CN111414305A - Test method, test device, test apparatus, and medium - Google Patents

Test method, test device, test apparatus, and medium Download PDF

Info

Publication number
CN111414305A
CN111414305A CN202010193829.3A CN202010193829A CN111414305A CN 111414305 A CN111414305 A CN 111414305A CN 202010193829 A CN202010193829 A CN 202010193829A CN 111414305 A CN111414305 A CN 111414305A
Authority
CN
China
Prior art keywords
test
message
data
target
target message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010193829.3A
Other languages
Chinese (zh)
Other versions
CN111414305B (en
Inventor
旷亚和
吕博良
程佩哲
叶红
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202010193829.3A priority Critical patent/CN111414305B/en
Publication of CN111414305A publication Critical patent/CN111414305A/en
Application granted granted Critical
Publication of CN111414305B publication Critical patent/CN111414305B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3684Test management for test design, e.g. generating new test cases
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3688Test management for test execution, e.g. scheduling of test suites
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Abstract

The present disclosure provides a test method, comprising: acquiring a target message sent by a client to a server, wherein the target message comprises a plurality of character-type data, and the plurality of character-type data represent message characteristics of the target message; determining a test scene based on the message characteristics of the target message; determining a test message according to the test scene and the target message; sending the test message to the server so that the server can process the test message to obtain a test result; and determining whether a safety problem exists when the server processes the target message based on the test result. The present disclosure also provides a test apparatus, a test device, and a computer-readable storage medium.

