CN111488287A - 注入漏洞测试用例的生成方法、装置、介质及电子设备 - Google Patents
注入漏洞测试用例的生成方法、装置、介质及电子设备 Download PDFInfo
- Publication number
- CN111488287A CN111488287A CN202010301315.5A CN202010301315A CN111488287A CN 111488287 A CN111488287 A CN 111488287A CN 202010301315 A CN202010301315 A CN 202010301315A CN 111488287 A CN111488287 A CN 111488287A
- Authority
- CN
- China
- Prior art keywords
- test case
- features
- constraint
- feature
- constraint relation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012360 testing method Methods 0.000 title claims abstract description 210
- 238000002347 injection Methods 0.000 title claims abstract description 114
- 239000007924 injection Substances 0.000 title claims abstract description 114
- 238000000034 method Methods 0.000 title claims abstract description 41
- 238000004590 computer program Methods 0.000 claims description 9
- 238000012545 processing Methods 0.000 description 14
- 230000004044 response Effects 0.000 description 12
- 238000010586 diagram Methods 0.000 description 8
- 238000001514 detection method Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000007792 addition Methods 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000000354 decomposition reaction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000035515 penetration Effects 0.000 description 1
- 238000005215 recombination Methods 0.000 description 1
- 230000006798 recombination Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000000243 solution Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3684—Test management for test design, e.g. generating new test cases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Quality & Reliability (AREA)
- Computing Systems (AREA)
- Debugging And Monitoring (AREA)
- Test And Diagnosis Of Digital Computers (AREA)
- Testing Electric Properties And Detecting Electric Faults (AREA)
Abstract
Description
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010301315.5A CN111488287B (zh) | 2020-04-16 | 2020-04-16 | 注入漏洞测试用例的生成方法、装置、介质及电子设备 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010301315.5A CN111488287B (zh) | 2020-04-16 | 2020-04-16 | 注入漏洞测试用例的生成方法、装置、介质及电子设备 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111488287A true CN111488287A (zh) | 2020-08-04 |
CN111488287B CN111488287B (zh) | 2023-05-16 |
Family
ID=71798788
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010301315.5A Active CN111488287B (zh) | 2020-04-16 | 2020-04-16 | 注入漏洞测试用例的生成方法、装置、介质及电子设备 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111488287B (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113515748A (zh) * | 2021-05-20 | 2021-10-19 | 云账户技术(天津)有限公司 | 一种检测sql注入的方法及装置 |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101894237A (zh) * | 2010-08-03 | 2010-11-24 | 南开大学 | 应用遗传算法自动生成xss跨站点脚本漏洞检测参数的方法 |
CN102136051A (zh) * | 2011-05-06 | 2011-07-27 | 南开大学 | 一种应用SGM-SQL注入模型驱动web应用渗透测试的方法 |
CN102592084A (zh) * | 2011-12-27 | 2012-07-18 | 奇智软件(北京)有限公司 | 一种漏洞修复客户端逻辑的测试方法及系统 |
CN103780614A (zh) * | 2014-01-21 | 2014-05-07 | 金华比奇网络技术有限公司 | 一种基于模拟攻击扩展的sql注入漏洞挖掘方法 |
CN104391793A (zh) * | 2014-11-27 | 2015-03-04 | 中国联合网络通信集团有限公司 | 测试步骤及测试脚本生成方法及装置 |
CN106354638A (zh) * | 2016-08-29 | 2017-01-25 | 广州唯品会信息科技有限公司 | 基于词法分析的自动测试方法及装置 |
CN108256334A (zh) * | 2018-01-26 | 2018-07-06 | 平安科技(深圳)有限公司 | 漏洞测试方法、装置、计算机设备和存储介质 |
CN109902002A (zh) * | 2019-02-14 | 2019-06-18 | 浙江口碑网络技术有限公司 | 组合测试用例的生成方法及装置、存储介质、计算机设备 |
US20190220387A1 (en) * | 2018-01-15 | 2019-07-18 | Fujitsu Limited | Unexplored branch search in hybrid fuzz testing of software binaries |
CN110543421A (zh) * | 2019-08-31 | 2019-12-06 | 华南理工大学 | 基于测试用例自动生成算法的单元测试自动执行方法 |
-
2020
- 2020-04-16 CN CN202010301315.5A patent/CN111488287B/zh active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101894237A (zh) * | 2010-08-03 | 2010-11-24 | 南开大学 | 应用遗传算法自动生成xss跨站点脚本漏洞检测参数的方法 |
CN102136051A (zh) * | 2011-05-06 | 2011-07-27 | 南开大学 | 一种应用SGM-SQL注入模型驱动web应用渗透测试的方法 |
CN102592084A (zh) * | 2011-12-27 | 2012-07-18 | 奇智软件(北京)有限公司 | 一种漏洞修复客户端逻辑的测试方法及系统 |
