CN112416768A - Interactive security vulnerability detection method, system, device and readable storage medium - Google Patents
Interactive security vulnerability detection method, system, device and readable storage medium Download PDFInfo
- Publication number
- CN112416768A CN112416768A CN202011318384.3A CN202011318384A CN112416768A CN 112416768 A CN112416768 A CN 112416768A CN 202011318384 A CN202011318384 A CN 202011318384A CN 112416768 A CN112416768 A CN 112416768A
- Authority
- CN
- China
- Prior art keywords
- security vulnerability
- http request
- uniform identifier
- security
- detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3684—Test management for test design, e.g. generating new test cases
Abstract
The invention discloses an interactive security weakness detection method, a system, a device and a readable storage medium, wherein the method comprises the following steps: 1) a client sends an HTTP request, wherein a uniform identifier corresponding to a test case is added in the HTTP request; 2) the server side receives the HTTP request and carries out corresponding service processing so as to send corresponding information to the detection side; 3) the detection end carries out safety detection on the code running process during the function test according to the information sent by the server end; 4) when the security vulnerability is detected, acquiring the uniform identifier in the HTTP request and establishing the corresponding relation between the security vulnerability and the uniform identifier. The invention can position which test case the detected security weakness appears by executing, and further can carry out rapid verification after the security weakness is repaired.
Description
Technical Field
The invention relates to the technical field of computers, in particular to an interactive security weakness detection method, system and device and a readable storage medium.
Background
In the current software test, the test case is used as the execution and detection standard of the test when the test is implemented, guides the implementation of the test behavior, and quantifies the mode of the test process. Typically, a full-function test of a product needs to be covered by hundreds or thousands of test cases. The problem detected by the conventional function test is usually associated with a certain test case, so that the test range during verification can be quickly defined after the problem is repaired, and the effect of quick verification is achieved.
The interactive security vulnerability detection tool is generally used for automatically detecting security vulnerabilities, i.e. vulnerabilities in general, in this case, the detection performed by the background, the security problem is reported automatically in the automatic detection process, the operation of the functional test is continuously carried out at the front end, so that the detected safety problem is difficult to be positioned to the case which is executed by the functional test, and subsequently, if the safety problem is developed and repaired, the tester cannot verify whether the problem is correctly repaired by accurately executing a specific test case, and multiple or even all test cases must be executed again to verify the problem, so that a large amount of labor and time cost is wasted, and the difficulty in implementing the verification process of the security weakness is high.
Disclosure of Invention
The invention aims to provide an interactive security weakness detection method, system, device and readable storage medium, which can locate which test case the detected security weakness appears when the detected security weakness is executed, and can further perform rapid verification after the security weakness is repaired.
In order to achieve the above object, the present invention provides an interactive security vulnerability detection method, which comprises the following steps:
1) a client sends an HTTP request, wherein a uniform identifier corresponding to a test case is added in the HTTP request;
2) the server side receives the HTTP request and carries out corresponding service processing so as to send corresponding information to the detection side;
3) the detection end carries out safety detection on the code running process during the function test according to the information sent by the server end;
4) when the security vulnerability is detected, acquiring the uniform identifier in the HTTP request and establishing the corresponding relation between the security vulnerability and the uniform identifier.
Specifically, after the step 4), the method further comprises the following steps: and the detection end sends the corresponding relation between the security weak point and the uniform identifier to the server end for storage.
Specifically, after the detecting end sends the correspondence between the security weak point and the uniform identifier to the server end for storage, the method further includes:
and sending the corresponding relation between the security weak point and the uniform identifier to a display end.
In order to achieve the above object, the present invention further provides an interactive security vulnerability detection method, which includes the following steps:
1) carrying out safety detection on a code running process during function test according to an HTTP request of a client, wherein a uniform identifier corresponding to a test case is added in the HTTP request;
2) when the security vulnerability is detected, acquiring the uniform identifier in the HTTP request and establishing the corresponding relation between the security vulnerability and the uniform identifier.
Specifically, after the step 2), the method further comprises the following steps: and sending the corresponding relation between the security weak point and the uniform identifier to the server side.
To achieve the above object, the present invention further provides an interactive security vulnerability detection system, comprising:
the detection module is used for carrying out safety detection on a code running process during function test according to an HTTP request of a client, wherein a uniform identifier corresponding to a test case is added in the HTTP request;
and the acquisition module is used for acquiring the uniform identifier in the HTTP request and establishing the corresponding relation between the security weakness and the uniform identifier when the security weakness is detected.
Specifically, the interactive security vulnerability detection system further comprises:
and the sending module is used for sending the corresponding relation between the security weakness and the uniform identifier to the server side.