Description

Test method, test device, test apparatus, and medium
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a test method, a test apparatus, a test device, and a computer-readable storage medium.
Background
The service logic type bug refers to that a lawbreaker can execute lawbreaking operation by means of resending a message, tampering service parameters in the message and the like due to the fact that the program logic design is not strict. Traditional security defense devices and measures have little effect in detecting business logic vulnerabilities.
In carrying out the presently disclosed concept, the inventors have found that there are at least the following problems in the related art.
Some conventional automated security testing methods mainly rely on manual analysis of service functions to construct test messages during testing, and send the test messages to a server for testing. The testing method relies on that a tester constructs a testing message after fully knowing the service function, the requirement on the tester is high, and the testing message constructed manually is difficult to traverse all abnormal scenes, so that the problem of missing testing some abnormal scenes is easy to occur. In addition, the method of manually constructing the test message has the problems of relatively complex test steps and low test efficiency.
In addition, some conventional automated security testing methods need to determine a specific service scenario during testing, so as to perform testing by using different test cases for different service scenarios. The service scenes comprise, for example, transfer-type service scenes, login-type service scenes and the like. Such a test method requires defining a specific service scenario in advance, and manually constructing a corresponding rule between the service scenario and the test case in advance. Therefore, when a new business scenario appears, the corresponding rule between the business scenario and the test case needs to be updated in real time, which wastes labor cost. In addition, with the development of services, some service scenes may have some hidden vulnerabilities, which are difficult to find manually, so that no suitable test case is available for testing.
Disclosure of Invention
In view of the above, the present disclosure provides an optimized testing method, testing apparatus, testing device, and computer-readable storage medium.
One aspect of the present disclosure provides a test method, including: the method comprises the steps of obtaining a target message sent by a client to a server, wherein the target message comprises a plurality of character type data, the character type data represent message characteristics of the target message, determining a test scene based on the message characteristics of the target message, determining the test message according to the test scene and the target message, sending the test message to the server so that the server can process the test message to obtain a test result, and determining whether a safety problem exists when the server processes the target message based on the test result.
According to the embodiment of the present disclosure, the determining, according to the test scenario and the target packet, that the test packet includes at least one of the following items: and in response to determining that the test scene is a first-class scene, processing the target message as the test message, and in response to determining that the test scene is a second-class scene, processing the target message and using the processed target message as the test message, wherein the first-class scene represents that the target message comprises a message for acquiring a verification code, and the second-class scene represents that the target message comprises a message for requesting login and/or represents that user information in the target message has risks.
According to an embodiment of the present disclosure, the processing the target packet includes: and acquiring user attribute information of the sample user, and replacing the user attribute information in the target message with the user attribute information of the sample user to obtain the processed target message.
According to the embodiment of the present disclosure, the target message includes a plurality of transaction data. Wherein the processing the target packet comprises at least one of: changing an order of the plurality of transaction data, and deleting at least one transaction data of the plurality of transaction data.
According to an embodiment of the present disclosure, the method further includes: and processing the target message to obtain the message characteristics of the target message. Wherein, the processing the target packet to obtain the packet characteristics of the target packet includes: the method comprises the steps of obtaining a plurality of character type data in the target message, wherein each character type data in the plurality of character type data comprises characters or character strings, determining the occurrence frequency of each character type data in the target message, and determining a feature vector of the target message based on the occurrence frequency, wherein the feature vector represents the message features.
According to an embodiment of the present disclosure, the determining a test scenario based on the message characteristics of the target message includes: the method comprises the steps of obtaining a classification model, wherein the classification model is obtained by utilizing a plurality of characteristic values and a plurality of label values through training, the characteristic values are message characteristics of a plurality of training messages, the label values are test scenes corresponding to the training messages, and the test scenes are obtained by utilizing the classification model to process the message characteristics.
According to an embodiment of the present disclosure, the method further includes: and acquiring an original result obtained by processing the target message by the server. Wherein, the determining whether the server side has a security problem when processing the target packet based on the test result includes: and determining whether a safety problem exists when the server side processes the target message or not based on the similarity between the original result and the test result.
According to an embodiment of the present disclosure, the determining whether a security problem exists when the server processes the target packet based on the similarity between the original result and the test result includes: the method comprises the steps of obtaining a first data type of an original result and a second data type of a test result, responding to the inconsistency between the first data type and the second data type, determining that no safety problem exists when the server processes the target message, responding to the consistency between the first data type and the second data type, obtaining a first data content of the original result and a second data content of the test result, and determining whether the safety problem exists when the server processes the target message or not based on the similarity between the first data content and the second data content.
According to an embodiment of the present disclosure, the determining whether the server side has a security problem when processing the target packet based on the similarity between the first data content and the second data content includes: determining whether a security problem exists when the server processes the target message based on a similarity between a data structure of the first data content and a data structure of the second data content and a similarity between a data pattern of the first data content and a data pattern of the second data content in response to both the first data content and the second data content being structured data, determining whether a security problem exists when the server processes the target message based on a similarity between a data structure of the first data content and a data structure of the second data content in response to both the first data content and the second data content being semi-structured data, and based on a similarity between a hash value of the first data content and a hash value of the second data content in response to both the first data content and the second data content being unstructured data, and determining whether the server has a safety problem when processing the target message.
Another aspect of the present disclosure provides a test apparatus, including: the device comprises a first obtaining module, a first determining module, a second determining module, a sending module and a third determining module. The first obtaining module obtains a target message sent by a client to a server, wherein the target message comprises a plurality of character-type data, and the character-type data represent message characteristics of the target message. And the first determining module is used for determining a test scene based on the message characteristics of the target message. And the second determining module is used for determining the test message according to the test scene and the target message. And the sending module is used for sending the test message to the server so that the server can process the test message to obtain a test result. And the third determining module is used for determining whether the server side has a safety problem when processing the target message or not based on the test result.
According to the embodiment of the present disclosure, the determining, according to the test scenario and the target packet, that the test packet includes at least one of the following items: and in response to determining that the test scene is a first-class scene, processing the target message as the test message, and in response to determining that the test scene is a second-class scene, processing the target message and using the processed target message as the test message, wherein the first-class scene represents that the target message comprises a message for acquiring a verification code, and the second-class scene represents that the target message comprises a message for requesting login and/or represents that user information in the target message has risks.
According to an embodiment of the present disclosure, the processing the target packet includes: and acquiring user attribute information of the sample user, and replacing the user attribute information in the target message with the user attribute information of the sample user to obtain the processed target message.
According to the embodiment of the present disclosure, the target message includes a plurality of transaction data. Wherein the processing the target packet comprises at least one of: changing an order of the plurality of transaction data, and deleting at least one transaction data of the plurality of transaction data.
According to the embodiment of the present disclosure, the apparatus further includes: and the processing module is used for processing the target message to obtain the message characteristics of the target message. Wherein, the processing the target packet to obtain the packet characteristics of the target packet includes: the method comprises the steps of obtaining a plurality of character type data in the target message, wherein each character type data in the plurality of character type data comprises characters or character strings, determining the occurrence frequency of each character type data in the target message, and determining a feature vector of the target message based on the occurrence frequency, wherein the feature vector represents the message features.
According to an embodiment of the present disclosure, the determining a test scenario based on the message characteristics of the target message includes: the method comprises the steps of obtaining a classification model, wherein the classification model is obtained by utilizing a plurality of characteristic values and a plurality of label values through training, the characteristic values are message characteristics of a plurality of training messages, the label values are test scenes corresponding to the training messages, and the test scenes are obtained by utilizing the classification model to process the message characteristics.
According to the embodiment of the present disclosure, the apparatus further includes: and the second acquisition module is used for acquiring an original result obtained by processing the target message by the server. Wherein, the determining whether the server side has a security problem when processing the target packet based on the test result includes: and determining whether a safety problem exists when the server side processes the target message or not based on the similarity between the original result and the test result.
According to an embodiment of the present disclosure, the determining whether a security problem exists when the server processes the target packet based on the similarity between the original result and the test result includes: the method comprises the steps of obtaining a first data type of an original result and a second data type of a test result, responding to the inconsistency between the first data type and the second data type, determining that no safety problem exists when the server processes the target message, responding to the consistency between the first data type and the second data type, obtaining a first data content of the original result and a second data content of the test result, and determining whether the safety problem exists when the server processes the target message or not based on the similarity between the first data content and the second data content.