CN103780614A (zh) * | 2014-01-21 | 2014-05-07 | 金华比奇网络技术有限公司 | 一种基于模拟攻击扩展的sql注入漏洞挖掘方法 |
CN104391793A (zh) * | 2014-11-27 | 2015-03-04 | 中国联合网络通信集团有限公司 | 测试步骤及测试脚本生成方法及装置 |
CN106354638A (zh) * | 2016-08-29 | 2017-01-25 | 广州唯品会信息科技有限公司 | 基于词法分析的自动测试方法及装置 |
US20190220387A1 (en) * | 2018-01-15 | 2019-07-18 | Fujitsu Limited | Unexplored branch search in hybrid fuzz testing of software binaries |
CN108256334A (zh) * | 2018-01-26 | 2018-07-06 | 平安科技(深圳)有限公司 | 漏洞测试方法、装置、计算机设备和存储介质 |
CN109902002A (zh) * | 2019-02-14 | 2019-06-18 | 浙江口碑网络技术有限公司 | 组合测试用例的生成方法及装置、存储介质、计算机设备 |
CN110543421A (zh) * | 2019-08-31 | 2019-12-06 | 华南理工大学 | 基于测试用例自动生成算法的单元测试自动执行方法 |
Non-Patent Citations (1)
Title |
---|
练坤梅;许静;田伟;张莹;: "SQL注入漏洞多等级检测方法研究" * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113515748A (zh) * | 2021-05-20 | 2021-10-19 | 云账户技术(天津)有限公司 | 一种检测sql注入的方法及装置 |
Also Published As
Publication number | Publication date |
---|---|
CN111488287B (zh) | 2023-05-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Wassermann et al. | Sound and precise analysis of web applications for injection vulnerabilities | |
Halfond et al. | Preventing SQL injection attacks using AMNESIA | |
US10177996B2 (en) | System and method for validating documentation of representational state transfer (REST) services | |
Trinh et al. | S3: A symbolic string solver for vulnerability detection in web applications | |
US7849509B2 (en) | Detection of security vulnerabilities in computer programs | |
CN110225029B (zh) | 注入攻击检测方法、装置、服务器及存储介质 | |
Yu et al. | Revisiting the description-to-behavior fidelity in android applications | |
WO2019144548A1 (zh) | 安全测试方法、装置、计算机设备和存储介质 | |
CN109062965B (zh) | 大数据分析系统、服务器、数据处理方法和存储介质 | |
US11947976B2 (en) | System and method for semantic metadata extensions in API governance using validation rulesets | |
Zhuo et al. | Long short‐term memory on abstract syntax tree for SQL injection detection | |
US11620179B1 (en) | Method, apparatus, device, storage medium and program product for log information processing | |
CN111709026A (zh) | 静态安全检测方法、装置、计算机设备和存储介质 | |
CN111488287B (zh) | 注入漏洞测试用例的生成方法、装置、介质及电子设备 | |
US20180314683A1 (en) | Method and device for processing natural language | |
US20080022353A1 (en) | Framework to simplify security engineering | |
CA3203549A1 (en) | Unified verification method, device, equipment and storage medium | |
CN110647749A (zh) | 一种二阶sql注入攻击防御的方法 | |
Lin et al. | HW-V2W-Map: Hardware Vulnerability to Weakness Mapping Framework for Root Cause Analysis with GPT-assisted Mitigation Suggestion | |
CN113672233B (zh) | 一种基于Redfish的服务器带外管理方法、装置及设备 | |
CN115033451A (zh) | 数据生成方法、数据处理方法、装置、电子设备及介质 | |
Ren et al. | Verification using counterexample fragment based specification relaxation: case of modular/concurrent linear hybrid automata | |
CN111459793B (zh) | 一种全生命周期的软件自动化测试方法和装置 | |
JP7315023B2 (ja) | ルール生成装置およびルール生成プログラム | |
US10515219B2 (en) | Determining terms for security test |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20210202 Address after: No.38, Tongyan Road, Haihe Education Park, Jinnan District, Tianjin Applicant after: NANKAI University Applicant after: STATE GRID TIANJIN ELECTRIC POWER Co. Applicant after: STATE GRID CORPORATION OF CHINA Address before: No.38, Tongyan Road, Haihe Education Park, Jinnan District, Tianjin Applicant before: NANKAI University Applicant before: STATE GRID TIANJIN ELECTRIC POWER Co. |
|
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20240220 Address after: 300384 No. 8, Haitai Huake 4th Road, Binhai New Area, Tianjin Patentee after: ELECTRIC POWER SCIENCE & RESEARCH INSTITUTE OF STATE GRID TIANJIN ELECTRIC POWER Co. Country or region after: China Patentee after: STATE GRID TIANJIN ELECTRIC POWER Co. Patentee after: STATE GRID CORPORATION OF CHINA Patentee after: NANKAI University Address before: No.38, Tongyan Road, Haihe Education Park, Jinnan District, Tianjin Patentee before: NANKAI University Country or region before: China Patentee before: STATE GRID TIANJIN ELECTRIC POWER Co. Patentee before: STATE GRID CORPORATION OF CHINA |