duration, then judge current Whether the quantity of the data on flows of record is more than or equal to preset standard quantity, if the quantity of the data on flows of current record be greater than etc. In preset standard quantity, then determines currently to reach dry run termination condition, otherwise continue to run " Kingsoft enterprise cloud disk ".It is another Kind specific implementation is first to judge whether the quantity of the data on flows of record is more than or equal to preset standard quantity, if current note If the quantity of the data on flows of record is more than or equal to preset standard quantity, then judge the duration for currently running " Kingsoft enterprise cloud disk " Whether preset standard operation duration is more than or equal to, if currently the duration of operation " Kingsoft enterprise cloud disk " is transported more than or equal to preset standard If row duration, then determine currently to reach dry run termination condition, step S106 can be performed, otherwise, continues to run " Kingsoft enterprise Industry cloud disk ".
It should be noted that preset standard operation duration is 10min in above-described embodiment and preset standard quantity is 2000 be only a concrete example, does not constitute the application to the specific value of preset standard operation duration and preset standard quantity Restriction.
S106:Vulnerability scanning is carried out to the data on flows recorded, obtains the safety detection for being directed to the application to be detected As a result.
From the above, it can be seen that data on flows can truely and accurately embody the safe shape of application to be detected in the process of running State, therefore, in order to analyze the above-mentioned each data on flows being recorded, in scheme provided in an embodiment of the present invention, It needs to carry out vulnerability scanning to the data on flows recorded, so-called vulnerability scanning refers to based on vulnerability database, utilizes a series of foot This carries out simulation attack to the corresponding network request of each data on flows, and the network request after being attacked morphs, It using the network request access server-side after these variations, can obtain corresponding as a result, then carrying out result and vulnerability database Matching, if meeting matching condition, that illustrates this data on flows " there are loopholes ", if being unsatisfactory for matching condition, that explanation This data on flows " normal ".
It should be noted that the vulnerability database of above-mentioned meaning is according to security expert to network system security loophole, Hei Kegong The practical experience that the analysis and system manager for hitting case are configured about network system security forms standard set vulnerability database. Above-mentioned result is matched with vulnerability database, can use rule-based matching technique, it is so-called it is rule-based be based on one It covers by the matching system of the rule of security expertise predefined.For example, being asked to the above-mentioned network for after each variation The result and vulnerability database asked carry out in matching process, if it find that/cgi-bin/phf/cgi-bin/Count.cgi, that , according to the sharing and standardization of security expertise and cgi script, can deducing corresponding server-side, there are two CGI loophole.
Vulnerability scanning can be carried out to each data on flows being recorded according to above-mentioned vulnerability scanning rule, therefore, After scanning through all datas on flows, the available scanning result for each data on flows, i.e., " there are loopholes " or " normal ", if in the data on flows recorded there are scanning result be " there are loopholes " data on flows if, determine to Not by safety detection, that is, the safety detection result obtained is " not passing through " for detection application (Kingsoft enterprise cloud disk .apk).If If the scanning result of each data on flows recorded is " normal ", then application (Kingsoft enterprise cloud disk to be detected is determined .apk) by safety detection, that is, the safety detection result obtained is " passing through ".
It should be noted that the process of above-mentioned vulnerability scanning is only a kind of specific example provided in an embodiment of the present invention, The embodiment of the present invention does not further limit the concrete form of loophole.
It will be appreciated to those of skill in the art that in order to allow software developer or testing staff can be more intuitively Safety detection result is obtained, it, can be directly by safety detection knot after obtaining the safety detection result for application to be detected Fruit is pushed on the display interface of smart phone, or exports to electronic third-party equipment, in the aobvious of electronic third-party equipment Show and shows safety detection result on interface.Specifically, safety detection can be embodied in the form of histogram, statistical form, text etc. As a result particular content enables software developer or testing staff intuitively to obtain safety detection result, improves user's body It tests.
It should be noted that be detected apply is illustrated by taking " Kingsoft enterprise cloud disk " as an example in the example above, to Detection application can also be other than it can be " Kingsoft enterprise cloud disk ":Wechat, QQ, WPS, Alipay etc., therefore, this hair Bright embodiment is not done the form of application to be detected and is clearly limited.
To sum up, in the scheme that Fig. 1 embodiment provides, the installation file of application to be detected is obtained;By installation file It installs to target simulation equipment;Dry run instruction is sent to target simulation equipment, so that target simulation equipment simulating is run Application to be detected is simultaneously communicated with server-side;Record target simulation equipment simulating operation application to be detected simultaneously communicates generation with server-side Data on flows;Judge whether to reach preset dry run termination condition;If so, being leaked to the data on flows recorded Hole scanning, obtains the safety detection result for being directed to application to be detected.It answers using scheme provided in an embodiment of the present invention to be detected With safety detection is carried out, can not need artificially to be detected according to different test case dry run applications to be detected, The probability of test leakage is efficiently reduced, the accuracy for carrying out safety detection to application is improved.
In addition, the author is by a large amount of experiment discovery, using scheme provided in an embodiment of the present invention to it is to be detected apply into Row safety detection obtains the duration consumed in safety detection result and substantially can be controlled within 10min, compares in the prior art For artificial progress safety detection consumes 2-3 days, the time consumed in safety detection highly shortened, and then improve safety The efficiency of detection.
Fig. 2 be another embodiment of the present invention provides safety detection method flow diagram, except include Fig. 1 provide implementation Outside step S101-S106 in example, this method further includes step:
S107:The data on flows recorded is stored into data on flows library;
The data on flows of " there are loopholes " can be carried out in order to facilitate software developer or testing staff further Analysis, and then loophole is repaired, improved or is improved, can be by above-mentioned record in scheme provided in an embodiment of the present invention To each data on flows store into specified memory space (data on flows library), in this way, if when detecting loophole, The data on flows that " there are loopholes " can be directly found from the data on flows library, analyzes the data on flows, and then right Existing loophole is repaired, improved or is improved, and is brought great convenience to software developer or testing staff, is effectively mentioned The high efficiency that loophole is overhauled.