According to an embodiment of the present disclosure, the determining whether the server side has a security problem when processing the target packet based on the similarity between the first data content and the second data content includes: determining whether a security problem exists when the server processes the target message based on a similarity between a data structure of the first data content and a data structure of the second data content and a similarity between a data pattern of the first data content and a data pattern of the second data content in response to both the first data content and the second data content being structured data, determining whether a security problem exists when the server processes the target message based on a similarity between a data structure of the first data content and a data structure of the second data content in response to both the first data content and the second data content being semi-structured data, and based on a similarity between a hash value of the first data content and a hash value of the second data content in response to both the first data content and the second data content being unstructured data, and determining whether the server has a safety problem when processing the target message.
Another aspect of the present disclosure provides a test apparatus including: one or more processors; memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method as described above.
Another aspect of the disclosure provides a non-transitory readable storage medium storing computer-executable instructions for implementing the method as described above when executed.
Another aspect of the disclosure provides a computer program comprising computer executable instructions for implementing the method as described above when executed.
According to the embodiment of the disclosure, by using the testing method, the problems of complex testing steps, low testing efficiency and high testing labor cost in the related art can be at least partially solved. Therefore, the technical effects of reducing the complexity of the testing steps, improving the testing efficiency and reducing the labor cost of the testing can be achieved.
Drawings
For a more complete understanding of the present disclosure and the advantages thereof, reference is now made to the following descriptions taken in conjunction with the accompanying drawings, in which:
fig. 1 schematically illustrates an application scenario of a testing method and a testing apparatus according to an embodiment of the present disclosure;
FIG. 2 schematically illustrates a flow diagram of a testing method according to an embodiment of the present disclosure;
FIG. 3 schematically illustrates a flow diagram of a testing method according to another embodiment of the present disclosure;
FIG. 4 schematically shows a network diagram of a test method according to an embodiment of the present disclosure;
FIG. 5 schematically illustrates a logic decision flow diagram of a testing method in accordance with an embodiment of the present disclosure;
FIG. 6 schematically shows a block diagram of a testing device according to an embodiment of the present disclosure;
FIG. 7 schematically illustrates a block diagram of a testing device according to another embodiment of the present disclosure; and
FIG. 8 schematically illustrates a block diagram of a computer system for implementing testing in accordance with an embodiment of the disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). Where a convention analogous to "A, B or at least one of C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B or C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
Some block diagrams and/or flow diagrams are shown in the figures. It will be understood that some blocks of the block diagrams and/or flowchart illustrations, or combinations thereof, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable control apparatus to produce a machine, such that the instructions, which execute via the processor, create means for implementing the functions/acts specified in the block diagrams and/or flowchart block or blocks.
Accordingly, the techniques of this disclosure may be implemented in hardware and/or software (including firmware, microcode, etc.). In addition, the techniques of this disclosure may take the form of a computer program product on a computer-readable storage medium having instructions stored thereon for use by or in connection with an instruction execution system. In the context of this disclosure, a computer-readable storage medium may be any medium that can contain, store, communicate, propagate, or transport the instructions. For example, a computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium. Specific examples of the computer-readable storage medium include: magnetic storage devices, such as magnetic tape or Hard Disk Drives (HDDs); optical storage devices, such as compact disks (CD-ROMs); a memory, such as a Random Access Memory (RAM) or a flash memory; and/or wired/wireless communication links.
Embodiments of the present disclosure provide a test method, which may include: the method comprises the steps of obtaining a target message sent by a client to a server, wherein the target message comprises a plurality of character type data, and the plurality of character type data represent message characteristics of the target message. Then, a test scene is determined based on the message characteristics of the target message, and the test message is determined according to the test scene and the target message. And sending the test message to the server so that the server can process the test message to obtain a test result. And then, determining whether a safety problem exists when the server processes the target message or not based on the test result.
Fig. 1 schematically shows an application scenario of a testing method and a testing apparatus according to an embodiment of the present disclosure. It should be noted that fig. 1 is only an example of an application scenario in which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, but does not mean that the embodiments of the present disclosure may not be applied to other devices, systems, environments or scenarios.
As shown in fig. 1, the application scenario 100 according to this embodiment may include, for example, a client 110, a server 120, and a testing apparatus 130.
According to the embodiment of the present disclosure, the client 110 may be, for example, a mobile phone, a computer, or the like. The client 110 may request the server 120 to provide the relevant service data by sending the target message to the server 120.
According to the embodiment of the disclosure, the server 120 may be, for example, a server cluster, or the like. The server 120 may, for example, provide relevant service data to the client 110. For example, after receiving a target message from client 110, server 120 may process the target message to facilitate sending relevant service data to client 110.
In the embodiment of the present disclosure, the testing device 130 may be, for example, a mobile phone, a computer, a server, or the like. The testing device 130 may be used to test whether the server 120 has a security problem when processing the target packet from the client 110, and the security problem may include a logic bug, for example. For example, the test device 130 may obtain a target message and obtain a test message based on the target message. The test message is then sent to the server 120 for processing to determine whether the server has a security problem.
In the following, a test method according to an exemplary embodiment of the present disclosure is described with reference to fig. 2 to 3 in conjunction with the application scenario of fig. 1. It should be noted that the above application scenarios are merely illustrated for the convenience of understanding the spirit and principles of the present disclosure, and the embodiments of the present disclosure are not limited in this respect. Rather, embodiments of the present disclosure may be applied to any scenario where applicable.
Fig. 2 schematically shows a flow chart of a testing method according to an embodiment of the present disclosure.
As shown in fig. 2, the test method of the embodiment of the present disclosure may include, for example, the following operations S210 to S250. The test method may be performed by the test apparatus 130 shown in fig. 1, for example.
In operation S210, a target packet sent by the client to the server is obtained, where the target packet includes a plurality of character-type data, and the plurality of character-type data represent packet characteristics of the target packet.
According to the embodiment of the disclosure, for example, a plurality of messages sent from a client to a server may be acquired, then the plurality of messages are filtered to remove messages which do not need to be subjected to vulnerability testing, and the filtered messages which need to be subjected to vulnerability testing are used as target messages. The messages that do not need to be tested for vulnerabilities may include, but are not limited to, messages related to static resource requests, response status exception requests, and the like.
According to an embodiment of the present disclosure, each of the plurality of character-type data may be, for example, a character or a character string. The embodiment of the present disclosure may, for example, characterize the message characteristics of the target message according to the distribution condition of the plurality of character-type data in the target message. The distribution of the plurality of character-type data in the target message may include, for example, the number of times each character-type data appears in the target message. The following will be described in detail based on examples.
In operation S220, a test scenario is determined based on the packet characteristics of the target packet. According to the embodiment of the present disclosure, different message characteristics correspond to different test scenarios, for example, and therefore, a corresponding test scenario can be determined according to the message characteristics.
In operation S230, a test packet is determined according to the test scenario and the target packet.
In operation S240, the test packet is sent to the server, so that the server processes the test packet to obtain a test result. Then, a test result from the server may be received by the testing device to determine a server logic vulnerability based on the test result.
Next, in operation S250, it is determined whether there is a security problem when the server processes the target packet based on the test result.
According to an embodiment of the present disclosure, the test scenarios may include, for example, a first type scenario and a second type scenario. The first type of scenario may, for example, characterize the target packet including a packet for acquiring the verification code. The second type of scenario may, for example, characterize that the target message includes a message requesting login and/or characterize that user information in the target message is at risk.
For example, the first type of scenario may include a text message resending test scenario, and the second type of scenario may include a login procedure test scenario and an override test scenario, for example.
For the first kind of scenarios, when the target message is a message for acquiring the verification code, the target message may be, for example, a short message for acquiring the verification code sent by the client to the server. In order to determine whether a logic bug exists in the process of sending the verification code to the client by the server, the test can be carried out by resending the short message to the server. Therefore, when the test scenario is determined to be a first-class scenario (for example, a short message resending test scenario), the target message may be resent to the server as a test message, so as to test whether the server returns a verification code to the client in response to the test message. If the test result shows that the server returns the verification code to the client, and the logic bug of repeatedly sending the verification code exists in the server, the logic bug can be shown to exist in the process of processing the target message by the server.
In the embodiment of the present disclosure, if it is determined that the test scenario is the second type scenario, the target packet may be processed and the processed target packet may be used as the test packet.
For example, when the second type scenario is a login procedure test scenario, for example, the target message may be characterized as a message requesting login. At this time, the target message includes, for example, a plurality of transaction data. If the sequence of the transaction data in the target message is changed or the server can normally feed back after deleting part of the transaction data in the transaction data, it can be shown that a logical vulnerability exists when the server processes the target message, which can cause a lawless person to steal the related data of the server when transmitting the transaction data with disordered sequence or incomplete sequence to the server. Therefore, in order to test whether a logical vulnerability exists when the server processes transaction data with a disordered sequence or incomplete sequence, the server needs to be tested by processing the target message and using the processed target message as a test message. The processing of the target message may include, for example, changing an order of the transaction data or deleting at least one transaction data of the transaction data. If the test result shows that the server can obtain a normal result when the server processes transaction data with disordered sequence or incomplete sequence, the server is indicated to have logic loopholes when processing the target message.
For example, for a request login of a client, the transaction data in the target message corresponding to the request login may include, for example, user account data, user password data, and user identity information data. When the server side processes the target message, for example, the server side verifies the target message according to a certain sequence, for example, user account data is verified, user password data is verified after the user account data passes the verification, user identity information data is verified after the user password data passes the verification, and when the user identity information data passes the verification, a login request of the client side is responded normally. In order to test whether a vulnerability exists when the server processes the target message, the order of the transaction data can be replaced to obtain transaction data with a disordered order, wherein the transaction data with the disordered order is, for example: user password data, user identity information data and user account data; or deleting part of the transaction data in the transaction data, where the incomplete transaction data obtained after deletion is, for example: user password data and user identity information data. And then, sending out transaction data with disordered sequence or incomplete transaction data to a server side for testing. If the test result shows that the server can obtain a normal result when processing transaction data with disordered sequence or incomplete transaction data, the server is indicated to have logic loopholes when processing the target message.
In another embodiment, the sequence of the plurality of transaction data may be replaced and the corresponding parameters in the transaction data may be modified to obtain modified transaction data, and the modified transaction data may be used for testing. For example, the plurality of transaction data in the target message may include a request to send the authentication code data, fill the authentication code data, enter the password data. When the server processes the target message, for example, the target message is processed according to a certain sequence, for example, a verification code is sent to the client based on a request, the verification code is verified after the verification code filled by the client is received, a password input by the client is verified after the verification code passes verification, and the transaction of the client is normally responded when the password passes verification. In order to test whether a vulnerability exists when the server processes the target message, the sequence of the transaction data can be replaced and corresponding parameters in the transaction data can be modified to obtain modified transaction data, wherein the modified transaction data is, for example: requesting to send verification code data (requesting to send the verification code to the mobile phone number of lawless persons), filling in the verification code data, requesting to send the verification code data (requesting to send the verification code to the mobile phone number of lawless persons), and inputting password data, wherein the modification of the corresponding parameters can be, for example, modifying the mobile phone number of the lawless persons into the mobile phone number of the lawless persons. When the server side sends the verification code to the mobile phone number of the lawbreaker and receives the verification code input by the lawbreaker, the server side fails in verification, then the lawbreaker provides the mobile phone number of the legal user for the second time, and the lawbreaker utilizes the loophole which is not verified by the server side for the second time to further input the stolen password, so that the server side responds to the transaction. Therefore, in order to test such vulnerabilities, the embodiment of the present disclosure obtains a test result by, for example, sending the modified transaction data to the server for testing. If the test result shows that the server can obtain a normal result when processing the modified transaction data, the server is indicated to have a logic bug when processing the target message.
For example, when the second type of scenario is an unauthorized test scenario, for example, the user information in the target message may be characterized as risky. The risk of the user information in the target message may indicate that the user information in the target message is replaced and then sent to the server, and the feedback of the server is consistent with that before replacement. Different user information can be fed back identically, which shows that lawbreakers can realize the unauthorized trade by replacing the user information.
Therefore, when the second type of scene is the unauthorized test scene, the processed target message can be obtained by acquiring the user attribute information of the sample user and replacing the user attribute information in the target message with the user attribute information of the sample user. Then, the processed target packet may be sent to the server as a test packet, and a logic vulnerability of the server is determined by determining whether feedback of the server for the test packet is consistent with feedback for the target packet. If the test result shows that the feedback of the server to the test message is consistent with the feedback to the target message, the server can be shown to have a logic bug in the process of processing the target message.
According to the embodiment of the disclosure, target messages belonging to the same test scenario may come from different service scenarios. For example, the target message belonging to the unauthorized test scenario may come from a transfer service scenario, a balance inquiry service scenario, a deduction service scenario, or the like. According to the embodiment of the disclosure, the test scene of the target message is determined, and the safety test is performed according to the test scene to which the target message belongs, so that the test can be performed only by paying attention to the test scene to which the target message belongs without determining the specific service scene to which the target message belongs. Therefore, the testing method of the embodiment of the disclosure does not need to define a specific service scene in advance, and does not need to manually construct a corresponding rule between the service scene and the test case in advance, thereby improving the testing efficiency and reducing the manual testing cost. In addition, the embodiment of the disclosure can acquire the test message in different ways according to different test scenes, thereby improving the pertinence of the safety test.
FIG. 3 schematically shows a flow diagram of a testing method according to another embodiment of the present disclosure.
As shown in fig. 3, the test method of the embodiment of the present disclosure may include, for example, operations S210 to S250 and the following operations S310 to S320. Operations S210 to S250 are, for example, the same as or similar to the operations described in fig. 2, and are not described again here.
In operation S310, the target packet is processed to obtain the packet characteristics of the target packet.
For example, a plurality of character-type data in the target message may be acquired, each of the plurality of character-type data including, for example, a character or a character string. Then, the number of times each character-type data appears in the target packet may be determined, and a feature vector of the target packet, for example, a packet feature characterizing the target packet, may be determined based on the number of times.
And generating character features according to the number of times of each character appearing in the target message aiming at the characters in the target message. The characters include, for example, a single letter, a single number, or a single symbol, etc. For example, a character dictionary, which includes, for example, a plurality of characters, is first constructed from the characters contained in a large number of history messages. Then, the number of times that each character in the character dictionary appears in the target message is determined, and the number of times can be 0, 1 or more. The number of times each character in the character dictionary appears in the target message constitutes, for example, the character characteristics of the target message. For example, the characters in the character dictionary include "a", "1", … …, and the number of times that the characters "a", "1", … … appear in the target message is, for example, 5 times, 0 times, 9 times, … …, respectively, then the character feature of the target message can be represented as, for example, a character feature vector F1=[5,0,9,……]。
According to an embodiment of the present disclosure, the character strings in the target message may include, for example, an alphabetic character string and a numeric character string.
For a text string, for example, the text string may include verbs and nouns. For example, a text string dictionary is first constructed from text strings contained in a large number of history messages, and the text string dictionary includes, for example, a plurality of text strings. Then, the times of each character string in the character string dictionary appearing in the target message are determined. The number of times each text string in the text string dictionary appears in the target message constitutes, for example, a text string feature of the target message. For example,the text string dictionary includes a plurality of verb strings: "query", "buy", "sell", … …. The character string dictionary comprises a plurality of noun character strings: "mobile", "id", "num", … …. Wherein, the times of the text strings "query", "buy", "sell", "mobile", "id", "num", and … … appearing in the target message are, for example, 2 times, 5 times, 0 times, 12 times, 7 times, 9 times, and … …, respectively, then the text string feature of the target message can be represented as, for example, a text string feature vector F2=[2,5,0,12,7,9,……]。
For numeric strings, for example, the numeric string may include multi-category strings, including, for example, categories such as identification numbers, telephone numbers, and the like. For example, a numeric string dictionary is first constructed from numeric strings contained in a large number of history messages. The numeric string dictionary includes, for example, multi-category numeric strings. Then, the number of times each type of character string in the digital character string dictionary appears in the target message is determined. The number of times each type of string in the numeric string dictionary appears in the target message constitutes, for example, a numeric string feature of the target message. For example, the numeric string dictionary includes the types of strings as identification numbers, telephone numbers, … …. Wherein, the number of times of the digital character string of the identification number, the telephone number, … …, etc. appearing in the target message is 1, 2, … …, respectively, and the digital character string feature of the target message can be represented as a digital character string feature vector F3=[1,2,……]。
According to the disclosed embodiment, the feature vector F can be used for example1、F2、F3And obtaining the message characteristics of the target message. For example, the packet characteristics of the target packet may be represented as a characteristic vector F ═ F1,F2,F3}. Further, the feature vector F may be normalized to obtain a processed feature vector F, and the processed feature vector F is used to represent the message features of the target message. The normalizing process on the feature vector F may include, for example, dividing each element in the feature vector F by the packet length of the target packet. Wherein the content of the first and second substances,the message length of the target message is represented by the number of key values in the target message, for example, that is, the message length of the target message may be equal to the number of key values in the target message.
According to the embodiment of the disclosure, after the message characteristics of the target message are obtained, the test scenario can be determined based on the message characteristics of the target message. Specifically, for example, a classification model may be obtained, and then the classification model is used to process the message features to obtain a test scenario.
According to the embodiment of the present disclosure, the classification model may be obtained by training using a plurality of feature values and a plurality of label values, for example, the feature values are respectively packet features of a plurality of training packets, and the label values are respectively test scenarios corresponding to the training packets. The classification model may include, but is not limited to, a Gradient Boosting Decision Tree (GBDT) algorithm model and a Random Forest (Random Forest) model.
Next, in operation S320, an original result obtained by the server processing the target packet is obtained.
Wherein, the operation S250 may include, for example: and determining whether a safety problem exists when the server processes the target message or not based on the similarity between the original result and the test result.
For example, the original result and the test result may be, for example, message data, where the message data includes, for example, a message header, the message header represents, for example, a data type of a message, and the data type of the message may include, but is not limited to, an HTM L (HyperText Markup L format) type and a json (javascript Object notification) type.
According to the embodiment of the disclosure, if the first data type and the second data type are not consistent, and the results obtained when the server processes the target message and the test message respectively are different, it can be determined that no security problem exists when the server processes the target message.
According to the embodiment of the disclosure, if the first data type and the second data type are consistent, it may be indicated that the server may have a security problem when processing the target packet, and the data content of the original result and the data content of the test result may be further compared, so as to determine whether the server has a logic vulnerability based on the similarity degree of the data content of the original result and the data content of the test result.
For example, a first data content of an original result and a second data content of a test result are obtained, and then whether a security problem exists when the server processes the target message is determined based on the similarity between the first data content and the second data content.
According to the embodiments of the present disclosure, the similarity between the first data content and the second data content may be determined according to the category of the first data content and the category of the second data content. The category of the first data content or the second data content may include, but is not limited to, a structured data category, a semi-structured data category, and an unstructured data category. The similarity determination of the data contents of different categories will be described below.
For example, when the first data content and the second data content are both structured data, whether a security problem exists when the server processes the target packet may be determined based on a similarity between the data structure of the first data content and the data structure of the second data content and based on a similarity between the data pattern of the first data content and the data pattern of the second data content. The data structures may be represented by DOM (document Object model) trees, the data styles may be represented by CSS-DOM trees, the similarity between the data structures may be represented by tree edit distance between the DOM trees, and the similarity between the data styles may be represented by tree edit distance between the CSS-DOM trees. The data pattern may include, for example, the font, color, etc. of the message. If the tree edit distance between the DOM tree of the first data content and the DOM tree of the second data content is smaller than the preset distance and the tree edit distance between the CSS-DOM tree of the first data content and the CSS-DOM tree of the second data content is smaller than the preset distance, it can be shown that the similarity between the first data content and the second data content is greater than the preset similarity, and it can be determined that a security problem exists when the server processes the target packet.
For example, when the first data content and the second data content are both semi-structured data, whether a security problem exists when the server processes the target packet may be determined based on a similarity between a data structure of the first data content and a data structure of the second data content. The data structures may be represented in DOM trees, for example, and the similarity between the data structures may be represented in tree edit distances between the DOM trees, for example. If the tree edit distance between the DOM tree of the first data content and the DOM tree of the second data content is smaller than the preset distance, it can be shown that the similarity between the first data content and the second data content is larger than the preset similarity, and it can be determined that a security problem exists when the server processes the target packet.
For example, when the first data content and the second data content are both unstructured data, whether a security problem exists when the server processes the target packet may be determined based on a similarity between the hash value of the first data content and the hash value of the second data content. The hash value may be, for example, a SimHash value. If the similarity between the hash value of the first data content and the hash value of the second data content is greater than the preset similarity, it can be shown that the similarity between the first data content and the second data content is greater than the preset similarity, and it can be determined that a security problem exists when the server processes the target packet.
Fig. 4 schematically shows a network schematic of a test method according to an embodiment of the present disclosure.
As shown in fig. 4, a network according to an embodiment of the present disclosure may include, for example, a client test device 410, a forward proxy subsystem 420, a detection subsystem 430, and a tested application server 440. The forward proxy subsystem 420 and the detection subsystem 430 together form the testing apparatus 130 shown in fig. 1, the client testing device 410 may be the client 110 shown in fig. 1, and the application server 440 may be the server 120 shown in fig. 1. The functions of the various systems or modules shown in fig. 4 will be described separately below.
The client test device 410 includes, for example, the equipment and software used by a business tester to access the application server under test 440. Before the test starts, for example, a proxy forwarding address may be configured to forward a packet interacted between the client test device 410 and the application server under test 440 to the forward proxy subsystem 420, so that the detection subsystem 430 performs analysis processing based on the acquired packet, thereby detecting a service logic vulnerability of the application server under test 440.
The forward proxy subsystem 420 may, for example, proxy and forward the interaction messages between the client test device 410 and the application server 440 under test, analyze the messages, preliminarily filter the messages that do not need to be tested, and transmit the screened target messages that need to be tested to the detection subsystem 430.
The detection subsystem 430 may classify the target packet, for example, to determine which type of test scenario the target packet belongs to, and the test scenario may include, for example, a short message resending test scenario, a login process test scenario, an unauthorized test scenario, and the like. Then, a test packet may be obtained based on the test scenario and the target packet, and sent to the application server 440 under test. After receiving the test result from the application server under test 440 in response to the test message, it may be determined whether the application server under test 440 has a logic bug based on the original result and the test result obtained by the application server under test 440 in response to the target message. If the bug exists, the information corresponding to the bug can be stored, and the logic bug is displayed.
The application under test server 440 may process the target packet to obtain an original result and process the test packet to obtain a test result, and may feed back the original result and the test result to the detection subsystem 430 for analysis.
The specific structure and function of forward proxy subsystem 420 will be described below.
The forward proxy subsystem 420 may include, for example, a messaging module 421 and a message analysis module 422, in accordance with embodiments of the present disclosure. The message transceiver module 421 can be used to receive and forward a message between the client test device 410 and the application server 440, and send the received message to the message analysis module 422. The message analysis module 422 performs preliminary filtering on the received message, ignores messages that do not need to be subjected to vulnerability testing, such as static resource requests, response state exception requests, and the like, and then transmits the filtered target message to the detection subsystem 430.
The specific structure and function of detection subsystem 430 will be described below.
According to an embodiment of the present disclosure, the detection subsystem 430 may include, for example, an attack detection module 431, a smart analysis module 432, and a presentation module 433.
According to the embodiment of the present disclosure, the attack detection module 431 may, for example, send the target packet to the intelligent analysis module 432, so that the intelligent analysis module 432 determines which type of test scenario the target packet belongs to, and the attack detection module 431 constructs the test packet based on the identified test scenario in a targeted manner. After the test packet is constructed, the test packet may be sent to the application server 440 to be tested, and a test result obtained by the application server 440 to be tested responding to the test packet is obtained. Then, the original result and the test result obtained by the application server 440 to be tested responding to the target packet are sent to the intelligent analysis module 432, so that the intelligent analysis module 432 analyzes whether the application server 440 to be tested has a logic bug. If the attack detection module 431 determines that the application server 440 to be tested has a logical vulnerability, the vulnerability related information may be stored for the subsequent display module 433 to display.
According to the embodiment of the present disclosure, the attack detection module 431 may include, for example, a test packet construction unit 4311, a packet transmission unit 4312, and a result determination unit 4313.
The test packet constructing unit 4311 may, for example, specifically construct a test packet based on the test scenario to which the target packet belongs and the target packet, and then send the test packet to the application server 440 to be tested via the packet sending unit 4312. The result determining unit 4313 is, for example, responsible for monitoring a test result obtained by the application server under test 440 responding to the test packet and an original result obtained by responding to the target packet, and invoking the intelligent analysis module 432 to determine whether the application server under test 440 has a logic bug based on the test result and the original result. When the result determining unit 4313 confirms that the logic bug exists, the related bug data may be stored.
According to an embodiment of the present disclosure, the intelligent analysis module 432 may include, for example, a scene recognition unit 4321 and a risk recognition unit 4322.
The scene recognition unit 4321 may be responsible for receiving a target packet sent in by the test packet construction unit 4311, and processing the sent target packet to obtain a packet characteristic of the target packet. For example, the number of times each character or character string appears in the target message may be determined, and a feature vector of the target message, for example, representing a message feature, may be determined based on the number of times. Then, the classification model is used for identifying the message characteristics to obtain a test scene, and the classification model can include, but is not limited to, a gradient descent tree algorithm model and a random forest model. Then, the identified test scenario is sent back to the test message constructing unit 4311, so that the test message constructing unit 4311 constructs a test message based on the test scenario.
The risk identifying unit 4322 may be configured to receive the original result and the test result from the result determining unit 4313, and determine whether the application server 440 under test has a risk according to a similarity between the original result and the test result.
According to the embodiment of the present disclosure, the presentation module 433 may be used to, for example, be responsible for retrieving a system database and providing a front-end page for a user to query a test result. And simultaneously, the functions of user management, task management, test report downloading and the like can be supported.
FIG. 5 schematically illustrates a logic decision flow diagram of a testing method according to an embodiment of the present disclosure.
As shown in fig. 5, the method may be performed by, for example, the various systems or modules shown in fig. 4. The method may include, for example, the following operations S510 to S570. The respective operations will be described below.
In operation S510, a message is acquired. For example, the messaging module 421 in the forward proxy subsystem 420 may obtain the message from the client test device 410.
In operation S520, the acquired packet is filtered to obtain a target packet. For example, the message analysis module 422 in the forward proxy subsystem 420 may filter the messages from the client test device 410, and remove the messages that do not need to be tested, so as to obtain the messages that need to be tested as the target messages.
In operation S530, a test scenario of the target packet is identified. For example, the test packet constructing unit 4311 in the attack detection module 431 may invoke the scene recognition unit 4321 in the intelligent analysis module 432 to confirm the test scene corresponding to the target packet.
In operation S540, a test message is constructed. For example, the test packet constructing unit 4311 in the attack detection module 431 constructs the test packet for the test scenario identified in operation S530.
In operation S550, a business logic vulnerability is detected. For example, the test message sending unit 4311 in the attack detection module 431 sends the test message constructed in operation S540 to the application server 440 to be tested, and obtains a test result obtained by the application server 440 to respond to the test message.
In operation S560, it is determined whether there is a business logic vulnerability based on the test result. For example, the result determining unit 4313 in the attack detection module 431 may send the test result obtained in operation S550 to the risk identifying unit 4322 in the intelligent analysis module 432 for identification, so as to obtain an identification result. Then, it is determined whether there is a risk in the application server 440 according to the identification result. If no risk exists, operation S540 may be performed, and the next test packet is continuously constructed for testing; if it is determined that there is a risk, it may proceed to operation S570.
In operation S570, the risk information is stored. For example, if it is determined that the tested application server 440 has a logical vulnerability, information related to the vulnerability may be stored, such as storing an original result, a test result, a vulnerability description, and the like, which is convenient for the display module 433 to display.
FIG. 6 schematically shows a block diagram of a test apparatus according to an embodiment of the disclosure.
As shown in fig. 6, the testing apparatus 600 may include, for example, a first obtaining module 610, a first determining module 620, a second determining module 630, a sending module 640, and a third determining module 650.