In order to achieve the above object, the present invention further provides an interactive security vulnerability detection apparatus, including:
a processor;
a memory having stored therein executable instructions of the processor;
wherein the processor is configured to perform the interactive security vulnerability detection method as described above via execution of the executable instructions.
To achieve the above object, the present invention also provides a readable storage medium having a program stored thereon, which when executed by a processor, implements the interactive security vulnerability detection method as described above.
Compared with the prior art, the uniform identifier corresponding to the test case is added in the HTTP request sent during the function test, and when the security weakness is detected, the detection end can acquire the uniform identifier in the HTTP request and establish the corresponding relation between the security weakness and the uniform identifier. Therefore, when the security weakness is detected, which test case is used for executing the security weakness can be accurately positioned, and after the security weakness is repaired, the test case can be directly used for verification, the verification mode is simple and quick, a large amount of labor, time and cost can be saved, and the current situation that the current security weakness is difficult to verify after being repaired is solved.
Drawings
Fig. 1 is a flowchart of an interactive security vulnerability detection method according to an embodiment of the present invention.
Fig. 2 is a flowchart of an interactive security vulnerability detection method according to another embodiment of the present invention.
Fig. 3 is a schematic block diagram of an interactive security vulnerability detection system in accordance with an embodiment of the present invention.
Fig. 4 is another schematic block diagram of an interactive security vulnerability detection system, in accordance with an embodiment of the present invention.
Fig. 5 is a schematic block diagram of an interactive security vulnerability detection apparatus according to an embodiment of the present invention.
Detailed Description
In order to explain technical contents, structural features, and objects and effects of the present invention in detail, the following detailed description is given with reference to the accompanying drawings in conjunction with the embodiments.
Example one
Referring to fig. 1, the present invention discloses an interactive security vulnerability detection method, which includes the following steps:
101. the client sends an HTTP request, and a uniform identifier (such as 'CASE _ ID: test _ 00001') corresponding to the test CASE is added in the HTTP request. The "uniform identifier" in the present invention refers to an identifier unique to each test case. In a conventional functional test or automation script, each test CASE has a corresponding number (e.g., "CASE _ ID"), which can be used as a uniform identifier of the test CASE.
102. And the server side receives the HTTP request and performs corresponding service processing to send corresponding information to the detection side.
103. And the detection end carries out safety detection on the code running process during the function test according to the information sent by the server end.
104. When the security vulnerability is detected, the uniform identifier in the HTTP request is obtained, and the corresponding relation between the security vulnerability and the uniform identifier is established.
The improvement of the invention lies in that: adding a uniform identifier corresponding to the test case into the HTTP request, and establishing a corresponding relation between the uniform identifier and the security vulnerability when the security vulnerability is detected. The specific detection method and the specific transmission method of information are known to those skilled in the art, and the detailed description of the present invention is omitted here.
The interactive security vulnerability detection method adds the uniform identifier corresponding to the test case in the HTTP request sent during the function test, and when the security vulnerability is detected, the detection end can acquire the uniform identifier in the HTTP request and establish the corresponding relationship between the security vulnerability and the uniform identifier. Therefore, when the security weakness is detected, which test case is used for executing the security weakness can be accurately positioned, and after the security weakness is repaired, the test case can be directly used for verification, the verification mode is simple and quick, a large amount of labor, time and cost can be saved, and the current situation that the current security weakness is difficult to verify after being repaired is solved.
Specifically, after step 104, the method further includes: and the detection end sends the corresponding relation between the security weak point and the uniform identifier to the server end for storage.
Specifically, after the detecting end sends the correspondence between the security weak point and the uniform identifier to the server end for storage, the method further includes:
and sending the corresponding relation between the security weak point and the uniform identifier to a display end.
By means of the technical means, the testing personnel can conveniently check the detection condition of the installation weakness.
Example two
Referring to fig. 2, the present invention discloses an interactive security vulnerability detection method, which includes the following steps:
201. carrying out safety detection on a code running process during function test according to an HTTP request of a client, wherein a uniform identifier corresponding to a test case is added in the HTTP request;
202. when the security vulnerability is detected, the uniform identifier in the HTTP request is obtained, and the corresponding relation between the security vulnerability and the uniform identifier is established.
When the interactive security weakness detection method detects security weakness, the detection end can acquire the uniform identifier preset in the HTTP request and establish the corresponding relation between the security weakness and the uniform identifier. Therefore, when the security weakness is detected, which test case is used for executing the security weakness can be accurately positioned, and after the security weakness is repaired, the test case can be directly used for verification, the verification mode is simple and quick, a large amount of labor, time and cost can be saved, and the current situation that the current security weakness is difficult to verify after being repaired is solved.
Specifically, after step 202, the method further includes: and sending the corresponding relation between the security weak point and the uniform identifier to a server side.