It should be noted that above-mentioned step S106 may include in the case where including step S107:
Vulnerability scanning is carried out to the data on flows that stores in the data on flows library, obtains and to be detected is answered for described Safety detection result.
It is understood that each data on flows of above-mentioned record is stored into data on flows library, then, to record Data on flows vulnerability scanning, loophole directly can be carried out to the data on flows that stores in flow database when carrying out vulnerability scanning Scanning process is no different with aforementioned, and details are not described herein again.
In order to improve the efficiency for carrying out safety detection to application, in a kind of implementation provided in an embodiment of the present invention, Safety detection can be carried out to multiple applications simultaneously, it should be noted that, can when carrying out safety detection to multiple applications at the same time It is carried out in a manner of through following two, one is:It, can will be to be detected more when target simulation equipment is single analog machine A application is mounted in above-mentioned analog machine, multiple applications in the analog machine after the installation of dry run simultaneously.It is another It kind is that when target simulation equipment is multiple analog machines, multiple applications to be detected can be separately mounted to above-mentioned multiple In analog machine, the case where allowing analog machine to install multiple applications, it then can run simultaneously and be mounted on respective mode Standby upper application is proposed, the cluster of commonly referred to as multiple analog machine compositions is simulator cluster.
Operation includes at least the multiple in application, described to storing in the data on flows library of application to be detected at the same time The data on flows carries out vulnerability scanning, obtains the safety detection result for being directed to the application to be detected, may include step:
A:The first flow data to match with the network request are pulled from the data on flows library;
Illustratively, application to be detected is still also transported while operation " Kingsoft enterprise cloud disk " for " Kingsoft enterprise cloud disk " Row another application " WPS ", and for " Kingsoft enterprise cloud disk " and " WPS ", the two be in form it is reciprocity, therefore, often One application carries out communicating the data on flows of generation respectively with corresponding server-side being also every one stream that is independent, and being recorded Amount data are stored in data on flows library, and current, carry out safety detection only for " Kingsoft enterprise cloud disk ", therefore only need Vulnerability scanning is carried out to the data on flows for " Kingsoft enterprise cloud disk " stored in flow database.
From the above, it can be seen that each data on flows is the network request applied for a certain Test cases technology, with This is using generation when corresponding server-side progress data communication, for example, " WPS " corresponding data on flows is " WPS " for certain The network request of one Test cases technology, with generation when WPS server-side progress data communication;And " Kingsoft enterprise cloud disk " is corresponding Data on flows be " Kingsoft enterprise cloud disk " be directed to a certain Test cases technology network request, with Kingsoft enterprise cloud server terminal into It is generated when row data communication.Therefore, in order to determine data on flows corresponding with " Kingsoft enterprise cloud disk " from data on flows library, The data on flows to match with above-mentioned network request, scheme provided in an embodiment of the present invention can be pulled from data on flows library In, it is referred to as first flow data with the data on flows that above-mentioned network request matches, first flow data are " Kingsoft enterprise's cloud The corresponding data on flows of disk ", then, after having traversed each data on flows in data on flows library, " gold can be directed to All datas on flows of mountain enterprise cloud disk ".
B:Vulnerability scanning is carried out to the first flow data, obtains the safety detection knot for being directed to the application to be detected Fruit.
Vulnerability scanning is carried out to the above-mentioned first flow data pulled, which sweeps data on flows progress loophole with aforementioned The process retouched is no different, and something in common refers to preceding sections, is repeated no more at this.
The embodiment that application drawing 2 provides carries out safety detection to application, can store the data on flows of record to flow In database, software developer and testing staff is facilitated to repair, improve and improve to application to be detected, raising is answered With the efficiency of maintenance, while multiple applications being supported to carry out the processes of safety detection simultaneously, further improves and pacify to applying The efficiency that full inspection is surveyed.
Fig. 3 is the flow diagram for the safety detection method that yet another embodiment of the invention provides, except including Fig. 1 offer implementation Outside step S101-S106 in example, this method further includes step:
S108:After obtaining the safety detection result, unload installed in the target simulation equipment it is described to be checked Survey application.
It will be appreciated to those of skill in the art that needing to consume a certain size memory on analog machine using being mounted on Space, and what the memory headroom size of analog machine was usually fixed, then, the quantity with installation application increases, and simulation is set Standby memory headroom will be gradually occupied, it is to be understood that occupied memory headroom is bigger, and analog machine is applied in operation When phenomena such as being also more easy to appear Caton, delay or crashing, this will directly affect accuracy to the safety detection of application And efficiency.
In view of above-mentioned factor, in scheme provided in an embodiment of the present invention, after obtaining the safety detection result, unload Carry the application to be detected installed in target simulation equipment;For example, in above-mentioned be directed to " Kingsoft enterprise cloud disk .apk " After safety detection result, " Kingsoft enterprise cloud disk " directly is unloaded, discharges the memory headroom of electronic target analog machine.
To sum up, the scheme that 3 embodiment of application drawing provides carries out safety detection to application, answers obtaining for be detected After safety detection result, the application to be detected installed in target simulation equipment is unloaded, therefore, can be discharged in corresponding Space is deposited, provides advantageous running environment for the safety detection process of next application, occurs Caton when reducing operation application, prolong Phenomena such as late or crashing, and then it is able to ascend the accuracy and efficiency that safety detection is carried out to application.
Fig. 4 is the structural schematic diagram for the safety detection device that one embodiment of the invention provides, and is applied to electronic equipment, the dress Set including:First, which obtains module 201, first, installs module 202, sending module 203, logging modle 204,205 and of judgment module Second obtains module 206.
First obtains module 201, for obtaining the installation file of application to be detected;
First installation module 202, for installing the installation file to target simulation equipment;
Sending module 203, for sending dry run instruction to the target simulation equipment, so that the target simulation The equipment simulating operation application to be detected is simultaneously communicated with server-side;
Logging modle 204, for recording the target simulation equipment simulating operation application to be detected and and server-side Communicate the data on flows generated;
Judgment module 205 reaches preset dry run termination condition for judging whether;
Second obtain module 206, for 205 judging result of judgment module be in the case where, to what is recorded Data on flows carries out vulnerability scanning, obtains the safety detection result for being directed to the application to be detected.
Optionally, above-mentioned target simulation equipment, including:
First generates submodule, for starting test software, generates test case;
First operation submodule, for according to the test case, application to be detected and and server-side described in dry run Communication.
Further, the first above-mentioned operation submodule, is specifically used for:
It triggers the application to be detected and generates the network request for being directed to each test case;
According to network request generated, establishes and communicate to connect between the application to be detected and server-side, so that institute Application to be detected is stated to be communicated by established communication connection with server-side.
Optionally, above-mentioned logging modle 204, is specifically used for:
Establish agency service;
Using the agency service, recording needle to each network request it is described it is to be detected application and generated between server-side Data on flows.
Optionally, above-mentioned judgment module 205, is specifically used for:
Judge whether the duration for running the application to be detected is more than or equal to preset standard operation duration;
And/or judge whether the quantity of the data on flows of record is more than or equal to preset standard quantity.
The scheme that 4 embodiment of application drawing provides carries out safety detection to application to be detected, can be used according to different tests Example operational objective application, does not need artificially to be detected, efficiently reduces the probability of test leakage, improves and pacifies to application The accuracy that full inspection is surveyed.
Fig. 5 be another embodiment of the present invention provides safety detection device structural schematic diagram, provide embodiment in Fig. 4 On the basis of, which further includes:Memory module 207.
Memory module 207, for storing the data on flows recorded into data on flows library;
It should be noted that above-mentioned second obtains module 206, specific to use in the case where including memory module 207 In:
Vulnerability scanning is carried out to the data on flows that stores in the data on flows library, obtains and to be detected is answered for described Safety detection result.
Optionally, the second above-mentioned acquisition module 206, is specifically used for:
Operation includes at least the multiple in application, pulling from the data on flows library and the net of target application at the same time Network requests the first flow data to match;
Vulnerability scanning is carried out to the first flow data, obtains the safety detection result for being directed to the application to be detected.
The embodiment that application drawing 5 provides carries out safety detection to application, can store the data on flows of record to flow In database, software developer and testing staff is facilitated to repair, improve and improve to application to be detected, raising is answered With the efficiency of maintenance, while multiple applications being supported to carry out the processes of safety detection simultaneously, further improves and pacify to applying The efficiency that full inspection is surveyed.
Fig. 6 is the structural schematic diagram for the safety detection device that yet another embodiment of the invention provides, and provides embodiment in Fig. 4 On the basis of, which further includes:First Unload module 208.
First Unload module 208, for unloading in the target simulation equipment after obtaining the safety detection result The application to be detected of installation.
The scheme that 6 embodiment of application drawing provides carries out safety detection to application, is obtaining the safety for being directed to application to be detected After testing result, therefore corresponding memory headroom can be discharged by unloading the application to be detected installed in target simulation equipment, There is provided advantageous running environment for the safety detection process of next application, reduce operation application when occur Caton, delay or Phenomena such as crash, and then it is able to ascend the accuracy and efficiency that safety detection is carried out to application.
Fig. 7 is the flow diagram for the safety detection method that a further embodiment of the present invention provides, and is mentioned in the embodiment of the present invention The safety detection method of confession can be applied to analog machine, understandable to be, analog machine can be smart phone, plate electricity The equipment such as brain, terminal console, the method comprising the steps of:
S301:The installation file of application to be detected is obtained from the electronic equipment communicated to connect with the analog machine;
S302:The installation file is installed;
By taking analog machine is tablet computer (tablet computer carries Android operation system) as an example, it is assumed that tablet computer receives To after the installation file (Kingsoft enterprise cloud disk .apk) of application (Kingsoft enterprise cloud disk) to be detected, tablet computer can be identified Installation file suffix " .apk " just can install " Kingsoft enterprise cloud disk .apk " later, after being installed, that is, complete to be checked Survey the installation of application " Kingsoft enterprise cloud disk ".
S303:It is to be detected described in dry run to apply and communicated with server-side;
When above-mentioned tablet computer installation " Kingsoft enterprise cloud disk .apk " complete after, tablet computer can for installation after to Detection application provides running environment, and therefore, tablet computer starts dry run " Kingsoft enterprise cloud disk ", once dry run " gold If this application of mountain enterprise cloud disk ", then should " Kingsoft enterprise cloud disk " being capable of initiatively corresponding server-side (Kingsoft enterprise Industry cloud disk service end) it is communicated.
The present invention implement provide a kind of specific implementation in, described in above-mentioned dry run it is to be detected application and with clothes The step of business end communication, including:
Start test software, generates test case;
It is to be detected described in dry run to apply and communicated with server-side according to the test case.
Specifically, described according to the test case, application to be detected described in dry run and the step communicated with server-side Suddenly, may include:
It triggers the application to be detected and generates the network request for being directed to each test case;
According to network request generated, establishes and communicate to connect between the application to be detected and server-side, so that institute Application to be detected is stated to be communicated by established communication connection with server-side.
It will not be described in great detail since the above process and the process in previous embodiment are no different, at this, before something in common refers to State corresponding part.
S304:The data on flows that generation is communicated by application to be detected described in dry run and with server-side is transmitted to the electricity Sub- equipment, so that the electronic equipment leaks the data on flows when determination reaches predetermined analog end of run condition Hole scanning obtains the safety detection result for being directed to the application to be detected.
It should be noted that being put down after application to be detected is communicated by established communication connection with server-side Generated data on flows in dry run application process to be detected is transmitted to electronic equipment by plate computer, electronic equipment here It can be understood as application testing service device, test development board and terminal console for communicating with tablet computer etc..
After electronic equipment receives data on flows, it is able to record to be detected described in above-mentioned analog machine dry run apply simultaneously The data on flows generated is communicated with server-side;It, can be by such as in a kind of specific implementation provided in an embodiment of the present invention Under type records data on flows, specially:
Establish agency service;
Using the agency service, recording needle to each network request it is described it is to be detected application and generated between server-side Data on flows.
It is emphasized that electronic equipment when reaching predetermined analog end of run condition, carries out the data on flows Vulnerability scanning obtains the safety detection result for being directed to the application to be detected.Wherein, judge whether to reach preset dry run Termination condition can be realized, specially by mode in detail below:
Judge whether the duration for running the application to be detected is more than or equal to preset standard operation duration;
And/or judge whether the quantity of the data on flows of record is more than or equal to preset standard quantity.
When determining to have reached predetermined analog end of run condition, electronic equipment carries out loophole to the data on flows recorded Scanning obtains the safety detection result for being directed to the application to be detected.
It should be noted that the process of embodiment is provided since the process of the embodiment of the present invention is substantially similar to Fig. 1, so It is described relatively simple, related place illustrates referring to the part of previous embodiment.
In addition to above-mentioned specific implementation, a kind of specific embodiment provided by the invention receives simulation in electronic equipment It, can be with after the data on flows of device forwards:
The data on flows recorded is stored into data on flows library;
Comprising above-mentioned steps, vulnerability scanning is carried out to the data on flows that is recorded, obtain for it is described to The safety detection result applied is detected, may include:
Vulnerability scanning is carried out to the data on flows that stores in the data on flows library, obtains and to be detected is answered for described Safety detection result.
On the basis of above-mentioned offer embodiment, if analog machine is installed and is run including at least the more of target application simultaneously It is a that in application, carrying out vulnerability scanning to the data on flows recorded, acquisition is directed to the safety detection result of the application to be detected, May include:
The first flow data to match with the network request are pulled from the data on flows library;
Vulnerability scanning is carried out to the first flow data, obtains the safety detection result for being directed to the application to be detected.
The scheme that 7 embodiment of application drawing provides carries out safety detection to application to be detected, can be used according to different tests Example dry run application to be detected, does not need artificially to be detected, efficiently reduces the probability of test leakage, improve to application Carry out the accuracy of safety detection;Meanwhile by storing the data on flows of record into data on flows library, facilitate software development Personnel and testing staff repair application to be detected, improve and improve, and improve the efficiency of application maintenance, support simultaneously Multiple applications while the process for carrying out safety detection, further improve the efficiency that safety detection is carried out to application.
A kind of specific embodiment provided by the invention provides the step S301-S304 for including in embodiment in above-mentioned Fig. 7 On the basis of, this method further includes:
Receive that the electronic equipment is sent after obtaining the safety detection result, instruction unloading is described to be detected to answer Unloading command;
Unload the application to be detected.
Safety detection is carried out to application using the scheme that the present invention applies example offer, is obtaining the safety for being directed to application to be detected After testing result, therefore corresponding memory headroom can be discharged by unloading the application to be detected installed in target simulation equipment, There is provided advantageous running environment for the safety detection process of next application, reduce operation application when occur Caton, delay or Phenomena such as crash, and then it is able to ascend the accuracy and efficiency that safety detection is carried out to application.
It is corresponding with Fig. 7 embodiment of the method, as shown in figure 8, the safety detection dress provided for a further embodiment of the present invention The structural schematic diagram set, is applied to analog machine, which includes:Third obtains module 401, second and installs module 402, dry run module 403 and forwarding module 404.
Third obtains module 401, for obtaining application to be detected from the electronic equipment communicated to connect with the analog machine Installation file;
Second installation module 402, for installing the installation file;
Dry run module 403 is communicated for application to be detected described in dry run and with server-side;
Forwarding module 404, for communicating the data on flows of generation by application to be detected described in dry run and with server-side It is transmitted to the electronic equipment, so that the electronic equipment is when determination reaches predetermined analog end of run condition to the stream It measures data and carries out the safety detection result that vulnerability scanning acquisition is directed to the application to be detected.
Optionally, the dry run module 403, including:
Second generates submodule, for starting test software, generates test case;
Second operation submodule, for according to the test case, application to be detected and and server-side described in dry run Communication.
Further, the second operation submodule, is specifically used for:
It triggers the application to be detected and generates the network request for being directed to each test case;
According to network request generated, establishes and communicate to connect between the application to be detected and server-side, so that institute Application to be detected is stated to be communicated by established communication connection with server-side.
The scheme that 8 embodiment of application drawing provides carries out safety detection to application to be detected, can be used according to different tests Example operational objective application, does not need artificially to be detected, efficiently reduces the probability of test leakage, improves and pacifies to application The accuracy that full inspection is surveyed.
On the basis of Fig. 8 provides embodiment, safety detection device provided in an embodiment of the present invention further includes:Receiving module With the second Unload module.
Receiving module is unloaded for receiving the electronic equipment is sent after obtaining the safety detection result, instruction Carry the unloading command of the application to be detected;
Second Unload module, for unloading the application to be detected.