The first obtaining module 610 may be configured to obtain a target packet sent by a client to a server, where the target packet includes multiple character-type data, and the multiple character-type data represent packet characteristics of the target packet. According to an embodiment of the present disclosure, the first obtaining module 610 may, for example, perform operation S210 described above with reference to fig. 2, which is not described herein again.
The first determining module 620 may be configured to determine a test scenario based on a message characteristic of the target message. According to the embodiment of the present disclosure, the first determining module 620 may perform, for example, operation S220 described above with reference to fig. 2, which is not described herein again.
The second determining module 630 may be configured to determine the test packet according to the test scenario and the target packet. According to an embodiment of the present disclosure, the second determining module 630 may, for example, perform operation S230 described above with reference to fig. 2, which is not described herein again.
The sending module 640 may be configured to send the test packet to the server, so that the server processes the test packet to obtain a test result. According to the embodiment of the present disclosure, the sending module 640 may perform, for example, the operation S240 described above with reference to fig. 2, which is not described herein again.
The third determining module 650 may be configured to determine whether there is a security problem when the server processes the target packet based on the test result. According to an embodiment of the present disclosure, the third determining module 650 may perform, for example, operation S250 described above with reference to fig. 2, which is not described herein again.
According to the embodiment of the disclosure, according to the test scenario and the target message, it is determined that the test message includes at least one of the following items: and in response to the fact that the test scene is determined to be a first-class scene, processing the target message and taking the processed target message as the test message, wherein the first-class scene representation target message comprises a message for acquiring a verification code, and the second-class scene representation target message comprises a message for requesting login and/or represents that user information in the target message has risks.
According to the embodiment of the present disclosure, processing a target packet includes: and acquiring user attribute information of the sample user, and replacing the user attribute information in the target message with the user attribute information of the sample user to obtain a processed target message.
According to an embodiment of the present disclosure, the target message includes a plurality of transaction data. Wherein, the processing target message comprises at least one of the following items: the method further includes changing an order of the plurality of transaction data, and deleting at least one of the plurality of transaction data.
FIG. 7 schematically shows a block diagram of a testing device according to another embodiment of the present disclosure.
As shown in fig. 7, the testing apparatus 600 may include, for example, a first obtaining module 610, a first determining module 620, a second determining module 630, a sending module 640, a third determining module 650, a processing module 710, and a second obtaining module 720. The first obtaining module 610, the first determining module 620, the second determining module 630, the sending module 640, and the third determining module 650 are, for example, the same as or similar to the modules described in fig. 6, and are not repeated herein.
The processing module 710 may be configured to process the target packet to obtain a packet characteristic of the target packet. According to the embodiment of the present disclosure, the processing module 710 may, for example, perform operation S310 described above with reference to fig. 3, which is not described herein again.
According to the embodiment of the present disclosure, processing a target packet, and obtaining packet characteristics of the target packet includes: the method comprises the steps of obtaining a plurality of character type data in a target message, wherein each character type data in the plurality of character type data comprises a character or a character string, determining the occurrence frequency of each character type data in the target message, and determining a feature vector of the target message based on the occurrence frequency, wherein the feature vector represents the message feature.
According to the embodiment of the present disclosure, determining a test scenario based on the message characteristics of a target message includes: and obtaining a classification model, wherein the classification model is obtained by training by using a plurality of characteristic values and a plurality of label values, the plurality of characteristic values are the message characteristics of a plurality of training messages, the plurality of label values are test scenes corresponding to the plurality of training messages, and the classification model is used for processing the message characteristics to obtain the test scenes.
The second obtaining module 720 may be configured to obtain an original result obtained by the server processing the target packet. According to the embodiment of the present disclosure, the second obtaining module 720 may, for example, perform the operation S320 described above with reference to fig. 3, which is not described herein again.
According to the embodiment of the disclosure, determining whether a security problem exists when the server processes the target message based on the test result comprises: and determining whether a safety problem exists when the server processes the target message or not based on the similarity between the original result and the test result.
According to the embodiment of the disclosure, determining whether a security problem exists when the server processes the target packet based on the similarity between the original result and the test result includes: the method comprises the steps of obtaining a first data type of an original result and a second data type of a test result, responding to the fact that the first data type is inconsistent with the second data type, determining that no safety problem exists when a server processes a target message, responding to the fact that the first data type is consistent with the second data type, obtaining a first data content of the original result and a second data content of the test result, and determining whether the server processes the target message or not according to the similarity between the first data content and the second data content.
According to the embodiment of the disclosure, determining whether a security problem exists when a server processes a target message based on the similarity between the first data content and the second data content includes: the method comprises the steps that whether a safety problem exists when a server processes a target message is determined on the basis of the similarity between the data structure of the first data content and the data structure of the second data content and the similarity between the data pattern of the first data content and the data pattern of the second data content in response to the first data content and the second data content being both structured data, whether the safety problem exists when the server processes the target message is determined on the basis of the similarity between the data structure of the first data content and the data structure of the second data content in response to the first data content and the second data content being both semi-structured data, and whether the safety problem exists when the server processes the target message is determined on the basis of the similarity between the hash value of the first data content and the hash value of the second data content in response to the first data content and the second data content being both unstructured data.
Any one or more of the modules, sub-modules, units, sub-units, or sub-units according to embodiments of the present disclosure may be implemented at least in part as hardware circuitry, e.g., a Field Programmable Gate Array (FPGA), a programmable logic array (P L a), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or any other reasonable manner of integrating or packaging circuitry, or in any one of or a suitable combination of software, hardware, and firmware.
For example, any of the first obtaining module 610, the first determining module 620, the second determining module 630, the sending module 640, the third determining module 650, the processing module 710, and the second obtaining module 720 may be combined into one module, or any one of them may be split into multiple modules, or at least part of the functions of one or more of these modules may be combined with at least part of the functions of the other modules and implemented in one module according to embodiments of the present disclosure, at least one of the first obtaining module 610, the first determining module 620, the second determining module 630, the sending module 640, the third determining module 650, the processing module 710, and the second obtaining module 720 may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a programmable logic array (P L A), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or any other reasonable manner by integrating or any other suitable combination of the first obtaining module 610, the first determining module 620, the second determining module 650, the third determining module 710, or the third determining module 720 may be implemented as a computer program when the first obtaining module 610, the third determining module is executed, the first determining module, the second determining module, the third determining module, or the third determining module, may be implemented by any suitable combination of the computer, or the third determining module, implemented by any suitable combination of the computer, implemented by the computer.
FIG. 8 schematically illustrates a block diagram of a computer system for implementing testing in accordance with an embodiment of the disclosure. The computer system illustrated in FIG. 8 is only one example and should not impose any limitations on the scope of use or functionality of embodiments of the disclosure.
As shown in fig. 8, computer system 800 includes a processor 801, a computer-readable storage medium 802. The system 800 may perform a method according to an embodiment of the present disclosure.
In particular, the processor 801 may include, for example, a general purpose microprocessor, an instruction set processor and/or related chip set and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), and/or the like. The processor 801 may also include onboard memory for caching purposes. The processor 801 may be a single processing unit or a plurality of processing units for performing the different actions of the method flows according to embodiments of the present disclosure.
Computer-readable storage medium 802 may be, for example, any medium that can contain, store, communicate, propagate, or transport the instructions. For example, a readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium. Specific examples of the readable storage medium include: magnetic storage devices, such as magnetic tape or Hard Disk Drives (HDDs); optical storage devices, such as compact disks (CD-ROMs); a memory, such as a Random Access Memory (RAM) or a flash memory; and/or wired/wireless communication links.
The computer-readable storage medium 802 may include a computer program 803, which computer program 803 may include code/computer-executable instructions that, when executed by the processor 801, cause the processor 801 to perform a method according to an embodiment of the present disclosure, or any variant thereof.
The computer program 803 may be configured with, for example, computer program code comprising computer program modules. For example, in an example embodiment, code in computer program 803 may include one or more program modules, including for example 803A, module 803B, … …. It should be noted that the division and number of the modules are not fixed, and those skilled in the art may use suitable program modules or program module combinations according to actual situations, so that the processor 801 may execute the method according to the embodiment of the present disclosure or any variation thereof when the program modules are executed by the processor 801.
According to an embodiment of the present disclosure, at least one of the first obtaining module 610, the first determining module 620, the second determining module 630, the sending module 640, the third determining module 650, the processing module 710, and the second obtaining module 720 may be implemented as a computer program module described with reference to fig. 8, which, when executed by the processor 801, may implement the respective operations described above.
The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method.
According to embodiments of the present disclosure, a computer-readable storage medium may be a computer-readable signal medium or a computer-readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In contrast, in the present disclosure, a computer-readable signal medium may include a propagated data signal with computer-readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable storage medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable storage medium may be transmitted using any appropriate medium, including but not limited to: wireless, wired, optical fiber cable, radio frequency signals, etc., or any suitable combination of the foregoing.
While the disclosure has been shown and described with reference to certain exemplary embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the disclosure as defined by the appended claims and their equivalents. Accordingly, the scope of the present disclosure should not be limited to the above-described embodiments, but should be defined not only by the appended claims, but also by equivalents thereof.