EXAMPLE III
Referring to fig. 3, the present invention also discloses an interactive security vulnerability detection system, which includes:
the detection module 300 is configured to perform security detection on a code running process during a function test according to an HTTP request of a client, where a uniform identifier corresponding to a test case is added to the HTTP request;
an obtaining module 400, configured to, when a security vulnerability is detected, obtain the uniform identifier in the HTTP request and establish a correspondence between the security vulnerability and the uniform identifier.
When the interactive security vulnerability detection system detects security vulnerabilities, the uniform identifiers preset in HTTP requests are obtained, and the corresponding relation between the security vulnerabilities and the uniform identifiers is established. Therefore, when the security weakness is detected, which test case is used for executing the security weakness can be accurately positioned, and after the security weakness is repaired, the test case can be directly used for verification, the verification mode is simple and quick, a large amount of labor, time and cost can be saved, and the current situation that the current security weakness is difficult to verify after being repaired is solved.
Referring to fig. 4, in particular, the interactive security vulnerability detection system further includes:
a sending module 500, configured to send the correspondence between the security vulnerability and the uniform identifier to the server.
Example four
Referring to fig. 2 and 5, the present invention discloses an interactive security vulnerability detection apparatus, which includes:
a processor 60;
a memory 70 having stored therein executable instructions of the processor 60;
wherein the processor 60 is configured to perform the interactive security vulnerability detection method as described in embodiment two via execution of executable instructions.
EXAMPLE five
Referring to fig. 2, the present invention discloses a readable storage medium, on which a program is stored, and the program, when executed by a processor, implements the method for detecting the interactive security vulnerability according to the second embodiment.
The above disclosure is only a preferred embodiment of the present invention, and should not be taken as limiting the scope of the invention, so that the appended claims are intended to cover all such modifications and changes as fall within the true spirit of the invention.
Claims (9)
1. An interactive security vulnerability detection method, characterized by comprising the steps of:
1) a client sends an HTTP request, wherein a uniform identifier corresponding to a test case is added in the HTTP request;
2) the server side receives the HTTP request and carries out corresponding service processing so as to send corresponding information to the detection side;
3) the detection end carries out safety detection on the code running process during the function test according to the information sent by the server end;
4) when the security vulnerability is detected, acquiring the uniform identifier in the HTTP request and establishing the corresponding relation between the security vulnerability and the uniform identifier.
2. The interactive security vulnerability detection method of claim 1, characterized in that after step 4), further comprising: and the detection end sends the corresponding relation between the security weak point and the uniform identifier to the server end for storage.
3. The interactive security vulnerability detection method of claim 2, wherein after the detecting end sends the correspondence between the security vulnerability and the uniform identifier to the server-side storage, further comprising:
and sending the corresponding relation between the security weak point and the uniform identifier to a display end.
4. An interactive security vulnerability detection method, characterized by comprising the steps of:
1) carrying out safety detection on a code running process during function test according to an HTTP request of a client, wherein a uniform identifier corresponding to a test case is added in the HTTP request;
2) when the security vulnerability is detected, acquiring the uniform identifier in the HTTP request and establishing the corresponding relation between the security vulnerability and the uniform identifier.
5. The interactive security vulnerability detection method of claim 1, after step 2), further comprising: and sending the corresponding relation between the security weak point and the uniform identifier to the server side.
6. An interactive security vulnerability detection system, comprising:
the detection module is used for carrying out safety detection on a code running process during function test according to an HTTP request of a client, wherein a uniform identifier corresponding to a test case is added in the HTTP request;
and the acquisition module is used for acquiring the uniform identifier in the HTTP request and establishing the corresponding relation between the security weakness and the uniform identifier when the security weakness is detected.
7. The interactive security vulnerability detection system of claim 6, further comprising:
and the sending module is used for sending the corresponding relation between the security weakness and the uniform identifier to the server side.
8. An interactive security vulnerability detection apparatus, comprising:
a processor;
a memory having stored therein executable instructions of the processor;
wherein the processor is configured to perform the interactive security vulnerability detection method of claim 4 or 5 via execution of the executable instructions.