Application drawing scheme provided in an embodiment of the present invention carries out safety detection to application, is obtaining for application to be detected After safety detection result, the application to be detected installed in target simulation equipment is unloaded, therefore, it is empty that corresponding memory can be discharged Between, provide advantageous running environment for the safety detection process of next application, reduce operation application when occur Caton, delay or Phenomena such as person is crashed, and then it is able to ascend the accuracy and efficiency that safety detection is carried out to application.
Fig. 9 is a kind of specific schematic diagram of safety detecting system provided in an embodiment of the present invention, which includes control section Point and analog machine, wherein the analog machine is configured with agent side;
The control node is installed for obtaining the installation file of application to be detected, and by the installation file to described Analog machine;Dry run instruction is sent to the agent side of the analog machine, so that the analog machine dry run institute It states application to be detected and is communicated with server-side;Record the target simulation equipment simulating operation application to be detected and with service The data on flows that end communication generates;Judge whether to reach preset dry run termination condition;If so, to the flow recorded Data carry out vulnerability scanning, obtain the safety detection result for being directed to the application to be detected;
The agent side, for after receiving the dry run instruction that the control node is sent, described in dry run to Detection application is simultaneously communicated with server-side;
The analog machine, for installing the application to be detected.
Optionally, the agent side, is specifically used for:
After receiving the dry run instruction that the control node is sent, starts test software, generate test case;
It is to be detected described in dry run to apply and communicated with server-side according to the test case.
Further, described according to the test case, application to be detected described in dry run simultaneously communicate, tool with server-side Body is:
It triggers the application to be detected and generates the network request for being directed to each test case;
According to network request generated, establishes and communicate to connect between the application to be detected and server-side, so that institute Application to be detected is stated to be communicated by established communication connection with server-side.
Optionally, the control node judges whether to reach preset dry run termination condition in the following way:
Judge whether the duration for running the application to be detected is more than or equal to preset standard operation duration;
And/or judge whether the quantity of the data on flows of record is more than or equal to preset standard quantity.
The safety detecting system that 9 embodiment of application drawing provides carries out safety detection to application to be detected, can be according to difference Test case operational objective application, do not need artificially to be detected, efficiently reduce the probability of test leakage, improve correspondence With the accuracy for carrying out safety detection.
Figure 10 is the specific schematic diagram of another kind of safety detecting system provided in an embodiment of the present invention, in the peace that Fig. 9 is provided On the basis of full inspection examining system, safety detecting system provided in an embodiment of the present invention further includes:Data on flows library;
The data on flows library, the data on flows recorded for storing the control node;
The control node carries out vulnerability scanning to the data on flows recorded, obtains the peace for being directed to the application to be detected Full inspection is surveyed as a result, being specially:
Vulnerability scanning is carried out to the data on flows that stores in the data on flows library, obtains and to be detected is answered for described Safety detection result.
Further, operation includes at least the multiple in application, the control node is to the stream of target application at the same time The data on flows stored in amount database carries out vulnerability scanning, obtains the safety detection knot for being directed to the application to be detected Fruit, specially:
The first flow data to match with the network request are pulled from the data on flows library;
Vulnerability scanning is carried out to the first flow data, obtains the safety detection result for being directed to the application to be detected.
It should be noted that above-mentioned while operation includes at least multiple applications of target application, can be simulated by one Device is realized, is also possible to realize by multiple simulators, in scheme provided in an embodiment of the present invention, is claimed multiple simulators The cluster of composition is simulator cluster.Therefore, the embodiment of the present invention is provided to the simulator quantity for including in safety detecting system Without clearly limiting.Multiple applications to be detected can be mounted in simulator cluster on the simulator of respective numbers, it can To realize to multiple applications while carry out safety detection.
Safety detection is carried out to application using the embodiment of the present invention, the data on flows of record can be stored to data on flows In library, software developer and testing staff is facilitated to repair, improve and improve to application to be detected, improves application inspection The efficiency repaired, while supporting multiple applications while carrying out the process of safety detection, it further improves and safe inspection is carried out to application The efficiency of survey.
Based on the safety detecting system that Fig. 9 embodiment provides, implement in the safety detecting system provided in the present invention, it is described Control node is also used to after obtaining the safety detection result, sends unloading command to the agent side;
The agent side is used for after receiving the unloading command, triggers that analog machine unloading is described to be detected to answer With.
To sum up, safety detection is carried out to application using safety detecting system provided in an embodiment of the present invention, obtained After the safety detection result of application to be detected, therefore unloading target application can discharge corresponding memory headroom, be The safety detection process of next application provides advantageous running environment, occurs Caton, delay or dead when reducing operation application Phenomena such as machine, and then it is able to ascend the accuracy and efficiency that safety detection is carried out to application.
It should be noted that, in this document, relational terms such as first and second and the like are used merely to a reality Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation In any actual relationship or order or sequence.Moreover, the terms "include", "comprise" or its any other variant are intended to Non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only wanted including those Element, but also including other elements that are not explicitly listed, or further include for this process, method, article or equipment Intrinsic element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that There is also other identical elements in process, method, article or equipment including the element.
Each embodiment in this specification is all made of relevant mode and describes, same and similar portion between each embodiment Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for system reality For applying example, since it is substantially similar to the method embodiment, so being described relatively simple, related place is referring to embodiment of the method Part explanation.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the scope of the present invention.It is all Any modification, equivalent replacement, improvement and so within the spirit and principles in the present invention, are all contained in protection scope of the present invention It is interior.

Claims (25)

1. a kind of safety detection method, which is characterized in that it is applied to electronic equipment, the method includes:
Obtain the installation file of application to be detected;
The installation file is installed to target simulation equipment;
Dry run instruction is sent to the target simulation equipment, so that target simulation equipment simulating operation is described to be checked It surveys application and is communicated with server-side;
The target simulation equipment simulating is recorded to run the application to be detected and communicate the data on flows generated with server-side;
Judge whether to reach preset dry run termination condition;
If so, carrying out vulnerability scanning to the data on flows recorded, the safety detection knot for being directed to the application to be detected is obtained Fruit.
2. the method according to claim 1, wherein the target simulation equipment dry run in the following manner The application to be detected is simultaneously communicated with server-side:
Start test software, generates test case;
It is to be detected described in dry run to apply and communicated with server-side according to the test case.
3. according to the method described in claim 2, it is characterized in that, described according to the test case, described in dry run to The step of detecting application and being communicated with server-side, including:
It triggers the application to be detected and generates the network request for being directed to each test case;
According to network request generated, establish and communicate to connect between the application to be detected and server-side so that it is described to Detection application is communicated by established communication connection with server-side.
4. according to the method described in claim 3, it is characterized in that, described record described in the target simulation equipment simulating operation The step of applying and communicating the data on flows generated with server-side to be detected, including:
Establish agency service;
Using the agency service, the to be detected stream applying and server-side between generate of the recording needle to each network request Measure data.
5. according to the method described in claim 3, it is characterized in that, the method also includes:
The data on flows recorded is stored into data on flows library;
It is described that vulnerability scanning is carried out to the data on flows recorded, the safety detection result for being directed to the application to be detected is obtained, Including:
Vulnerability scanning is carried out to the data on flows stored in the data on flows library, is obtained for the application to be detected Safety detection result.
6. according to the method described in claim 5, it is characterized in that, multiple applications of the operation including at least target application at the same time When, it is described that vulnerability scanning is carried out to the data on flows that stores in the data on flows library, it obtains and to be detected is answered for described The step of safety detection result, including:
The first flow data to match with the network request are pulled from the data on flows library;
Vulnerability scanning is carried out to the first flow data, obtains the safety detection result for being directed to the application to be detected.
7. method according to claim 1 to 6, which is characterized in that described to judge whether to reach preset simulation The step of end of run condition, including:
Judge whether the duration for running the application to be detected is more than or equal to preset standard operation duration;
And/or judge whether the quantity of the data on flows of record is more than or equal to preset standard quantity.
8. method according to claim 1 to 6, which is characterized in that the method also includes:
After obtaining the safety detection result, the application to be detected installed in the target simulation equipment is unloaded.
9. a kind of safety detection device, which is characterized in that be applied to electronic equipment, described device includes:
First obtains module, for obtaining the installation file of application to be detected;
First installation module, for installing the installation file to target simulation equipment;
Sending module, for sending dry run instruction to the target simulation equipment, so that the target simulation equipment mould It is quasi- to run the application to be detected and communicated with server-side;
Logging modle, for recording the target simulation equipment simulating operation application to be detected and communicating generation with server-side Data on flows;
Judgment module reaches preset dry run termination condition for judging whether;
Second obtain module, for the judgment module judging result be in the case where, to the data on flows recorded into Row vulnerability scanning obtains the safety detection result for being directed to the application to be detected.
10. device according to claim 9, which is characterized in that the target simulation equipment, including:
First generates submodule, for starting test software, generates test case;
First operation submodule, for according to the test case, application to be detected described in dry run is simultaneously communicated with server-side.
11. device according to claim 10, which is characterized in that the first operation submodule is specifically used for:
It triggers the application to be detected and generates the network request for being directed to each test case;
According to network request generated, establish and communicate to connect between the application to be detected and server-side so that it is described to Detection application is communicated by established communication connection with server-side.
12. device according to claim 11, which is characterized in that the logging modle is specifically used for:
Establish agency service;
Using the agency service, the to be detected stream applying and server-side between generate of the recording needle to each network request Measure data.
13. device according to claim 11, which is characterized in that described device further includes:
Memory module, for storing the data on flows recorded into data on flows library;
Described second obtains module, is specifically used for:
Vulnerability scanning is carried out to the data on flows stored in the data on flows library, is obtained for the application to be detected Safety detection result.
14. device according to claim 12, which is characterized in that described second obtains module, is specifically used for:
Operation includes at least the multiple of target application and asks in application, pulling from the data on flows library with the network at the same time Seek the first flow data to match;
Vulnerability scanning is carried out to the first flow data, obtains the safety detection result for being directed to the application to be detected.
15. the device according to any one of claim 9-14, which is characterized in that the judgment module is specifically used for:
Judge whether the duration for running the application to be detected is more than or equal to preset standard operation duration;
And/or judge whether the quantity of the data on flows of record is more than or equal to preset standard quantity.
16. the device according to any one of claim 9-14, which is characterized in that described device further includes:
First Unload module is installed in the target simulation equipment for unloading after obtaining the safety detection result The application to be detected.
17. a kind of safety detection method, which is characterized in that it is applied to analog machine, the method includes:
The installation file of application to be detected is obtained from the electronic equipment communicated to connect with the analog machine;
The installation file is installed;
It is to be detected described in dry run to apply and communicated with server-side;
The data on flows that generation is communicated by application to be detected described in dry run and with server-side is transmitted to the electronic equipment, with So that the electronic equipment is determining that carrying out vulnerability scanning to the data on flows when reaching predetermined analog end of run condition obtains Obtain the safety detection result for the application to be detected.
18. according to the method for claim 17, which is characterized in that described in the dry run it is to be detected application and with service End communication, including:
Start test software, generates test case;
It is to be detected described in dry run to apply and communicated with server-side according to the test case.
19. according to the method for claim 18, which is characterized in that it is described according to the test case, described in dry run The step of applying and being communicated with server-side to be detected, including:
It triggers the application to be detected and generates the network request for being directed to each test case;
According to network request generated, establish and communicate to connect between the application to be detected and server-side so that it is described to Detection application is communicated by established communication connection with server-side.
20. method described in any one of 7-19 according to claim 1, which is characterized in that the method also includes:
It receives the electronic equipment is sent after obtaining the safety detection result, instruction and unloads the application to be detected Unloading command;
Unload the application to be detected.
21. a kind of safety detection device, which is characterized in that be applied to client, described device includes:
Third obtains module, for obtaining the installation text of application to be detected from the electronic equipment communicated to connect with the analog machine Part;
Second installation module, for installing the installation file;
Dry run module is communicated for application to be detected described in dry run and with server-side;
Forwarding module, the data on flows for communicating generation by application to be detected described in dry run and with server-side are transmitted to institute State electronic equipment so that the electronic equipment determine reach predetermined analog end of run condition when to the data on flows into Row vulnerability scanning obtains the safety detection result for being directed to the application to be detected.
22. device according to claim 21, which is characterized in that the dry run module, including:
Second generates submodule, for starting test software, generates test case;
Second operation submodule, for according to the test case, application to be detected described in dry run is simultaneously communicated with server-side.
23. device according to claim 22, which is characterized in that the second operation submodule is specifically used for:
It triggers the application to be detected and generates the network request for being directed to each test case;
According to network request generated, establish and communicate to connect between the application to be detected and server-side so that it is described to Detection application is communicated by established communication connection with server-side.
24. the device according to any one of claim 21-23, which is characterized in that described device further includes:
Receiving module, for receiving the electronic equipment is sent after obtaining the safety detection result, instruction unloading institute State the unloading command of application to be detected;
Second Unload module, for unloading the application to be detected.
25. a kind of safety detecting system, which is characterized in that the system comprises control node and analog machines, wherein described Analog machine is configured with agent side;
The control node is installed for obtaining the installation file of application to be detected, and by the installation file to the simulation Equipment;To the agent side of the analog machine send dry run instruction so that described in the analog machine dry run to Detection application is simultaneously communicated with server-side;It records the target simulation equipment simulating operation application to be detected and leads to server-side Believe the data on flows generated;Judge whether to reach preset dry run termination condition;If so, to the data on flows recorded Vulnerability scanning is carried out, the safety detection result for being directed to the application to be detected is obtained;
The agent side, it is to be detected described in dry run after being instructed in the dry run for receiving the control node transmission It is communicated using and with server-side;
The analog machine, for installing the application to be detected.
CN201710324721.1A 2017-05-10 2017-05-10 A kind of safety detection method, apparatus and system Pending CN108875368A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710324721.1A CN108875368A (en) 2017-05-10 2017-05-10 A kind of safety detection method, apparatus and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710324721.1A CN108875368A (en) 2017-05-10 2017-05-10 A kind of safety detection method, apparatus and system

Publications (1)

Publication Number Publication Date
CN108875368A true CN108875368A (en) 2018-11-23

Family

ID=64287612

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710324721.1A Pending CN108875368A (en) 2017-05-10 2017-05-10 A kind of safety detection method, apparatus and system

Country Status (1)

Country Link
CN (1) CN108875368A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111177729A (en) * 2019-12-17 2020-05-19 腾讯云计算(北京)有限责任公司 Program bug test method and related device
WO2020155765A1 (en) * 2019-01-31 2020-08-06 平安科技(深圳)有限公司 Data crawling method for mobile terminal, device, mobile terminal, and storage medium
CN112769655A (en) * 2021-03-02 2021-05-07 北京百家科技集团有限公司 Network variation testing method, device and system

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1421771A (en) * 2001-11-27 2003-06-04 四川安盟科技有限责任公司 Guard system to defend network invansion of unkown attack trick effectively
CN1606278A (en) * 2003-10-10 2005-04-13 中国电信集团公司 End-to-end service testing system and method
CN101312393A (en) * 2007-05-24 2008-11-26 北京启明星辰信息技术有限公司 Detection method and system for SQL injection loophole
CN101626368A (en) * 2008-07-11 2010-01-13 中联绿盟信息技术(北京)有限公司 Device, method and system for preventing web page from being distorted
CN102609352A (en) * 2011-01-19 2012-07-25 阿里巴巴集团控股有限公司 Parallel testing method and parallel testing server
CN104252598A (en) * 2013-06-28 2014-12-31 深圳市腾讯计算机系统有限公司 Method and device for detecting application bugs
CN104461880A (en) * 2014-12-04 2015-03-25 福建星网视易信息系统有限公司 Method for automatically detecting heap corruption in embedded system
CN104765682A (en) * 2015-03-30 2015-07-08 微梦创科网络科技(中国)有限公司 Offline detection method and system for cross-site scripting vulnerability
CN105357195A (en) * 2015-10-30 2016-02-24 深圳市深信服电子科技有限公司 Unauthorized web access vulnerability detecting method and device
CN105791273A (en) * 2016-02-24 2016-07-20 上海携程商务有限公司 Web vulnerability scanning system
CN106022127A (en) * 2016-05-10 2016-10-12 江苏通付盾科技有限公司 APK file security detection method and apparatus
CN106357670A (en) * 2016-10-17 2017-01-25 成都知道创宇信息技术有限公司 Simulator-based android application server side Web vulnerability detection method

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1421771A (en) * 2001-11-27 2003-06-04 四川安盟科技有限责任公司 Guard system to defend network invansion of unkown attack trick effectively
CN1606278A (en) * 2003-10-10 2005-04-13 中国电信集团公司 End-to-end service testing system and method
CN101312393A (en) * 2007-05-24 2008-11-26 北京启明星辰信息技术有限公司 Detection method and system for SQL injection loophole
CN101626368A (en) * 2008-07-11 2010-01-13 中联绿盟信息技术(北京)有限公司 Device, method and system for preventing web page from being distorted
CN102609352A (en) * 2011-01-19 2012-07-25 阿里巴巴集团控股有限公司 Parallel testing method and parallel testing server
CN104252598A (en) * 2013-06-28 2014-12-31 深圳市腾讯计算机系统有限公司 Method and device for detecting application bugs
CN104461880A (en) * 2014-12-04 2015-03-25 福建星网视易信息系统有限公司 Method for automatically detecting heap corruption in embedded system
CN104765682A (en) * 2015-03-30 2015-07-08 微梦创科网络科技(中国)有限公司 Offline detection method and system for cross-site scripting vulnerability
CN105357195A (en) * 2015-10-30 2016-02-24 深圳市深信服电子科技有限公司 Unauthorized web access vulnerability detecting method and device
CN105791273A (en) * 2016-02-24 2016-07-20 上海携程商务有限公司 Web vulnerability scanning system
CN106022127A (en) * 2016-05-10 2016-10-12 江苏通付盾科技有限公司 APK file security detection method and apparatus
CN106357670A (en) * 2016-10-17 2017-01-25 成都知道创宇信息技术有限公司 Simulator-based android application server side Web vulnerability detection method

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020155765A1 (en) * 2019-01-31 2020-08-06 平安科技(深圳)有限公司 Data crawling method for mobile terminal, device, mobile terminal, and storage medium
CN111177729A (en) * 2019-12-17 2020-05-19 腾讯云计算(北京)有限责任公司 Program bug test method and related device
CN111177729B (en) * 2019-12-17 2023-03-10 腾讯云计算(北京)有限责任公司 Program bug test method and related device
CN112769655A (en) * 2021-03-02 2021-05-07 北京百家科技集团有限公司 Network variation testing method, device and system
CN112769655B (en) * 2021-03-02 2022-08-12 北京百家科技集团有限公司 Network variation testing method, device and system

Similar Documents

Publication Publication Date Title
CN109302522B (en) Test method, test device, computer system, and computer medium
CN111124850A (en) MQTT server performance testing method, system, computer equipment and storage medium
CN105426298B (en) A kind of method for testing software and system based on ADB
CN107861871A (en) A kind of gray scale dissemination method, device, server and storage medium
CN103336696B (en) The Oftware updating method of test instrunment and system
CN109740222B (en) Testing device and system for automobile networking scene
CN107608901B (en) Jmeter-based testing method and device, storage medium and electronic equipment
CN108509333A (en) Adjustment method and device
CN111124919A (en) User interface testing method, device, equipment and storage medium
CN105787364B (en) Automatic testing method, device and system for tasks
US8539404B2 (en) Functional simulation redundancy reduction by state comparison and pruning
CN110912776A (en) Automatic fuzzy test method and device for entity router management protocol
CN105653338B (en) A kind of update method and device of application
CN106708716A (en) Software testing method, device and system
CN105607994A (en) Mobile terminal software testing method and system
CN108875368A (en) A kind of safety detection method, apparatus and system
CN110059011A (en) Interface test method, device, medium and electronic equipment
CN109726108A (en) Front-end code test method, device, system and medium based on analogue data
CN109254914A (en) Software development kit test method, system, computer installation and readable storage medium storing program for executing
CN107229497A (en) Server test method and server test device
CN108319554A (en) Test method, computer readable storage medium and the terminal device of application function
WO2019178957A1 (en) Distributed system test method and device, computer device and storage medium
CN108234246A (en) A kind of method and system of multidirectional server network performance
CN110515755A (en) Interface function verification method, device, equipment and computer readable storage medium
CN114640614B (en) RPC interface automatic test method, system, electronic equipment, medium and product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20181123

RJ01 Rejection of invention patent application after publication