Claims (12)

1. A method of testing, comprising:
acquiring a target message sent by a client to a server, wherein the target message comprises a plurality of character-type data, and the character-type data represent message characteristics of the target message;
determining a test scene based on the message characteristics of the target message;
determining a test message according to the test scene and the target message;
sending the test message to the server so that the server can process the test message to obtain a test result; and
and determining whether the server has a safety problem when processing the target message based on the test result.
2. The method of claim 1, wherein the determining a test packet according to the test scenario and the target packet comprises at least one of:
in response to determining that the test scenario is a first-class scenario, taking the target message as the test message; and
in response to determining that the test scenario is a second-class scenario, processing the target packet and taking the processed target packet as the test packet,
the first type of scene represents that the target message comprises a message for acquiring a verification code, and the second type of scene represents that the target message comprises a message for requesting login and/or represents that user information in the target message has risks.
3. The method of claim 2, wherein the processing the target packet comprises:
acquiring user attribute information of a sample user; and
and replacing the user attribute information in the target message with the user attribute information of the sample user to obtain the processed target message.
4. The method of claim 2, wherein the target message includes a plurality of transaction data;
wherein the processing the target packet comprises at least one of:
changing an order of the plurality of transaction data; and
deleting at least one transaction data of the plurality of transaction data.
5. The method of claim 1, further comprising: processing the target message to obtain the message characteristics of the target message;
wherein, the processing the target packet to obtain the packet characteristics of the target packet includes:
acquiring a plurality of character-type data in the target message, wherein each character-type data in the plurality of character-type data comprises a character or a character string;
determining the occurrence frequency of each character type data in the target message; and
and determining a feature vector of the target message based on the times, wherein the feature vector represents the message features.
6. The method of claim 1, wherein the determining a test scenario based on the packet characteristics of the target packet comprises:
obtaining a classification model, wherein the classification model is obtained by training by using a plurality of characteristic values and a plurality of label values, the plurality of characteristic values are message characteristics of a plurality of training messages, and the plurality of label values are test scenes corresponding to the plurality of training messages; and
and processing the message characteristics by using the classification model to obtain the test scene.
7. The method of claim 1, further comprising:
acquiring an original result obtained by the server processing the target message;
wherein, the determining whether the server side has a security problem when processing the target packet based on the test result includes:
and determining whether a safety problem exists when the server side processes the target message or not based on the similarity between the original result and the test result.
8. The method of claim 7, wherein the determining whether the server side has a security problem while processing the target packet based on the similarity between the original result and the test result comprises:
acquiring a first data type of the original result and a second data type of the test result;
in response to the inconsistency between the first data type and the second data type, determining that no security problem exists when the server side processes the target message; and
responding to the consistency of the first data type and the second data type, and acquiring first data content of the original result and second data content of the test result; and
and determining whether the server has a safety problem when processing the target message based on the similarity between the first data content and the second data content.
9. The method of claim 8, wherein the determining whether the server side has a security problem when processing the target packet based on the similarity between the first data content and the second data content comprises:
in response to that the first data content and the second data content are both structured data, determining whether a security problem exists when the server side processes the target message based on the similarity between the data structure of the first data content and the data structure of the second data content and the similarity between the data pattern of the first data content and the data pattern of the second data content;
in response to that the first data content and the second data content are both semi-structured data, determining whether a security problem exists when the server side processes the target message based on the similarity between the data structure of the first data content and the data structure of the second data content; and
and in response to that the first data content and the second data content are both unstructured data, determining whether a security problem exists when the server side processes the target packet or not based on the similarity between the hash value of the first data content and the hash value of the second data content.
10. A test apparatus, comprising:
the first acquisition module is used for acquiring a target message sent by a client to a server, wherein the target message comprises a plurality of character-type data, and the character-type data represent the message characteristics of the target message;
the first determining module is used for determining a test scene based on the message characteristics of the target message;
the second determining module is used for determining a test message according to the test scene and the target message;
the sending module is used for sending the test message to the server so that the server can process the test message to obtain a test result; and
and the third determining module is used for determining whether the server side has a safety problem when processing the target message or not based on the test result.
11. A test apparatus, comprising:
one or more processors;
a storage device for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-9.
12. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method of any one of claims 1 to 9.
CN202010193829.3A 2020-03-18 2020-03-18 Test method, test device, test apparatus, and medium Active CN111414305B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010193829.3A CN111414305B (en) 2020-03-18 2020-03-18 Test method, test device, test apparatus, and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010193829.3A CN111414305B (en) 2020-03-18 2020-03-18 Test method, test device, test apparatus, and medium