9. A readable storage medium on which a program is stored, the program, when executed by a processor, implementing the interactive security vulnerability detection method of claim 4 or 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011318384.3A CN112416768A (en) | 2020-11-20 | 2020-11-20 | Interactive security vulnerability detection method, system, device and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011318384.3A CN112416768A (en) | 2020-11-20 | 2020-11-20 | Interactive security vulnerability detection method, system, device and readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112416768A true CN112416768A (en) | 2021-02-26 |
Family
ID=74778233
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011318384.3A Pending CN112416768A (en) | 2020-11-20 | 2020-11-20 | Interactive security vulnerability detection method, system, device and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112416768A (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103020529A (en) * | 2012-10-31 | 2013-04-03 | 中国航天科工集团第二研究院七○六所 | Software vulnerability analytical method based on scene model |
| US20150058680A1 (en) * | 2011-12-16 | 2015-02-26 | Codenomicon Oy | Network-based testing service and method of testing in a network |
| CN105204985A (en) * | 2014-06-23 | 2015-12-30 | 腾讯科技(深圳)有限公司 | Vulnerability detection method and device |
| CN106126417A (en) * | 2016-06-17 | 2016-11-16 | 深圳开源互联网安全技术有限公司 | Interactive application safety detecting method and system thereof |
| CN106302337A (en) * | 2015-05-22 | 2017-01-04 | 腾讯科技(深圳)有限公司 | leak detection method and device |
| CN109062794A (en) * | 2018-07-24 | 2018-12-21 | 北京奇艺世纪科技有限公司 | A kind of the determination method, apparatus and electronic equipment of software evaluating result |
| CN109947654A (en) * | 2019-03-28 | 2019-06-28 | 上海连尚网络科技有限公司 | The method and apparatus automatically updated for test case library |
| CN111859375A (en) * | 2020-07-20 | 2020-10-30 | 百度在线网络技术(北京)有限公司 | Vulnerability detection method and device, electronic equipment and storage medium |
-
2020
- 2020-11-20 CN CN202011318384.3A patent/CN112416768A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150058680A1 (en) * | 2011-12-16 | 2015-02-26 | Codenomicon Oy | Network-based testing service and method of testing in a network |
| CN103020529A (en) * | 2012-10-31 | 2013-04-03 | 中国航天科工集团第二研究院七○六所 | Software vulnerability analytical method based on scene model |
| CN105204985A (en) * | 2014-06-23 | 2015-12-30 | 腾讯科技(深圳)有限公司 | Vulnerability detection method and device |
| CN106302337A (en) * | 2015-05-22 | 2017-01-04 | 腾讯科技(深圳)有限公司 | leak detection method and device |
| CN106126417A (en) * | 2016-06-17 | 2016-11-16 | 深圳开源互联网安全技术有限公司 | Interactive application safety detecting method and system thereof |
| CN109062794A (en) * | 2018-07-24 | 2018-12-21 | 北京奇艺世纪科技有限公司 | A kind of the determination method, apparatus and electronic equipment of software evaluating result |
| CN109947654A (en) * | 2019-03-28 | 2019-06-28 | 上海连尚网络科技有限公司 | The method and apparatus automatically updated for test case library |
| CN111859375A (en) * | 2020-07-20 | 2020-10-30 | 百度在线网络技术(北京)有限公司 | Vulnerability detection method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110058998B (en) | Software testing method and device | |
| CN111211929A (en) | Fault positioning method, fault positioning device, control equipment and intelligent equipment | |
| CN111813696A (en) | Application testing method, device and system and electronic equipment | |
| CN112380542A (en) | Internet of things firmware vulnerability mining method and system based on error scene generation | |
| CN106972983B (en) | Automatic testing device and method for network interface | |
| CN113407458B (en) | Interface testing method and device, electronic equipment and computer readable medium | |
| CN113132522A (en) | Test method, device, server and medium | |
| CN110691090B (en) | Website detection method, device, equipment and storage medium | |
| CN112416768A (en) | Interactive security vulnerability detection method, system, device and readable storage medium | |
| CN111221727A (en) | Test method, test device, electronic equipment and computer readable medium | |
| US20200028733A1 (en) | Method and apparatus for processing information | |
| CN112948195B (en) | Interface testing method, device, electronic equipment and storage medium | |
| CN111666200A (en) | Testing method and terminal for time consumption of cold start of PC software | |
| CN115373984A (en) | Code coverage rate determining method and device | |
| CN115373929A (en) | Test method, device, equipment, readable storage medium and program product | |
| CN112615848B (en) | Vulnerability repair state detection method and system | |
| CN107645727B (en) | Method and device for testing base station | |
| CN114793181A (en) | WAF (Wireless Access Filter) interception rule base testing method and device, electronic equipment and storage medium | |
| CN109783263B (en) | Method and system for processing aging test fault of server | |
| CN111880958A (en) | Zero terminal self-checking method and device | |
| CN112363908A (en) | Asynchronous interface test method, system, electronic device and storage medium | |
| CN113037526A (en) | Security detection method, terminal, system and storage medium | |
| CN110896540A (en) | Mobile internet client security assessment tool, method, computer device and storage medium | |
| CN109214223B (en) | Method and instrument for testing sensitivity of electronic tag reader-writer and storage medium | |
| CN115250291B (en) | Parameter data verification method, device, equipment and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |