CN110688659B - Method and system for dynamically detecting horizontal override based on IAST test tool - Google Patents
Method and system for dynamically detecting horizontal override based on IAST test tool Download PDFInfo
- Publication number
- CN110688659B CN110688659B CN201910855342.4A CN201910855342A CN110688659B CN 110688659 B CN110688659 B CN 110688659B CN 201910855342 A CN201910855342 A CN 201910855342A CN 110688659 B CN110688659 B CN 110688659B
- Authority
- CN
- China
- Prior art keywords
- request
- module
- user
- detection model
- sql
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3696—Methods or tools to render software testable
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The invention discloses a method and a system for dynamically detecting horizontal override based on an IAST test tool, wherein the method comprises the following steps: s1, tracking SQL sentences interacted between the user program and the database by using an IAST test tool and an instrumentation technology; s2, binding the request and the request authority; s3, acquiring and storing all executed SQL statements under the request according to the step S1; s4, analyzing the obtained SQL statement; s5, performing weighted calculation on the data generated in the step S4 and generating a detection model; s6, monitoring a user request flow in real time; s7, performing authority verification on the request sent by the user by adopting a detection model to judge whether the statement executed by the request has a horizontal override problem; according to the invention, through the combination of the analysis of the database resources of the SQL statements and the detection model, the detection software can be deeply inserted into the codes of the application program, and the horizontal override vulnerability can be more accurately positioned.
Description
Technical Field
The invention relates to the technical field of vulnerability detection of application programs, in particular to a method and a system for dynamically detecting horizontal override based on an IAST test tool.
Background
Theoretically, an application system with a perfect architecture and safe rules should perform permission determination on a user sending a request and perform corresponding service on the user after receiving each request. In real life, due to the carelessness of engineers who build the system, the system does not judge the authority of a sending user who sends a request aiming at the authority but directly serves the user who sends the request on certain authorities, so that the user who does not have the authority can use the authority, namely, the authority is over-authorized. In the case of the override, there is an override mode which is a horizontal override hole, that is, an attacker can access the rights of other users in the rights group to which the attacker belongs, for example: the regular user a can access the management page of the regular user B, which is the case of the horizontal override. And the existing application program vulnerability detection means can only detect the vertical override problem at the request level according to a black box detection tool, namely: the end-to-end vulnerability detection can only judge the authority problem according to the return value and the response state, and cannot be used for the request without the return value. .
Disclosure of Invention
The invention aims to solve the technical problems and provides a method for dynamically detecting the horizontal override based on an IAST test tool, which can accurately position the horizontal override vulnerability of an application program.
Another object of the present invention is to provide a system for dynamically detecting a horizontal override based on an IAST test tool, which can accurately locate a horizontal override vulnerability of an application.
In order to achieve the aim, the invention discloses a method for dynamically detecting horizontal override based on an IAST test tool, which comprises the following steps:
s1, inserting detection codes at the connection positions of the user codes in the application program to be detected and the database by using an IAST test tool and an instrumentation technology, thereby dynamically acquiring SQL sentences interacted between the user program and the database and returned query result data;
s2, binding each user request with the corresponding request authority;
s3, when the user request is sent to the server for execution, all executed SQL statements under the request are obtained and stored according to the step S1;
s4, analyzing the SQL statement acquired in the step S3;
s5, carrying out weighted calculation on the data generated in the step S4 and generating a detection model based on a supervised learning algorithm, wherein the detection model is used for verifying the requested SQL statement;
s6, monitoring a user request flow in real time;
and S7, performing authority verification on the request sent by the user by adopting the detection model to judge whether the statement executed by the request has a horizontal override problem.
Compared with the prior art, the method for dynamically detecting the horizontal override based on the IAST test tool has the advantages that when a user starts an application program to be detected, the IAST test tool is started at the same time, and the part of a user code interacting with a database is marked by adopting a pile inserting technology, so that all executed SQL sentences under the user request are monitored, then the mapping relation between the user request and the authority is obtained, then all the SQL sentences requested to be executed and the authority value corresponding to the request are stored in the database, then a detection model is created through an algorithm after the SQL sentences are analyzed, and then the horizontal override problem detection is carried out on the monitored user request in real time through the detection model; therefore, by combining the analysis of the database resources of the SQL statements and the detection model, the detection software can be deeply inserted into the codes of the application programs, and the horizontal unauthorized vulnerability can be more accurately positioned.
Preferably, the specific step of requesting the rights binding in step S2 includes:
s20, binding the user name recorded in the application program to be detected and the authority corresponding to the user name;
s21, monitoring a user login request, and acquiring a login user name and an identity authentication token related to the user name;
s22, binding the authentication token acquired in the step S21 with the corresponding authority;
and S23, marking authority values for each request in the application program.
Preferably, the authentication token is based on a cookie or token.
Preferably, the method for dynamically detecting horizontal override based on IAST test tool further comprises the step of optimizing the detection model according to the user request and the verification result of the detection model.
The invention also discloses a system for dynamically detecting the horizontal override based on the IAST test tool, which comprises a data tracking module, a request permission generating module, an SQL interactive statement collecting module, an SQL analyzing module, a detection model establishing module, a request flow acquiring module and a verifying module; the data tracking module is used for inserting detection codes at the connection positions of the user codes in the application program to be detected and the database by using an IAST test tool and an instrumentation technology, so as to dynamically acquire SQL sentences interacted between the user program and the database and returned query result data; the request permission generating module is used for binding each user request with the corresponding request permission to generate the request permission corresponding to each user request; the SQL interactive statement collection module is used for acquiring and storing all executed SQL statements under the request through the data tracking module when the user request is sent to the server for execution; the SQL analysis module is used for analyzing the SQL sentences acquired by the SQL interactive sentence collection module; the detection model establishing module is used for performing weighted calculation according to the data generated by the SQL analyzing module and generating a detection model based on a supervised learning algorithm, and the detection model is used for verifying the requested SQL statement; the request flow acquiring module is used for monitoring and acquiring a user request flow in real time; the verification module is used for performing authority verification on the user request acquired by the request flow acquisition module by adopting the detection model so as to judge whether the statement executed by the request has a horizontal override problem.
Preferably, the request permission generating module specifically comprises a permission binding module, a request monitoring module, an identity authentication module and a request marking module; the authority binding module is used for binding the user name recorded in the application program to be detected and the authority corresponding to the user name; the request monitoring module is used for monitoring a user login request and acquiring a login user name and an identity authentication token related to the user name; the identity authentication module is used for binding the identity authentication token acquired by the request monitoring module with the corresponding authority; the request marking module is used for marking each request in the application program with a permission value.
Preferably, the authentication token is based on a cookie or token.
Preferably, the IAST test tool-based system for dynamically detecting horizontal override further comprises a detection model optimization module, wherein the detection model optimization module is used for optimizing the detection model according to a user request and a verification result of the detection model.
The invention also discloses a system for dynamically detecting horizontal override based on the IAST test tool, which comprises:
one or more processors;
a memory;
and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the programs comprising instructions for performing the method of dynamically detecting a level override based on an IAST test tool as described above.
The present invention also discloses a computer readable storage medium comprising a computer program for testing, the computer program being executable by a processor to perform the method for dynamically detecting a level override based on an IAST test tool as described above.
Drawings
FIG. 1 is a flowchart illustrating a method for dynamically detecting a horizontal override based on an IAST test tool according to an embodiment of the present invention.
Fig. 2 is a detailed flowchart of step S2 in fig. 1.
FIG. 3 is a schematic diagram of a schematic framework of a system for dynamically detecting a horizontal override based on an IAST test tool according to an embodiment of the present invention.
Detailed Description
In order to explain technical contents, structural features, implementation principles, and objects and effects of the present invention in detail, the following detailed description is given with reference to the accompanying drawings in combination with the embodiments.
As shown in FIG. 1, the invention discloses a method for dynamically detecting horizontal override based on IAST test tool, comprising the following steps:
s1, inserting detection codes at the connection positions of the user codes in the application program to be detected and the database by using an IAST test tool and an instrumentation technology, thereby dynamically acquiring SQL sentences interacted between the user program and the database and returned query result data; in the step, inserting codes at the connection part of the user program and the database according to the IAST technology, when the user program and the IAST program are started together, all codes and data interacting with the database are captured, and therefore SQL sentences interacting between the user application program and the database can be obtained; in addition, the user code is relative to the frame code in the application program, namely the code developed by the user, because the frame code generally undergoes technical and time inspection, the code structure is mature, no leak generally occurs, and for the user, only the user code developed by the user needs to be detected;
s2, binding each user request with the corresponding request authority respectively, thereby obtaining the mapping relation between the request and the authority;
s3, when the user request is sent to the server for execution, obtaining all executed SQL statements under the request according to the step S1 and storing the SQL statements in the database;
s4, analyzing the SQL sentences obtained in the step S3, and correspondingly performing weighted calculation on the database, the table, the fields and the field values to obtain weighted results;
s5, performing weighted calculation on the data generated in step S4 to generate a detection model, specifically: using the data obtained in step S4, creating a learning model using a naive bayes algorithm (one of supervised learning algorithms), where the learning model learns basic data (obtained in step S4 as input data, and performs a comparative analysis on a learning result and actual request data, and can perform a corresponding adjustment on the learning model, and then inputs the data in step S4 as input data into the adjusted learning model, until the accuracy of the model for verifying the requested SQL statement reaches a preset threshold, the model can more accurately determine whether the SQL statement has an override problem, and at this time, the learning model can be used as a detection model for verifying the to-be-detected SQL statement;
s6, monitoring a user request flow in real time;
and S7, performing authority verification on the request sent by the user by adopting a detection model to judge whether the statement executed by the request has a horizontal override problem.
According to the detection process of the horizontal override, the detection software can be deeply inserted into the code of the application program through the combination of the analysis of the database resource of the SQL statement and the detection model, and the horizontal override vulnerability can be more accurately positioned.
Preferably, as shown in fig. 2, the specific step of requesting the rights binding in step S2 includes:
s20, binding the user name recorded in the application program to be detected and the authority corresponding to the user name, for example, zhangsan ═ userA, and lie ═ userB;
s21, monitoring a user login request, and acquiring a login user name and an identity authentication token related to the user name; the authentication information may be based on a cookie or token, and the authentication token is based on the cookie when the client's server is a web application. When the client's server is not a web application, the authentication token is based on token information and is bound to the username. So-called non-web applications: the client and the server communicate by using a protocol other than http, which may be the original tcp protocol, dubbo protocol, sofa protocol, etc. In this embodiment, a web application is taken as an example to explain: when a user sends a login request, dynamically binding a user name and a cookie, for example, Zhang three ═ cookie A, Li four ═ cookie B;
s22, binding the authentication token obtained in step S21 with the corresponding right, for example, cookie a ═ userA, and cookie b ═ userB;
s23 marks authority values for each request in the application program, and binds the request with the authority, for example, Q (cookie a ═ userA) and P (cookie b ═ userB).
When the horizontal override is detected, different users under the same authority are requested repeatedly by the same request, and then whether the horizontal override is overridden is judged according to the operation result (for example, the request Q in step S203 is judged after being accessed by both userA and userB).
Furthermore, in the process of establishing the detection model, the method also comprises the step of optimizing the detection model, namely after the detection model is established, whether the verification result is correct or not is fed back to the detection model according to the request, so that the detection model is optimized, and the accuracy and the effectiveness of detecting the unauthorized problem are improved. The following describes the process of building the detection model in detail with a specific example: after SQL sentences are analyzed, weight calculation is carried out on analyzed data (comprising a database, a table, fields and field values, for example, the similarity of the database is highest, the weight is lowest, the similarity of the data table is next, the weight is lower, the similarity of the data field names and the data field values is lower, the weight is higher, characteristic values are extracted according to the weight calculation results, then a learning model is established by utilizing a naive Bayes algorithm according to the extracted characteristic values (the main idea is that if data to be classified has certain characteristics, the data to be classified is input into the learning model by using the extracted characteristic values as input data for learning, after learning is finished, the obtained learning result is compared with the actual situation for analysis, and (3) carrying out secondary adjustment on the learning model according to the result to ensure that the conformity of the learning model with the actual situation is higher, repeating the adjustment of the learning until the verification result of the learning model reaches a threshold value expected by people, and converting the learning model into the detection model. And then, receiving SQL sentences executed by each request in real time, obtaining a detection result according to the detection model, and feeding back the actual condition of the detection result to the detection model (namely, whether the detection is correct or not so as to continuously optimize the detection model).
In addition, the invention also discloses a system for dynamically detecting the horizontal override based on the IAST test tool, which comprises a data tracking module 10, a request authority generating module 11, an SQL interactive statement collecting module 12, an SQL analyzing module 13, a detection model establishing module 14, a request flow acquiring module 15 and a verification module 16 as shown in FIG. 3; the data tracking module 10 is used for inserting a detection code at a connection position between a user code in an application program to be detected and a database according to an IAST test tool and an instrumentation technique, so as to dynamically acquire an SQL statement interacted between the user program and the database and returned query result data; the request permission generating module 11 is configured to bind each user request with the request permission corresponding to the user request, so as to generate a request permission corresponding to each user request; the SQL interactive statement collection module 12 is configured to, when a user request is sent to the server for execution, obtain and store all executed SQL statements under the request through the data tracking module 10; the SQL parsing module 13 is configured to parse the SQL statements acquired by the SQL interactive statement collecting module 12; the detection model establishing module 14 is configured to perform weighted calculation according to the data generated by the SQL parsing module 13 and generate a detection model; the request flow acquiring module 15 is used for monitoring and acquiring a user request flow in real time; the verification module 16 is configured to perform permission verification on the user request acquired by the request flow acquisition module 15 by using a detection model, so as to determine whether a statement executed by the request has a horizontal override problem. Preferably, the request right generating module 11 specifically includes a right binding module 110, a request monitoring module 111, an identity authentication module 112, and a request marking module 113; the permission binding module 110 is configured to bind the user name recorded in the application program to be detected and the permission corresponding to the user name; the request monitoring module 111 is configured to monitor a user login request, and obtain a login user name and an authentication token related to the login user name; the identity authentication module 112 is configured to bind the authentication token obtained by the request monitoring module 111 with the corresponding right; the request marking module 113 is used for marking the authority value of each request in the application program. The authentication token is based on a cookie or token. Preferably, a detection model optimization module 17 is further provided, and the detection model optimization module 17 is configured to optimize the detection model according to the user request and the verification result of the detection model.
The invention also discloses a system for dynamically detecting a level override based on an IAST test tool, which comprises one or more processors, a memory, and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, and the program comprises instructions for executing the method for dynamically detecting a level override based on an IAST test tool as described above.
The present invention also discloses a computer readable storage medium comprising a computer program for testing, the computer program being executable by a processor to perform the method for dynamically detecting a level override based on an IAST test tool as described above.
The above disclosure is only a preferred embodiment of the present invention, and certainly should not be taken as limiting the scope of the present invention, which is therefore intended to cover all equivalent changes and modifications within the scope of the present invention.
Claims (10)
1. A method for dynamically detecting horizontal override based on an IAST test tool is characterized by comprising the following steps:
s1, inserting detection codes at the connection positions of the user codes in the application program to be detected and the database by using an IAST test tool and an instrumentation technology, thereby dynamically acquiring SQL sentences interacted between the user program and the database and returned query result data;
s2, binding each user request with the corresponding request authority;
s3, when the user request is sent to the server for execution, all executed SQL statements under the request are obtained and stored according to the step S1;
s4, analyzing the SQL statement acquired in the step S3;
s5, carrying out weighted calculation on the data generated in the step S4 and generating a detection model based on a supervised learning algorithm, wherein the detection model is used for verifying the requested SQL statement;
s6, monitoring a user request flow in real time;
and S7, performing authority verification on the request sent by the user by adopting the detection model to judge whether the statement executed by the request has a horizontal override problem.
2. The method for dynamically detecting horizontal override based on IAST test tool according to claim 1, wherein the specific step of requesting permission binding in step S2 comprises:
s20, binding the user name recorded in the application program to be detected and the authority corresponding to the user name;
s21, monitoring a user login request, and acquiring a login user name and an identity authentication token related to the user name;
s22, binding the authentication token acquired in the step S21 with the corresponding authority;
and S23, marking authority values for each request in the application program.
3. The IAST test tool-based method for dynamically detecting horizontal overrides according to claim 2, wherein the authentication token is based on a cookie or token.
4. The IAST test tool-based method for dynamically detecting horizontal overrides according to claim 1, further comprising the step of optimizing the detection model based on user requests and verification results of the detection model.
5. A system for dynamically detecting horizontal override based on an IAST test tool is characterized by comprising a data tracking module, a request permission generating module, an SQL interactive statement collecting module, an SQL analyzing module, a detection model establishing module, a request flow acquiring module and a verifying module;
the data tracking module is used for inserting detection codes at the connection positions of the user codes in the application program to be detected and the database by using an IAST test tool and an instrumentation technology, so as to dynamically acquire SQL sentences interacted between the user program and the database and returned query result data;
the request permission generating module is used for binding each user request with the corresponding request permission to generate the request permission corresponding to each user request;
the SQL interactive statement collection module is used for acquiring and storing all executed SQL statements under the request through the data tracking module when the user request is sent to the server for execution;
the SQL analysis module is used for analyzing the SQL sentences acquired by the SQL interactive sentence collection module;
the detection model establishing module is used for performing weighted calculation according to the data generated by the SQL analyzing module and generating a detection model based on a supervised learning algorithm, and the detection model is used for verifying the requested SQL statement;
the request flow acquiring module is used for monitoring and acquiring a user request flow in real time;
the verification module is used for performing authority verification on the user request acquired by the request flow acquisition module by adopting the detection model so as to judge whether the statement executed by the request has a horizontal override problem.
6. The IAST test tool-based system for dynamically detecting horizontal override according to claim 5, wherein the request permission generation module specifically comprises a permission binding module, a request monitoring module, an identity authentication module and a request marking module;
the authority binding module is used for binding the user name recorded in the application program to be detected and the authority corresponding to the user name;
the request monitoring module is used for monitoring a user login request and acquiring a login user name and an identity authentication token related to the user name;
the identity authentication module is used for binding the identity authentication token acquired by the request monitoring module with the corresponding authority;
the request marking module is used for marking each request in the application program with a permission value.
7. The IAST test tool-based system for dynamically detecting horizontal overrides according to claim 6, wherein the authentication token is cookie or token-based.
8. The IAST test tool-based system for dynamically detecting horizontal overrides according to claim 5, further comprising a detection model optimization module for optimizing the detection model based on user requests and verification results of the detection model.
9. A system for dynamically detecting a horizontal override based on an iatt test tool, comprising:
one or more processors;
a memory;
and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the programs comprising instructions for performing the method of dynamically detecting a level override based on an IAST test tool of any of claims 1 to 4.
10. A computer readable storage medium comprising a test computer program executable by a processor to perform the method for dynamically detecting a level override based on an iatt test tool of any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910855342.4A CN110688659B (en) | 2019-09-10 | 2019-09-10 | Method and system for dynamically detecting horizontal override based on IAST test tool |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910855342.4A CN110688659B (en) | 2019-09-10 | 2019-09-10 | Method and system for dynamically detecting horizontal override based on IAST test tool |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110688659A CN110688659A (en) | 2020-01-14 |
| CN110688659B true CN110688659B (en) | 2020-10-16 |
Family
ID=69107978
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910855342.4A Active CN110688659B (en) | 2019-09-10 | 2019-09-10 | Method and system for dynamically detecting horizontal override based on IAST test tool |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110688659B (en) |
Families Citing this family (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111209213B (en) * | 2020-02-14 | 2023-08-11 | 深圳开源互联网安全技术有限公司 | Abnormality detection method, system, equipment and storage medium for application program running |
| CN111597203A (en) * | 2020-04-28 | 2020-08-28 | 中国银联股份有限公司 | Statement query method, device, equipment and medium |
| CN111967043B (en) * | 2020-07-29 | 2023-08-11 | 深圳开源互联网安全技术有限公司 | Method, device, electronic equipment and storage medium for determining data similarity |
| CN112257054B (en) * | 2020-10-22 | 2022-11-15 | 北京邮电大学 | Software application unauthorized risk detection method, electronic equipment and storage medium |
| CN112491807A (en) * | 2020-11-05 | 2021-03-12 | 杭州孝道科技有限公司 | Horizontal override vulnerability detection method based on interactive application detection technology |
| CN112653670B (en) * | 2020-12-08 | 2023-11-10 | 北京大米科技有限公司 | Business logic vulnerability detection method and device, storage medium and terminal |
| CN112883379B (en) * | 2021-01-13 | 2023-04-25 | 深圳开源互联网安全技术有限公司 | IAST-based node. Js data stream tracking method and system |
| CN112765611B (en) * | 2021-01-19 | 2022-11-25 | 上海微盟企业发展有限公司 | Unauthorized vulnerability detection method, device, equipment and storage medium |
| CN113032787A (en) * | 2021-03-12 | 2021-06-25 | 北京安全共识科技有限公司 | System vulnerability detection method and device |
| CN113158197B (en) * | 2021-05-26 | 2022-05-17 | 北京安普诺信息技术有限公司 | SQL injection vulnerability detection method and system based on active IAST |
| CN114499960B (en) * | 2021-12-24 | 2024-03-22 | 深圳开源互联网安全技术有限公司 | CSRF vulnerability identification method, device and computer readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102227115A (en) * | 2011-06-13 | 2011-10-26 | 北京星网锐捷网络技术有限公司 | Method and device for limiting user access |
| CN103607378A (en) * | 2013-11-01 | 2014-02-26 | 国家电网公司 | Access control method |
| CN104301302A (en) * | 2014-09-12 | 2015-01-21 | 深信服网络科技(深圳)有限公司 | Unauthorized attack detection method and device |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017163141A1 (en) * | 2016-03-21 | 2017-09-28 | Checkmarx Ltd. | Integrated interactive application security testing |
| US10402577B2 (en) * | 2016-06-03 | 2019-09-03 | Honeywell International Inc. | Apparatus and method for device whitelisting and blacklisting to override protections for allowed media at nodes of a protected system |
| CN106126417A (en) * | 2016-06-17 | 2016-11-16 | 深圳开源互联网安全技术有限公司 | Interactive application safety detecting method and system thereof |
| CN106713347B (en) * | 2017-01-18 | 2019-06-11 | 国网江苏省电力公司电力科学研究院 | A kind of electric power mobile application unauthorized access leak detection method |
| CN108833365B (en) * | 2018-05-24 | 2021-06-15 | 杭州默安科技有限公司 | Traffic-based service logic vulnerability detection method and system |
| CN108804912B (en) * | 2018-06-15 | 2021-09-28 | 北京大学 | Application program override detection method based on permission set difference |
| CN110084044A (en) * | 2019-03-14 | 2019-08-02 | 深圳壹账通智能科技有限公司 | For the horizontal method and relevant device that loophole is tested automatically of going beyond one's commission |
-
2019
- 2019-09-10 CN CN201910855342.4A patent/CN110688659B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102227115A (en) * | 2011-06-13 | 2011-10-26 | 北京星网锐捷网络技术有限公司 | Method and device for limiting user access |
| CN103607378A (en) * | 2013-11-01 | 2014-02-26 | 国家电网公司 | Access control method |
| CN104301302A (en) * | 2014-09-12 | 2015-01-21 | 深信服网络科技(深圳)有限公司 | Unauthorized attack detection method and device |
Non-Patent Citations (1)
| Title |
|---|
| 跨站脚本漏洞与攻击的客户端检测方法研究;公衍磊;《中国优秀硕士学位论文全文数据库 信息科技辑》;20110915;第2011卷(第9期);第47-49页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110688659A (en) | 2020-01-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110688659B (en) | Method and system for dynamically detecting horizontal override based on IAST test tool | |
| CN110598418B (en) | Method and system for dynamically detecting vertical override based on IAST test tool | |
| CN105283849B (en) | For the Parallel Tracking of performance and details | |
| US8392963B2 (en) | Techniques for tracking actual users in web application security systems | |
| EP2095236B1 (en) | Method, system and computer program for testing software applications based on multiple data sources | |
| CN110602029B (en) | Method and system for identifying network attack | |
| CN110287109B (en) | Protocol interface testing method and device, computer equipment and storage medium thereof | |
| CN105930727A (en) | Web-based crawler identification algorithm | |
| US9864855B2 (en) | Verification data processing method and device and storage medium | |
| CN106778260A (en) | Attack detection method and device | |
| CN105103147A (en) | Tracing with a workload distributor | |
| CN105122230A (en) | Tracing as a service | |
| CN101883024A (en) | Dynamic detection method for cross-site forged request | |
| US11810014B2 (en) | Systems, methods and apparatus for evaluating status of computing device user | |
| CN111259399A (en) | Method and system for dynamically detecting vulnerability attacks for web applications | |
| Pendleton et al. | A dataset generator for next generation system call host intrusion detection systems | |
| US7991827B1 (en) | Network analysis system and method utilizing collected metadata | |
| CN112671724B (en) | Terminal security detection analysis method, device, equipment and readable storage medium | |
| CN113918526A (en) | Log processing method and device, computer equipment and storage medium | |
| CN111124937B (en) | Method and system for assisting in improving test case generation efficiency based on instrumentation function | |
| CN114416555A (en) | Page performance testing method, device, medium and equipment | |
| Alssir et al. | Web security testing approaches: comparison framework | |
| US9239745B1 (en) | Method and apparatus for managing security vulnerability lifecycles | |
| CN111611473A (en) | Information push processing method and device, storage medium and terminal | |
| Deptula | Automation of cyber penetration testing using the detect, identify, predict, react intelligence automation model |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Method and system of dynamic detection level exceeding authority based on Iast testing tool Effective date of registration: 20210401 Granted publication date: 20201016 Pledgee: Industrial and Commercial Bank of China Limited Shenzhen Huaqiang sub branch Pledgor: SHENZHEN KAIYUAN INTERNET SECURITY TECHNOLOGY Co.,Ltd. Registration number: Y2021980002337 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20220322 Granted publication date: 20201016 Pledgee: Industrial and Commercial Bank of China Limited Shenzhen Huaqiang sub branch Pledgor: SECZONE TECHNOLOGY Co.,Ltd. Registration number: Y2021980002337 |