Publications (2)

Publication Number Publication Date
CN111414305A true CN111414305A (en) 2020-07-14
CN111414305B CN111414305B (en) 2023-03-28

Family

ID=71491194

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010193829.3A Active CN111414305B (en) 2020-03-18 2020-03-18 Test method, test device, test apparatus, and medium

Country Status (1)

Country Link
CN (1) CN111414305B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113032792A (en) * 2021-04-12 2021-06-25 中国移动通信集团陕西有限公司 System service vulnerability detection method, system, equipment and storage medium
CN113114681A (en) * 2021-04-13 2021-07-13 中国工商银行股份有限公司 Test message processing method, device, computer system and readable storage medium
CN115442284A (en) * 2022-08-22 2022-12-06 绿盟科技集团股份有限公司 System and method for testing equipment
WO2023093702A1 (en) * 2021-11-25 2023-06-01 华为技术有限公司 Network measurement method and related apparatus

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101648969B1 (en) * 2015-08-03 2016-08-18 주식회사아이오에이솔루션 Server and method for testing based on captured messages
CN109474578A (en) * 2018-10-17 2019-03-15 平安健康保险股份有限公司 Message method of calibration, device, computer equipment and storage medium
CN110377522A (en) * 2019-07-22 2019-10-25 中国工商银行股份有限公司 The test method for scene of trading, calculates equipment and medium at device
CN110414242A (en) * 2019-08-02 2019-11-05 中国工商银行股份有限公司 For detecting the method, apparatus, equipment and medium of service logic loophole

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101648969B1 (en) * 2015-08-03 2016-08-18 주식회사아이오에이솔루션 Server and method for testing based on captured messages
CN109474578A (en) * 2018-10-17 2019-03-15 平安健康保险股份有限公司 Message method of calibration, device, computer equipment and storage medium
CN110377522A (en) * 2019-07-22 2019-10-25 中国工商银行股份有限公司 The test method for scene of trading, calculates equipment and medium at device
CN110414242A (en) * 2019-08-02 2019-11-05 中国工商银行股份有限公司 For detecting the method, apparatus, equipment and medium of service logic loophole

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113032792A (en) * 2021-04-12 2021-06-25 中国移动通信集团陕西有限公司 System service vulnerability detection method, system, equipment and storage medium
CN113032792B (en) * 2021-04-12 2023-09-19 中国移动通信集团陕西有限公司 System business vulnerability detection method, system, equipment and storage medium
CN113114681A (en) * 2021-04-13 2021-07-13 中国工商银行股份有限公司 Test message processing method, device, computer system and readable storage medium
CN113114681B (en) * 2021-04-13 2022-09-06 中国工商银行股份有限公司 Test message processing method, device, computer system and readable storage medium
WO2023093702A1 (en) * 2021-11-25 2023-06-01 华为技术有限公司 Network measurement method and related apparatus
CN115442284A (en) * 2022-08-22 2022-12-06 绿盟科技集团股份有限公司 System and method for testing equipment
CN115442284B (en) * 2022-08-22 2023-06-09 绿盟科技集团股份有限公司 System and method for testing equipment

Also Published As

Publication number Publication date
CN111414305B (en) 2023-03-28

Similar Documents

Publication Publication Date Title
CN111414305B (en) Test method, test device, test apparatus, and medium
CN113574838B (en) System and method for filtering internet traffic through client fingerprint
US11762974B2 (en) Single sign-on solution using blockchain
EP3497609B1 (en) Detecting scripted or otherwise anomalous interactions with social media platform
JP6476339B6 (en) System and method for monitoring, controlling, and encrypting per-document information on corporate information stored on a cloud computing service (CCS)
US11886958B2 (en) Automated data extraction and adaptation
CN103679031B (en) A kind of immune method and apparatus of file virus
CN110413908A (en) The method and apparatus classified based on web site contents to uniform resource locator
US20210203692A1 (en) Phishing detection using uniform resource locators
CN111931188B (en) Vulnerability testing method and system in login scene
CN109831459B (en) Method, device, storage medium and terminal equipment for secure access
US20210203690A1 (en) Phishing detection using certificates associated with uniform resource locators
US20210203693A1 (en) Phishing detection based on modeling of web page content
CN110636038A (en) Account number analysis method, account number analysis device, security gateway and system
CN111404937B (en) Method and device for detecting server vulnerability
CN115361450B (en) Request information processing method, apparatus, electronic device, medium, and program product
US11257090B2 (en) Message processing platform for automated phish detection
CN113709136A (en) Access request verification method and device
US20210203691A1 (en) Malware and phishing detection and mediation platform
WO2021133592A1 (en) Malware and phishing detection and mediation platform
US20230336586A1 (en) System and Method for Surfacing Cyber-Security Threats with a Self-Learning Recommendation Engine
CN112070500B (en) Block chain payment processing method based on digital financial service and cloud computing center
US20230065787A1 (en) Detection of phishing websites using machine learning
WO2023285833A1 (en) Methods and systems for efficient manual quality control
CN115150122A (en) Data processing method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant